From: David Tolnay <dtolnay@gmail.com>
To: James Bottomley <James.Bottomley@HansenPartnership.com>
Cc: Peter Huewe <peterhuewe@gmx.de>,
Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>,
Jason Gunthorpe <jgg@ziepe.ca>,
linux-integrity@vger.kernel.org,
"Michael S. Tsirkin" <mst@redhat.com>,
Jason Wang <jasowang@redhat.com>,
virtualization@lists.linux-foundation.org, dgreid@chromium.org,
apronin@chromium.org
Subject: Re: [PATCH] tpm: Add driver for TPM over virtio
Date: Fri, 22 Feb 2019 16:45:37 -0800 [thread overview]
Message-ID: <a36fb1a3-3a5b-d849-0dec-87f394e7a86a@gmail.com> (raw)
In-Reply-To: <1550873900.2787.25.camel@HansenPartnership.com>
On 2/22/19 2:18 PM, James Bottomley wrote:
> On Fri, 2019-02-22 at 14:00 -0800, David Tolnay wrote:
>> On 2/22/19 7:30 AM, James Bottomley wrote:
>>> On Thu, 2019-02-21 at 18:14 -0800, David Tolnay wrote:
>>>> Add a config TCG_VIRTIO_VTPM which enables a driver providing the
>>>> guest kernel side of TPM over virtio.
>>>
>>> What's the use case for using this over the current non-virtio
>>> vTPM?. I always thought virtio was about guest to host transport
>>> efficiency, but the phsical TPM, being connected over a very slow
>>> bus, is about as inefficient as you can get in that regard, so why
>>> do we need to use virtio to drive the virtual one?
>>>
>>>> Use case: TPM support is needed for performing trusted work from
>>>> within a virtual machine launched by Chrome OS.
>>>
>>> The current vTPM does this, what's the use case for your special
>>> one?
>>
>> Thanks James, these are important questions and the intention
>> certainly isn't to have another driver that does the same thing with
>> differences for no reason.
>>
>> I see three existing vTPM drivers already in drivers/char/tpm.
>>
>> - tpm_ibmvtpm, which is specific to PowerPC and implemented in terms
>> of PowerPC hcalls.
>>
>> - xen-tpmfront, which is specific to Xen.
>>
>> - tpm_vtpm_proxy, which as I understand it is intended to enable
>> userspace TPM.
>> That is, if we are using this driver in a guest kernel, the TPM
>> implementation
>> also needs to reside in the guest kernel rather than in the
>> hypervisor.
>>
>> For our use case which is not PowerPC and is running in our own
>> hypervisor with the TPM needing to be provided by the hypervisor,
>> none of the existing vTPM drivers seemed to fit the bill.
>>
>> Please let me know if I arrived at the wrong conclusion on this!
>
> Actually, yes, your third statement is not wholly correct: The in-
> kernel vTPM proxy can certainly be used to emulate a TPM within a guest
> for that guest to use without any support from the hypervisor.
> However, when you have the correct qemu (requires a recent one), the
> vTPM emulator can run in the host (or hypervisor) and be passed through
> to the guest. The best description of how to do that seems to be this
> blog entry:
>
> https://s3hh.wordpress.com/2018/06/03/tpm-2-0-in-qemu/
>
> So won't this mode of operation exactly work for you (obviously with
> necessary modifications to the crosvm hypervisor)?
I appreciate the explanation and link, James!
I had briefly investigated the existing support in QEMU before
pursuing a virtio based driver. At the time, I determined that QEMU
implements a register level emulation of a TPM rather than what our
team would consider a minimum viable vTPM. It implements the
TPM-specific TIS interface (QEMU's tpm_tis.c) as well as CRB
interface (QEMU's tpm_crb.c) which require Linux's TIS driver
(Linux's tpm_tis.c) and CRB driver (Linux's tpm_crb.c) respectively.
Both of those are based on ACPI.
As far as I can tell, QEMU does not provide a mode in which the
tpm_vtpm_proxy driver would be involved *in the guest*. Certainly
you could use a vtpm proxy driver *on the host* but would still need
some other TPM driver running in the guest for communication with
the host, possibly virtio. If this second approach is what you have
in mind, let me know but I don't think it is applicable to the
Chrome OS use case.
