Message ID | 20221219131344.18909-1-jejb@linux.ibm.com (mailing list archive) |
---|---|
Headers | show |
Series | tpm: add mssim backend | expand |
On 12/19/22 08:13, James Bottomley wrote: > From: James Bottomley <James.Bottomley@HansenPartnership.com> > > The requested feedback was to convert the tpmdev handler to being json > based, which requires rethreading all the backends. The good news is > this reduced quite a bit of code (especially as I converted it to > error_fatal handling as well, which removes the return status > threading). The bad news is I can't test any of the conversions. > swtpm still isn't building on opensuse and, apparently, passthrough The package seems to be available: https://software.opensuse.org/package/swtpm I'll get to looking at this in more depth once I am back in office. Stefan > doesn't like my native TPM because it doesn't allow cancellation. > > v3 pulls out more unneeded code in the visitor conversion, makes > migration work on external state preservation of the simulator and > adds documentation > > James > > --- > > James Bottomley (2): > tpm: convert tpmdev options processing to new visitor format > tpm: add backend for mssim > > MAINTAINERS | 6 + > backends/tpm/Kconfig | 5 + > backends/tpm/meson.build | 1 + > backends/tpm/tpm_emulator.c | 35 ++--- > backends/tpm/tpm_mssim.c | 264 +++++++++++++++++++++++++++++++++ > backends/tpm/tpm_mssim.h | 43 ++++++ > backends/tpm/tpm_passthrough.c | 37 ++--- > docs/specs/tpm.rst | 35 +++++ > include/sysemu/tpm.h | 4 +- > include/sysemu/tpm_backend.h | 2 +- > monitor/hmp-cmds.c | 11 +- > qapi/tpm.json | 37 ++--- > softmmu/tpm.c | 90 +++++------ > softmmu/vl.c | 19 +-- > 14 files changed, 449 insertions(+), 140 deletions(-) > create mode 100644 backends/tpm/tpm_mssim.c > create mode 100644 backends/tpm/tpm_mssim.h >
On Mon, 2022-12-19 at 08:51 -0500, Stefan Berger wrote: > > > On 12/19/22 08:13, James Bottomley wrote: > > From: James Bottomley <James.Bottomley@HansenPartnership.com> > > > > The requested feedback was to convert the tpmdev handler to being > > json based, which requires rethreading all the backends. The good > > news is this reduced quite a bit of code (especially as I converted > > it to error_fatal handling as well, which removes the return status > > threading). The bad news is I can't test any of the conversions. > > swtpm still isn't building on opensuse and, apparently, passthrough > > The package seems to be available: > https://software.opensuse.org/package/swtpm It's not building for any of the platforms I currently have. I think I've tested most of the option processing, though, before it tells me it can't connect. > I'll get to looking at this in more depth once I am back in office. That's great, thanks ... it would certainly be better to test option processing on a working platform. James
On 12/19/22 08:55, James Bottomley wrote: > On Mon, 2022-12-19 at 08:51 -0500, Stefan Berger wrote: >> >> >> On 12/19/22 08:13, James Bottomley wrote: >>> From: James Bottomley <James.Bottomley@HansenPartnership.com> >>> >>> The requested feedback was to convert the tpmdev handler to being >>> json based, which requires rethreading all the backends. The good >>> news is this reduced quite a bit of code (especially as I converted >>> it to error_fatal handling as well, which removes the return status >>> threading). The bad news is I can't test any of the conversions. >>> swtpm still isn't building on opensuse and, apparently, passthrough >> >> The package seems to be available: >> https://software.opensuse.org/package/swtpm > > It's not building for any of the platforms I currently have. You would have to tell me what is failing. I have been building it for several platforms for a while and the build works, including OpenSuSE Tumbleweed: https://app.travis-ci.com/github/stefanberger/swtpm-distro-compile/builds/258769183 There have been issues with what seems to be seccomp policy on 2 of these platforms for a while but this is unrelated to SuSE and build issues -- obviously. Stefan > > I think I've tested most of the option processing, though, before it > tells me it can't connect. > >> I'll get to looking at this in more depth once I am back in office. > > That's great, thanks ... it would certainly be better to test option > processing on a working platform. > > James >
