TPM emulator driver status

TPM emulator driver status

[David Howells]

Hi Peter, Jarkko,

Is the TPM emulator likely to go upstream at any point?  Or is it waiting for
some sort of update?

Thanks,
David

------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140

Re: TPM emulator driver status

[Ken Goldman]

On 1/13/2016 8:39 AM, David Howells wrote:
> Hi Peter, Jarkko,
>
> Is the TPM emulator likely to go upstream at any point?  Or is it waiting for
> some sort of update?

I'm not Peter or Jarkko, but I maintain the TPM emulator for both TPM 
1.2 and TPM 2.0.

TPM 1.2 is very stable.  The changes in the last 5 years have been 
minor.  More tracing, spelling errors in comments, etc.

TPM 2.0 is functional, but lacks the maturity and stability of the 1.2 
code.  I do track the 2.0 specification updates.



------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140

Re: TPM emulator driver status

[Stefan Berger]

[-- Attachment #1.1: Type: text/plain, Size: 1481 bytes --]

David Howells <dhowells-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org> wrote on 01/13/2016 08:39:42 AM:

> 
> Hi Peter, Jarkko,
> 
> Is the TPM emulator likely to go upstream at any point?  Or is it 
waiting for
> some sort of update?

David, 

I wrote a driver for support of (v)TPM for containers. It has ioctl's for 
creating and deleting of pairs of devices where one device is used by 
clients and the other end is used by a TPM emulator to listen for 
commands. The client device can be 'moved' in the container, meaning a 
device node with the same major/minor numbers is created inside a 
container.  Any number of such device pairs can be create. Does this 
driver sound like it would provide more functionality than yours and would 
it address your use case as well?

   Stefan


> 
> Thanks,
> David
> 
> 
------------------------------------------------------------------------------
> Site24x7 APM Insight: Get Deep Visibility into Application Performance
> APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
> Monitor end-to-end web transactions and take corrective actions now
> Troubleshoot faster and improve end-user experience. Signup Now!
> http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
> _______________________________________________
> tpmdd-devel mailing list
> tpmdd-devel-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org
> https://lists.sourceforge.net/lists/listinfo/tpmdd-devel
> 



[-- Attachment #1.2: Type: text/html, Size: 2043 bytes --]

[-- Attachment #2: Type: text/plain, Size: 413 bytes --]

------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140

[-- Attachment #3: Type: text/plain, Size: 192 bytes --]

_______________________________________________
tpmdd-devel mailing list
tpmdd-devel-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org
https://lists.sourceforge.net/lists/listinfo/tpmdd-devel

Re: TPM emulator driver status

[Jarkko Sakkinen]

Hi David,

On Wed, Jan 13, 2016 at 01:39:42PM +0000, David Howells wrote:
> Hi Peter, Jarkko,
> 
> Is the TPM emulator likely to go upstream at any point?  Or is it waiting for
> some sort of update?

Saw Kens response and to make sure that we are talking about the same
thing we are probably speaking about your patches that currently reside
over here:

https://github.com/PeterHuewe/linux-tpmdd/commits/tpm-emulator

and not about anything that actually emulates directly a TPM.

These are my concerns:

* Should be probably broken into two patches with include/linux/wait.h
  modifications residing in a separate commit.
* Should the module be renamed as something else than tpm_user_emul?
  It's not a TPM emulator but more like a proxy.
* I have to admit that I haven't deeply dived into functionality that
  vTPM provides. What does it provide exactly? Does this overlap?

> Thanks,
> David

/Jarkko

------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140

Re: TPM emulator driver status

[David Howells]

Jarkko Sakkinen <jarkko.sakkinen-VuQAYsv1563Yd54FQh9/CA@public.gmane.org> wrote:

> > Is the TPM emulator likely to go upstream at any point?  Or is it waiting
> > for some sort of update?
> 
> Saw Kens response

Ken?  Do you mean Stefan?  Or have I missed something?

