"Xu, Quan" <quan.xu@intel.com> wrote
on 01/04/2016 08:26:03 PM:
> Date: 01/04/2016 08:26 PM
> Subject: RE: [PATCH v5 0/4] Extend TPM support
with a QEMU-external TPM
>
> On January 04 2016 11:23 PM, <stefanb@us.ibm.com> wrote:
> > The following series of patches extends TPM support with an
> external TPM that
> > offers a Linux CUSE (character device in userspace) interface.
This TPM lets
> > each VM access its own private vTPM.
> > The CUSE TPM supports suspend/resume and migration. Much out-of-band
> > functionality necessary to control the CUSE TPM is implemented
using ioctls.
> >
>
> Stefan,
> it is a good solution. Could you share more about this architecture?
> If you have an existing doc.
The architecture is as follows:
An extern tool (i.e., libvirt) start the CUSE TPM,
which then provides /dev/vtpm-<uuid> for the QEMU VM to talk to.
QEMU receives the open filedescriptor or device name on the command line.
All TPM commands from the guest go right into /dev/vtpm-<uuid> via
read/write() interface, so just like the passthrough. Out-of-band control,
which we need for proper vTPM emualtipon, such as setting the locality,
getting and setting of the state blobs of the vTPM following suspend/resume/snapshotting/migration,
resetting the vTPM following a VM reset, shutdown of the vTPM process following
VM shutdown, is done through the ioctl interface. The ioctl interface is
defined in this file here:
https://github.com/stefanberger/swtpm/blob/master/include/swtpm/tpm_ioctl.h
I do not have an existing doc but the github swtpm
project contains a man page describing the ioctls:
https://github.com/stefanberger/swtpm/blob/master/man/man3/swtpm_ioctls.pod
I hope this helps us to make progress.
Thanks and regards,
Stefan