Clearly it's possible for us to go the QEMU route and implement ACPI
(which crosvm does not otherwise need) plus one or both of TIS and
CRB in crosvm, but since all we need is for TPM command buffers to
leave the VM and TPM response buffers to enter the VM, all of that
seems unnecessarily complicated. A virtio driver substantially
lowers the barrier to implementing a hypervisor vTPM.
Separately, I'd be curious whether you share Jason Gunthorpe's
opinion stated elsewhere in the thread, or whether you would
encourage the virtio TPM driver to be kept private if feasible
alternative drivers already exist. Jason's comment:
> We already have a xen 'virtioish' TPM driver, so I don't think there
> is a good reason to block a virtio driver if someone cares about
> it. There are enough good reasons to prefer virtio to other options,
> IMHO.
Best,
David
next prev parent reply other threads:[~2019-02-23 0:45 UTC|newest]
Thread overview: 49+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-02-22 2:14 [PATCH] tpm: Add driver for TPM over virtio David Tolnay
2019-02-22 5:51 ` Michael S. Tsirkin
2019-02-22 21:40 ` David Tolnay
2019-02-22 22:24 ` Michael S. Tsirkin
2019-02-23 1:23 ` David Tolnay
2019-02-25 9:58 ` Jarkko Sakkinen
2019-02-22 10:26 ` Jarkko Sakkinen
2019-02-22 15:23 ` Michael S. Tsirkin
2019-02-22 19:31 ` Jarkko Sakkinen
2019-02-22 19:33 ` Jarkko Sakkinen
2019-02-22 21:25 ` Michael S. Tsirkin
2019-02-22 21:50 ` Jarkko Sakkinen
2019-02-22 22:24 ` David Tolnay
2019-02-22 22:36 ` Jarkko Sakkinen
2019-02-22 23:05 ` Michael S. Tsirkin
2019-02-24 9:33 ` Jarkko Sakkinen
2019-02-22 20:55 ` Michael S. Tsirkin
2019-02-22 21:30 ` Jarkko Sakkinen
2019-02-22 10:30 ` Jarkko Sakkinen
2019-02-22 15:30 ` James Bottomley
2019-02-22 21:16 ` Michael S. Tsirkin
2019-02-22 21:31 ` Jason Gunthorpe
2019-02-22 21:59 ` Jarkko Sakkinen
2019-02-22 22:07 ` Michael S. Tsirkin
2019-02-22 22:14 ` Jarkko Sakkinen
2019-02-22 22:00 ` David Tolnay
2019-02-22 22:18 ` James Bottomley
2019-02-23 0:45 ` David Tolnay [this message]
2019-02-23 1:34 ` James Bottomley
2019-02-23 2:41 ` David Tolnay
2019-02-24 16:30 ` James Bottomley
2019-02-24 17:51 ` Jarkko Sakkinen
2019-02-24 22:12 ` David Tolnay
2019-02-25 9:55 ` Jarkko Sakkinen
2019-02-25 15:36 ` James Bottomley
2019-02-25 19:17 ` Matthew Garrett
2019-02-25 19:54 ` Jarkko Sakkinen
2019-02-25 20:20 ` James Bottomley
2019-02-25 21:00 ` Matthew Garrett
2019-02-25 21:02 ` Matthew Garrett
2019-02-25 22:14 ` James Bottomley
2019-02-25 22:24 ` Matthew Garrett
2019-02-25 22:32 ` James Bottomley
2019-02-25 22:43 ` Matthew Garrett
2019-02-25 22:51 ` James Bottomley
2019-02-25 23:02 ` Matthew Garrett
2019-02-25 23:09 ` James Bottomley
2019-02-25 21:05 ` Jarkko Sakkinen
2019-02-25 22:24 ` James Bottomley
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=a36fb1a3-3a5b-d849-0dec-87f394e7a86a@gmail.com \
--to=dtolnay@gmail.com \
--cc=James.Bottomley@HansenPartnership.com \
--cc=apronin@chromium.org \
--cc=dgreid@chromium.org \
--cc=jarkko.sakkinen@linux.intel.com \
--cc=jasowang@redhat.com \
--cc=jgg@ziepe.ca \
--cc=linux-integrity@vger.kernel.org \
--cc=mst@redhat.com \
--cc=peterhuewe@gmx.de \
--cc=virtualization@lists.linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).