> and to make sure that we are talking about the same thing we are probably
> speaking about your patches that currently reside over here:
> 
> https://github.com/PeterHuewe/linux-tpmdd/commits/tpm-emulator

Yes.

> and not about anything that actually emulates directly a TPM.

Sorry, you're right: it's an interface across to a userspace TPM.

> These are my concerns:
> 
> * Should be probably broken into two patches with include/linux/wait.h
>   modifications residing in a separate commit.

That would be fine.

> * Should the module be renamed as something else than tpm_user_emul?
>   It's not a TPM emulator but more like a proxy.

tpm_user_proxy maybe?

> * I have to admit that I haven't deeply dived into functionality that
>   vTPM provides. What does it provide exactly? Does this overlap?

That I can't answer at this point without looking into it.

David

------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140

Re: TPM emulator driver status

[David Howells]

Stefan Berger <stefanb-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org> wrote:

> I wrote a driver for support of (v)TPM for containers. It has ioctl's for
> creating and deleting of pairs of devices where one device is used by clients
> and the other end is used by a TPM emulator to listen for commands. The client
> device can be 'moved' in the container, meaning a device node with the same
> major/minor numbers is created inside a container. Any number of such device
> pairs can be create. Does this driver sound like it would provide more
> functionality than yours and would it address your use case as well?

Maybe.  Is it accessible through the /dev/tpm<N> just like a h/w tpm?  And can
it be accessed by in-kernel services that use a tpm?

David

------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140

Re: TPM emulator driver status

[Stefan Berger]

[-- Attachment #1.1: Type: text/plain, Size: 3327 bytes --]

David Howells <dhowells-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org> wrote on 01/14/2016 08:45:10 AM:


> Stefan Berger <stefanb-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org> wrote:
> 
> > I wrote a driver for support of (v)TPM for containers. It has ioctl's 
for
> > creating and deleting of pairs of devices where one device is usedby 
clients
> > and the other end is used by a TPM emulator to listen for 
> commands. The client
> > device can be 'moved' in the container, meaning a device node with the 
same
> > major/minor numbers is created inside a container. Any number of such 
device
> > pairs can be create. Does this driver sound like it would provide more
> > functionality than yours and would it address your use case as well?
> 
> Maybe.  Is it accessible through the /dev/tpm<N> just like a h/w tpm? 
And can
> it be accessed by in-kernel services that use a tpm?

Yes to all of the questions.

The primary target is integration with namespaced IMA and making vTPMs 
available to each namespaced IMA. However, having the vTPM hooked up to 
IMA is an extra ioctl that has to be issued at the right moment 
(essentially before clone()) and is not necessary except for container 
use-cases. So let me explain how the basic part works.

Using an ioctl, a new device pair is spawned. The core TPM device driver 
creates /dev/vtpmcX (with X = 0...), which is just another name for 
/dev/tpm0. I gave it a different name to be able to distinguish the 
potentially many drivers from h/w tpm /dev/tpmZ (Z = 0...). Also a backend 
is created by that driver, with a device called /dev/vtpmsY (Y = 0...) . 
One places a software TPM emulator on this one and have it listen for 
commands that are sent into /dev/vtpmcX. If there's no software TPM 
listening on that device, all commands sent to the backend will receive a 
-EIO.  So we have this connected device pair /dev/vtpmsY and /dev/vtpmcX, 
a server and a client side. Another ioctl can delete the device pair 
unless the backend is busy.

The above is added by a first series of patches. I can post them today. 
Subsequent patches would add support for hooking the device pair to IMA 
namespace...

So there's no device pair unless someone was to issue the ioctl. Then 
kernel services would be able to find the device using 
tpm_chip_find_get(int chip_num) and call the normal APIs to send TPM 
command, though shouldn't do that before the swtpm has been started to 
listen on the server side, otherwise they will get -EIO's.

There's a function call that could probably also create such a device pair 
during kernel startup or maybe conditionally if no hardware device is 
available. Preferably we would leave this up to user space to handle this 
via the ioctl.

