From nobody Sun Aug 20 17:52:43 2023 X-Original-To: virtualization@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4RTNVx6Gnjz4qW6m for ; Sun, 20 Aug 2023 17:52:57 +0000 (UTC) (envelope-from meka@tilda.center) Received: from c3po.tilda.center (c3po.tilda.center [108.61.164.129]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4RTNVw46gQz4dqy for ; Sun, 20 Aug 2023 17:52:56 +0000 (UTC) (envelope-from meka@tilda.center) Authentication-Results: mx1.freebsd.org; dkim=pass header.d=tilda.center header.s=c3po header.b=sYQaDIFB; spf=pass (mx1.freebsd.org: domain of meka@tilda.center designates 108.61.164.129 as permitted sender) smtp.mailfrom=meka@tilda.center; dmarc=pass (policy=reject) header.from=tilda.center Received: from [192.168.111.178] (meka.rs [109.93.255.137]) by c3po.tilda.center (Postfix) with ESMTPSA id BE39724187 for ; Sun, 20 Aug 2023 19:50:18 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tilda.center; s=c3po; t=1692553819; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=b4XbUeOOJ696AjnidN1eztF6KfIHM0bc0lSWtKPj7S8=; b=sYQaDIFBT6klw+92xNGYd6sIB7AjQuk4dwJ4mlom5lGBUnH/0uT0b1RavQXYjRRlJtM6vU Ysx7zAoB864QITO3D1YDCU6AvW52zt36LJrfZReqZQRSZkGUz9FiT2ookfze68gc/QrXVq QhiTTBaBkKu5lpJbrT5yzeke+E7axmw= Message-ID: <4cf9b819-2a41-8bc1-16a7-60a1eac04e28@tilda.center> Date: Sun, 20 Aug 2023 19:52:43 +0200 List-Id: Discussion List-Archive: https://lists.freebsd.org/archives/freebsd-virtualization List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-virtualization@freebsd.org X-BeenThere: freebsd-virtualization@freebsd.org MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:102.0) Gecko/20100101 Thunderbird/102.14.0 Subject: Re: Sudden need for bhyve TPM Emulation... willing to port swtpm? To: virtualization@freebsd.org References: <662af723-de9f-36d9-c960-ef08379ca26e@callfortesting.org> <1d4e6558-0c56-5758-d87e-e9bf4aacc0a5@tilda.center> <85ee3beda055c5bc9fae26c07247fe0cea1458e9.camel@FreeBSD.org> <2f1539fc-f8b2-2ec5-9c68-c60f68e66c0e@tilda.center> <2c1205c0fc48e8c6ac103d3f3ca0c722a7cd3c6e.camel@FreeBSD.org> <06ae27b6-7a38-ff73-8d9b-70b6be517ccc@tilda.center> <82499999351da778ffb9735f76ecc5d522305273.camel@FreeBSD.org> <2d2f8c74-47d0-ebb1-154f-3aab68d8a084@tilda.center> Content-Language: en-US From: =?UTF-8?Q?Goran_Meki=c4=87?= In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-Spamd-Result: default: False [-2.90 / 15.00]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; SUBJECT_ENDS_QUESTION(1.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_SHORT(-1.00)[-1.000]; DMARC_POLICY_ALLOW(-0.50)[tilda.center,reject]; R_DKIM_ALLOW(-0.20)[tilda.center:s=c3po]; R_SPF_ALLOW(-0.20)[+mx]; MIME_GOOD(-0.10)[text/plain]; ONCE_RECEIVED(0.10)[]; TO_DN_NONE(0.00)[]; ARC_NA(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; RCVD_TLS_ALL(0.00)[]; ASN(0.00)[asn:20473, ipnet:108.61.164.0/22, country:US]; PREVIOUSLY_DELIVERED(0.00)[virtualization@freebsd.org]; RCVD_COUNT_ONE(0.00)[1]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; MLMMJ_DEST(0.00)[virtualization@freebsd.org]; MID_RHS_MATCH_FROM(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; DKIM_TRACE(0.00)[tilda.center:+]; RCVD_VIA_SMTP_AUTH(0.00)[] X-Spamd-Bar: -- X-Rspamd-Queue-Id: 4RTNVw46gQz4dqy On 8/19/23 17:27, Goran Mekić wrote: > On 8/19/23 10:27, Goran Mekić wrote: >>>> With updated port there's also support for CUSE, which would allow >>>> swtpm >>>> to be used with pass-through. The problem is that socket and CUSE >>>> have >>>> problems which I described in upstream issue: >>>> https://github.com/stefanberger/swtpm/issues/820. If there are any >>>> suggestions how to fix that fuse error, I'd like to hear them and try >>>> and fix it. >>>> >>>> Regards, >>>> meka >> >> Hello, >> >> I was wrong. Linux CUSE is extension of FUSE while FreeBSD CUSE has >> totally different implementation, so it can not be used by swtpm. As >> swtpm has control and server channels, I suppose we need both. To >> start both: >> >> # swtpm socket --tpmstate dir=/tmp/mytpm1 --ctrl >> type=unixio,path=/tmp/mytpm1/ctrl --tpm2 --log level=20 --server >> type=unixio,path=/tmp/mytpm1/server >> >> Now to initialize it one should run >> >> # swtpm_ioctl --unix /tmp/mytpm1/swtpm-sock -i >> >> If -i is replaced with --stop, swtpm is stopped. Now if I understand >> correctly, init function of bhyve should do -i, deinit should do >> --stop. If that's correct, I will start implementing init and for now >> ignore deinit. As swtpm is BSD licenced, I think it is OK for us to >> reuse parts of swtpm_ioctl code. Anyway, if I'm wrong about anything, >> please point it out. >> >> Regards, >> meka >> >> > I managed to initialize the swtpm by butchering swtpm_ioctl code and > creating this: https://bsd.to/Dq7c. I know that for bhyve it's not > viable to include from port, but at this point I just want to make > some progress and then I'll see how to properly do it. As swtpm is > BSD-3-Clause licensed, we should probably import it to base, but I'll > worry about that part when at least something starts working. > > Regards, > meka > > To make it easier to progress, I created repository for my TPM playground: https://github.com/mekanix/tpmplay. The code currently somewhat resembles tpm_emul_passthru.c. It implements init, deinit and ctrlcmd. I'm confused a bit because swtpm has two sockets, one for control one for data. Looking at tpm_emul_passthru.c I can see one fd is used for all commands. If I'm correct, TSS is used for data channel: https://github.com/stefanberger/swtpm/wiki/Using-the-IBM-TSS-with-swtpm#socket-interface. How come pass-through doesn't have ctrl/data channels? Regards, meka