From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([140.186.70.92]:40538) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1RAKMz-0003FW-Pb for qemu-devel@nongnu.org; Sun, 02 Oct 2011 07:38:10 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1RAKMy-0006Rx-OJ for qemu-devel@nongnu.org; Sun, 02 Oct 2011 07:38:09 -0400 Received: from mx1.redhat.com ([209.132.183.28]:12237) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1RAKMy-0006Rq-Br for qemu-devel@nongnu.org; Sun, 02 Oct 2011 07:38:08 -0400 Date: Sun, 2 Oct 2011 13:38:37 +0200 From: "Michael S. Tsirkin" Message-ID: <20111002113835.GH30747@redhat.com> References: <20110928132255.156431784@linux.vnet.ibm.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20110928132255.156431784@linux.vnet.ibm.com> Subject: Re: [Qemu-devel] [PATCH V11 0/5] Qemu Trusted Platform Module (TPM) integration List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Stefan Berger Cc: serge@hallyn.com, qemu-devel@nongnu.org, anbang.ruan@cs.ox.ac.uk, andreas.niederl@iaik.tugraz.at On Wed, Sep 28, 2011 at 09:22:55AM -0400, Stefan Berger wrote: > The following series of patches adds TPM (Trusted Platform Module) support > to Qemu. An emulator for the TIS (TPM Interface Spec) interface is > added that provides the basis for accessing a 'backend' implementing the actual > TPM functionality. The TIS emulator serves as a 'frontend' enabling for > example Linux's TPM TIS (tpm_tis) driver. > > In this series I am posting a backend implementation that makes use of the > host's TPM through a passthrough driver, which on Linux is accessed > using /dev/tpm0. Looks pretty clean, ACK to patches 1-4. The passthrough mode is quite easy to misuse, though most of the problem is in the hardware, not on our side. I'm still trying to think of a good way to warn users about the pitfalls with that. Disabling by default in configure, unless explictly required, is certainly one way. And/or, let's rename it 'assigned' mode to resemble the name of another fragile qemu feature :) Only half joking ... > > v11: > - applies to checkout of 46f3069 (Sep 28) > - some filing on the documentation > - small nits fixed > > v10: > - applies to checkout of 1ce9ce6 (Sep 27) > - addressed Michael Tsirkin's comments on v9 > > v9: > - addressed Michael Tsirkin's and other reviewers' comments > - only posting Andreas Niederl's passthrough driver as the backend driver > > v8: > - applies to checkout of f0fb8b7 (Aug 30) > - fixing compilation error pointed out by Andreas Niederl > - adding patch that allows to feed an initial state into the libtpms TPM > - following memory API changes (glib) where necessary > > v7: > - applies to checkout of b9c6cbf (Aug 9) > - measuring the modules if multiboot is used > - coding style fixes > > v6: > - applies to checkout of 75ef849 (July 2nd) > - some fixes and improvements to existing patches; see individual patches > - added a patch with a null driver responding to all TPM requests with > a response indicating failure; this backend has no dependencies and > can alwayy be built; > - added a patch to support the hashing of kernel, ramfs and command line > if those were passed to Qemu using -kernel, -initrd and -append > respectively. Measurements are taken, logged, and passed to SeaBIOS using > the firmware interface. > - libtpms revision 7 now requires 83kb of block storage due to having more > NVRAM space > > v5: > - applies to checkout of 1fddfba1 > - adding support for split command line using the -tpmdev ... -device ... > options while keeping the -tpm option > - support for querying the device models using -tpm model=? > - support for monitor 'info tpm' > - adding documentation of command line options for man page and web page > - increasing room for ACPI tables that qemu reserves to 128kb (from 64kb) > - adding (experimental) support for block migration > - adding (experimental) support for taking measurements when kernel, > initrd and kernel command line are directly passed to Qemu > > v4: > - applies to checkout of d2d979c6 > - more coding style fixes > - adding patch for supporting blob encryption (in addition to the existing > QCoW2-level encryption) > - this allows for graceful termination of a migration if the target > is detected to have a wrong key > - tested with big and little endian hosts > - main thread releases mutex while checking for work to do on behalf of > backend > - introducing file locking (fcntl) on the block layer for serializing access > to shared (QCoW2) files (used during migration) > > v3: > - Building a null driver at patch 5/8 that responds to all requests > with an error response; subsequently this driver is transformed to the > libtpms-based driver for real TPM functionality > - Reworked the threading; dropped the patch for qemu_thread_join; the > main thread synchronizing with the TPM thread termination may need > to write data to the block storage while waiting for the thread to > terminate; did not previously show a problem but is safer > - A lot of testing based on recent git checkout 4b4a72e5 (4/10): > - migration of i686 VM from x86_64 host to i686 host to ppc64 host while > running tests inside the VM > - tests with S3 suspend/resume > - tests with snapshots > - multiple-hour tests with VM suspend/resume (using virsh save/restore) > while running a TPM test suite inside the VM > All tests passed; [not all of them were done on the ppc64 host] > > v2: > - splitting some of the patches into smaller ones for easier review > - fixes in individual patches > > Regards, > Stefan >