A TPM device that I have been using for this setup is here :

https://github.com/stefanberger/swtpm

swtpm chardev --tpmstate dir=<dir> -c /dev/vtpms1 [other options] can be 
used to start a TPM emulator listening for commands on /dev/vtpmsY. Since 
the TPM emulator behave just like a h/w TPM, one still needs to simulate 
the BIOS initialization of the TPM using the tool swtpm_bios run on 
/dev/vtpmcX.


So I don't want to hold things up, but maybe this driver addresses your 
use case as well.

   Stefan


> 
> David
> 



[-- Attachment #1.2: Type: text/html, Size: 3943 bytes --]

[-- Attachment #2: Type: text/plain, Size: 413 bytes --]

------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140

[-- Attachment #3: Type: text/plain, Size: 192 bytes --]

_______________________________________________
tpmdd-devel mailing list
tpmdd-devel-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org
https://lists.sourceforge.net/lists/listinfo/tpmdd-devel

Re: TPM emulator driver status

[Peter Huewe]

Hi David,

> Gesendet: Mittwoch, 13. Januar 2016 um 05:39 Uhr
> Von: "David Howells" <dhowells-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
> An: "Peter Huewe" <peterhuewe-Mmb7MZpHnFY@public.gmane.org>, "Jarkko Sakkinen" <jarkko.sakkinen-VuQAYsv1563Yd54FQh9/CA@public.gmane.org>
> Cc: dhowells-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org, dwmw2-wEGCiKHe2LqWVfeAwA7xHQ@public.gmane.org, tpmdd-devel-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org, keyrings-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
> Betreff: TPM emulator driver status
> Hi Peter, Jarkko,
> 
> Is the TPM emulator likely to go upstream at any point? Or is it waiting for
> some sort of update?
> 

you mean the tpm user emul driver you wrote a while ago?
Didn't we decide to not upstream it?

Honestly I'm lacking a bit behind on rebasing it on the latest tree.

But maybe it makes sense (e.g. for testing) to upstream it and mark it developers only. 


Peter

------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140

Re: TPM emulator driver status

[Peter Huewe]

Hi Ken,

> Gesendet: Mittwoch, 13. Januar 2016 um 06:35 Uhr
> Von: "Ken Goldman" <kgoldman-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
> An: tpmdd-devel-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org
> Betreff: Re: [tpmdd-devel] TPM emulator driver status
> On 1/13/2016 8:39 AM, David Howells wrote:
> > Hi Peter, Jarkko,
> >
> > Is the TPM emulator likely to go upstream at any point? Or is it waiting for
> > some sort of update?
> 
> I'm not Peter or Jarkko, but I maintain the TPM emulator for both TPM
> 1.2 and TPM 2.0.
> 
> TPM 1.2 is very stable. The changes in the last 5 years have been
> minor. More tracing, spelling errors in comments, etc.
> 
> TPM 2.0 is functional, but lacks the maturity and stability of the 1.2
> code. I do track the 2.0 specification updates.

What are you exactly refering to? Urls?
David meant the kernel code probably.



Thanks,
Peter

------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140

Re: TPM emulator driver status

[Peter Huewe]