On Mon, 2022-12-19 at 09:15 -0500, Stefan Berger wrote: > > > On 12/19/22 08:55, James Bottomley wrote: > > On Mon, 2022-12-19 at 08:51 -0500, Stefan Berger wrote: > > > > > > > > > On 12/19/22 08:13, James Bottomley wrote: > > > > From: James Bottomley <James.Bottomley@HansenPartnership.com> > > > > > > > > The requested feedback was to convert the tpmdev handler to > > > > being json based, which requires rethreading all the backends. > > > > The good news is this reduced quite a bit of code (especially > > > > as I converted it to error_fatal handling as well, which > > > > removes the return status threading). The bad news is I can't > > > > test any of the conversions. swtpm still isn't building on > > > > opensuse and, apparently, passthrough > > > > > > The package seems to be available: > > > https://software.opensuse.org/package/swtpm > > > > It's not building for any of the platforms I currently have. > > You would have to tell me what is failing. I have been building it > for several platforms for a while and the build works, including > OpenSuSE Tumbleweed: > > > https://app.travis-ci.com/github/stefanberger/swtpm-distro-compile/builds/258769183 > > There have been issues with what seems to be seccomp policy on 2 of > these platforms for a while but this is unrelated to SuSE and build > issues -- obviously. All I know is what the build service says, which is the URL I first pointed you to: https://build.opensuse.org/package/show/security/swtpm I haven't dug into the problem. James
On 12/19/22 08:13, James Bottomley wrote: > From: James Bottomley <James.Bottomley@HansenPartnership.com> > > The requested feedback was to convert the tpmdev handler to being json > based, which requires rethreading all the backends. The good news is > this reduced quite a bit of code (especially as I converted it to > error_fatal handling as well, which removes the return status > threading). The bad news is I can't test any of the conversions. > swtpm still isn't building on opensuse and, apparently, passthrough > doesn't like my native TPM because it doesn't allow cancellation. For passthrough you can use /dev/null in place of the cancel file. Libvirt does that also: https://github.com/stefanberger/libvirt-tpm/blob/master/src/util/virtpm.c#L88 Stefan
On Mon, 2022-12-19 at 10:16 -0500, Stefan Berger wrote: > > > On 12/19/22 08:13, James Bottomley wrote: > > From: James Bottomley <James.Bottomley@HansenPartnership.com> > > > > The requested feedback was to convert the tpmdev handler to being > > json > > based, which requires rethreading all the backends. The good news > > is > > this reduced quite a bit of code (especially as I converted it to > > error_fatal handling as well, which removes the return status > > threading). The bad news is I can't test any of the conversions. > > swtpm still isn't building on opensuse and, apparently, passthrough > > doesn't like my native TPM because it doesn't allow cancellation. > > For passthrough you can use /dev/null in place of the cancel file. > Libvirt does that also: > > https://github.com/stefanberger/libvirt-tpm/blob/master/src/util/virtpm.c#L88 OK, so passthrough works with the visitor conversion. If /dev/null is the default for no cancel path, the backend shouldn't really beat the end user up about not specifying it if it can't find the cancel path for the chosen host TPM. James
From: James Bottomley <James.Bottomley@HansenPartnership.com> The requested feedback was to convert the tpmdev handler to being json based, which requires rethreading all the backends. The good news is this reduced quite a bit of code (especially as I converted it to error_fatal handling as well, which removes the return status threading). The bad news is I can't test any of the conversions. swtpm still isn't building on opensuse and, apparently, passthrough doesn't like my native TPM because it doesn't allow cancellation. v3 pulls out more unneeded code in the visitor conversion, makes migration work on external state preservation of the simulator and adds documentation James --- James Bottomley (2): tpm: convert tpmdev options processing to new visitor format tpm: add backend for mssim MAINTAINERS | 6 + backends/tpm/Kconfig | 5 + backends/tpm/meson.build | 1 + backends/tpm/tpm_emulator.c | 35 ++--- backends/tpm/tpm_mssim.c | 264 +++++++++++++++++++++++++++++++++ backends/tpm/tpm_mssim.h | 43 ++++++ backends/tpm/tpm_passthrough.c | 37 ++--- docs/specs/tpm.rst | 35 +++++ include/sysemu/tpm.h | 4 +- include/sysemu/tpm_backend.h | 2 +- monitor/hmp-cmds.c | 11 +- qapi/tpm.json | 37 ++--- softmmu/tpm.c | 90 +++++------ softmmu/vl.c | 19 +-- 14 files changed, 449 insertions(+), 140 deletions(-) create mode 100644 backends/tpm/tpm_mssim.c create mode 100644 backends/tpm/tpm_mssim.h