> Gesendet: Donnerstag, 14. Januar 2016 um 06:58 Uhr
> Von: "Stefan Berger" <stefanb-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
> An: "David Howells" <dhowells-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
> Cc: dwmw2-wEGCiKHe2LqWVfeAwA7xHQ@public.gmane.org, "Jarkko Sakkinen" <jarkko.sakkinen-VuQAYsv1563Yd54FQh9/CA@public.gmane.org>, keyrings-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, "Peter Huewe" <peterhuewe-Mmb7MZpHnFY@public.gmane.org>, tpmdd-devel-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org
> Betreff: Re: [tpmdd-devel] TPM emulator driver status
> David Howells <dhowells-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org> wrote on 01/14/2016 08:45:10 AM:
> 
> 
> > Stefan Berger <stefanb-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org> wrote:
> >
> > > I wrote a driver for support of (v)TPM for containers. It has ioctl's for
> > > creating and deleting of pairs of devices where one device is usedby clients
> > > and the other end is used by a TPM emulator to listen for
> > commands. The client
> > > device can be 'moved' in the container, meaning a device node with the same
> > > major/minor numbers is created inside a container. Any number of such device
> > > pairs can be create. Does this driver sound like it would provide more
> > > functionality than yours and would it address your use case as well?
> >
> > Maybe.  Is it accessible through the /dev/tpm<N> just like a h/w tpm?  And can
> > it be accessed by in-kernel services that use a tpm?
> 
> Yes to all of the questions.
> 
> The primary target is integration with namespaced IMA and making vTPMs available to each namespaced IMA. However, having the vTPM hooked up to IMA is an extra ioctl that has to be issued at the right moment (essentially before clone()) and is not necessary except for container use-cases. So let me explain how the basic part works.
> 
> Using an ioctl, a new device pair is spawned. The core TPM device driver creates /dev/vtpmcX (with X = 0...), which is just another name for /dev/tpm0. I gave it a different name to be able to distinguish the potentially many drivers from h/w tpm /dev/tpmZ (Z = 0...). Also a backend is created by that driver, with a device called /dev/vtpmsY (Y = 0...) . One places a software TPM emulator on this one and have it listen for commands that are sent into /dev/vtpmcX. If there's no software TPM listening on that device, all commands sent to the backend will receive a -EIO.  So we have this connected device pair /dev/vtpmsY and /dev/vtpmcX, a server and a client side. Another ioctl can delete the device pair unless the backend is busy.
> 
> The above is added by a first series of patches. I can post them today. Subsequent patches would add support for hooking the device pair to IMA namespace...
> 
> So there's no device pair unless someone was to issue the ioctl. Then kernel services would be able to find the device using tpm_chip_find_get(int chip_num) and call the normal APIs to send TPM command, though shouldn't do that before the swtpm has been started to listen on the server side, otherwise they will get -EIO's.
> 
> There's a function call that could probably also create such a device pair during kernel startup or maybe conditionally if no hardware device is available. Preferably we would leave this up to user space to handle this via the ioctl.
> 
> A TPM device that I have been using for this setup is here :
> 
> https://github.com/stefanberger/swtpm
> 
> swtpm chardev --tpmstate dir=<dir> -c /dev/vtpms1 [other options] can be used to start a TPM emulator listening for commands on /dev/vtpmsY. Since the TPM emulator behave just like a h/w TPM, one still needs to simulate the BIOS initialization of the TPM using the tool swtpm_bios run on /dev/vtpmcX.
> 


Hmm, interesting.

I like David's driver since it is super simple to use, and works with the old Strasser's TPM Emulator for 1.2 and with the Microsoft TPM Simulator for 2.0.

Have you tested one or the other with your approach?

I'm not 100% sure about the different name for the tpm emulation, as quite some software relies on the /dev/tpmZ naming - e.g. for testing it would be good to not be able to distinguish them.
So I have the exact same runs on machines with a emulated tpm and with a real hw one.
BUT on the other hand I think it's good to distinguish both (somehow, maybe a sysfs attribute?). 


Honestly I'm lacking a bit behind on the vTPM stuff.
Would this work on a regular x86 machine?


Thanks,
Peter






------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140

Re: TPM emulator driver status

[Stefan Berger]

[-- Attachment #1.1: Type: text/plain, Size: 1044 bytes --]

"Peter Huewe" <PeterHuewe-Mmb7MZpHnFY@public.gmane.org> wrote on 01/14/2016 02:28:14 PM:

> 
> 
> Hmm, interesting.
> 
> I like David's driver since it is super simple to use, and works 
> with the old Strasser's TPM Emulator for 1.2 and with the Microsoft 
> TPM Simulator for 2.0.
> 
> Have you tested one or the other with your approach?

No, I haven't, since we have our of TPM 1.2 implementation. The referenced 
swtpm (and libtpms) projects will at some point be extended with TPM 2.

> 
> I'm not 100% sure about the different name for the tpm emulation, as
> quite some software relies on the /dev/tpmZ naming - e.g. for 
> testing it would be good to not be able to distinguish them.
> So I have the exact same runs on machines with a emulated tpm and 
> with a real hw one.
> BUT on the other hand I think it's good to distinguish both 
> (somehow, maybe a sysfs attribute?). 
> 
> 
> Honestly I'm lacking a bit behind on the vTPM stuff.
> Would this work on a regular x86 machine?

Yes.

   Stefan



[-- Attachment #1.2: Type: text/html, Size: 1342 bytes --]

[-- Attachment #2: Type: text/plain, Size: 413 bytes --]

------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140

[-- Attachment #3: Type: text/plain, Size: 192 bytes --]

_______________________________________________
tpmdd-devel mailing list
tpmdd-devel-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org
https://lists.sourceforge.net/lists/listinfo/tpmdd-devel

Re: TPM emulator driver status

[Jarkko Sakkinen]

On Thu, Jan 14, 2016 at 08:15:46PM +0100, Peter Huewe wrote:
> Hi David,
> 
> > Gesendet: Mittwoch, 13. Januar 2016 um 05:39 Uhr
> > Von: "David Howells" <dhowells-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
> > An: "Peter Huewe" <peterhuewe-Mmb7MZpHnFY@public.gmane.org>, "Jarkko Sakkinen" <jarkko.sakkinen-VuQAYsv1563Yd54FQh9/CA@public.gmane.org>
> > Cc: dhowells-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org, dwmw2-wEGCiKHe2LqWVfeAwA7xHQ@public.gmane.org, tpmdd-devel-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org, keyrings-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
> > Betreff: TPM emulator driver status
> > Hi Peter, Jarkko,
> > 
> > Is the TPM emulator likely to go upstream at any point? Or is it waiting for
> > some sort of update?
> > 
> 
> you mean the tpm user emul driver you wrote a while ago?
> Didn't we decide to not upstream it?
> 
> Honestly I'm lacking a bit behind on rebasing it on the latest tree.
> 
> But maybe it makes sense (e.g. for testing) to upstream it and mark it
> developers only. 

I have also have a faint memory that there was a decision to not
upstream "for now".

> Peter

/Jarkko

------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140

Re: TPM emulator driver status

[Jarkko Sakkinen]

On Thu, Jan 14, 2016 at 01:42:26PM +0000, David Howells wrote:
> Jarkko Sakkinen <jarkko.sakkinen-VuQAYsv1563Yd54FQh9/CA@public.gmane.org> wrote:
> 
> > > Is the TPM emulator likely to go upstream at any point?  Or is it waiting
> > > for some sort of update?
> > 
> > Saw Kens response
> 
> Ken?  Do you mean Stefan?  Or have I missed something?

Ken replied that he was maintaining TPM 1.x and TPM 2.0 emulators but I
guess he was talking about actual user space emulators.

> > and to make sure that we are talking about the same thing we are probably
> > speaking about your patches that currently reside over here:
> > 
> > https://github.com/PeterHuewe/linux-tpmdd/commits/tpm-emulator
> 
> Yes.
> 
> > and not about anything that actually emulates directly a TPM.
> 
> Sorry, you're right: it's an interface across to a userspace TPM.
> 
> > These are my concerns:
> > 
> > * Should be probably broken into two patches with include/linux/wait.h
> >   modifications residing in a separate commit.
> 
> That would be fine.
> 
> > * Should the module be renamed as something else than tpm_user_emul?
> >   It's not a TPM emulator but more like a proxy.
> 
> tpm_user_proxy maybe?

That's much better name (or maybe just tpm_proxy).

> > * I have to admit that I haven't deeply dived into functionality that
> >   vTPM provides. What does it provide exactly? Does this overlap?
> 
> That I can't answer at this point without looking into it.
> 
> David

/Jarkko

------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140