mbox series

[v3,0/2] tpm: add mssim backend

Message ID 20221219131344.18909-1-jejb@linux.ibm.com (mailing list archive)
Headers show
Series tpm: add mssim backend | expand

Message

James Bottomley Dec. 19, 2022, 1:13 p.m. UTC
From: James Bottomley <James.Bottomley@HansenPartnership.com>

The requested feedback was to convert the tpmdev handler to being json
based, which requires rethreading all the backends.  The good news is
this reduced quite a bit of code (especially as I converted it to
error_fatal handling as well, which removes the return status
threading).  The bad news is I can't test any of the conversions.
swtpm still isn't building on opensuse and, apparently, passthrough
doesn't like my native TPM because it doesn't allow cancellation.

v3 pulls out more unneeded code in the visitor conversion, makes
migration work on external state preservation of the simulator and
adds documentation

James

---

James Bottomley (2):
  tpm: convert tpmdev options processing to new visitor format
  tpm: add backend for mssim

 MAINTAINERS                    |   6 +
 backends/tpm/Kconfig           |   5 +
 backends/tpm/meson.build       |   1 +
 backends/tpm/tpm_emulator.c    |  35 ++---
 backends/tpm/tpm_mssim.c       | 264 +++++++++++++++++++++++++++++++++
 backends/tpm/tpm_mssim.h       |  43 ++++++
 backends/tpm/tpm_passthrough.c |  37 ++---
 docs/specs/tpm.rst             |  35 +++++
 include/sysemu/tpm.h           |   4 +-
 include/sysemu/tpm_backend.h   |   2 +-
 monitor/hmp-cmds.c             |  11 +-
 qapi/tpm.json                  |  37 ++---
 softmmu/tpm.c                  |  90 +++++------
 softmmu/vl.c                   |  19 +--
 14 files changed, 449 insertions(+), 140 deletions(-)
 create mode 100644 backends/tpm/tpm_mssim.c
 create mode 100644 backends/tpm/tpm_mssim.h

Comments

Stefan Berger Dec. 19, 2022, 1:51 p.m. UTC | #1
On 12/19/22 08:13, James Bottomley wrote:
> From: James Bottomley <James.Bottomley@HansenPartnership.com>
> 
> The requested feedback was to convert the tpmdev handler to being json
> based, which requires rethreading all the backends.  The good news is
> this reduced quite a bit of code (especially as I converted it to
> error_fatal handling as well, which removes the return status
> threading).  The bad news is I can't test any of the conversions.
> swtpm still isn't building on opensuse and, apparently, passthrough

The package seems to be available: https://software.opensuse.org/package/swtpm


I'll get to looking at this in more depth once I am back in office.

    Stefan


> doesn't like my native TPM because it doesn't allow cancellation.
> 
> v3 pulls out more unneeded code in the visitor conversion, makes
> migration work on external state preservation of the simulator and
> adds documentation
> 
> James
> 
> ---
> 
> James Bottomley (2):
>    tpm: convert tpmdev options processing to new visitor format
>    tpm: add backend for mssim
> 
>   MAINTAINERS                    |   6 +
>   backends/tpm/Kconfig           |   5 +
>   backends/tpm/meson.build       |   1 +
>   backends/tpm/tpm_emulator.c    |  35 ++---
>   backends/tpm/tpm_mssim.c       | 264 +++++++++++++++++++++++++++++++++
>   backends/tpm/tpm_mssim.h       |  43 ++++++
>   backends/tpm/tpm_passthrough.c |  37 ++---
>   docs/specs/tpm.rst             |  35 +++++
>   include/sysemu/tpm.h           |   4 +-
>   include/sysemu/tpm_backend.h   |   2 +-
>   monitor/hmp-cmds.c             |  11 +-
>   qapi/tpm.json                  |  37 ++---
>   softmmu/tpm.c                  |  90 +++++------
>   softmmu/vl.c                   |  19 +--
>   14 files changed, 449 insertions(+), 140 deletions(-)
>   create mode 100644 backends/tpm/tpm_mssim.c
>   create mode 100644 backends/tpm/tpm_mssim.h
>
James Bottomley Dec. 19, 2022, 1:55 p.m. UTC | #2
On Mon, 2022-12-19 at 08:51 -0500, Stefan Berger wrote:
> 
> 
> On 12/19/22 08:13, James Bottomley wrote:
> > From: James Bottomley <James.Bottomley@HansenPartnership.com>
> > 
> > The requested feedback was to convert the tpmdev handler to being
> > json based, which requires rethreading all the backends.  The good
> > news is this reduced quite a bit of code (especially as I converted
> > it to error_fatal handling as well, which removes the return status
> > threading).  The bad news is I can't test any of the conversions.
> > swtpm still isn't building on opensuse and, apparently, passthrough
> 
> The package seems to be available:
> https://software.opensuse.org/package/swtpm

It's not building for any of the platforms I currently have.

I think I've tested most of the option processing, though, before it
tells me it can't connect.

> I'll get to looking at this in more depth once I am back in office.

That's great, thanks ... it would certainly be better to test option
processing on a working platform.

James
Stefan Berger Dec. 19, 2022, 2:15 p.m. UTC | #3
On 12/19/22 08:55, James Bottomley wrote:
> On Mon, 2022-12-19 at 08:51 -0500, Stefan Berger wrote:
>>
>>
>> On 12/19/22 08:13, James Bottomley wrote:
>>> From: James Bottomley <James.Bottomley@HansenPartnership.com>
>>>
>>> The requested feedback was to convert the tpmdev handler to being
>>> json based, which requires rethreading all the backends.  The good
>>> news is this reduced quite a bit of code (especially as I converted
>>> it to error_fatal handling as well, which removes the return status
>>> threading).  The bad news is I can't test any of the conversions.
>>> swtpm still isn't building on opensuse and, apparently, passthrough
>>
>> The package seems to be available:
>> https://software.opensuse.org/package/swtpm
> 
> It's not building for any of the platforms I currently have.

You would have to tell me what is failing. I have been building it for several platforms for a while and the build works, including OpenSuSE Tumbleweed:


https://app.travis-ci.com/github/stefanberger/swtpm-distro-compile/builds/258769183

There have been issues with what seems to be seccomp policy on 2 of these platforms for a while but this is unrelated to SuSE and build issues -- obviously.

    Stefan

> 
> I think I've tested most of the option processing, though, before it
> tells me it can't connect.
> 
>> I'll get to looking at this in more depth once I am back in office.
> 
> That's great, thanks ... it would certainly be better to test option
> processing on a working platform.
> 
> James
>
James Bottomley Dec. 19, 2022, 2:17 p.m. UTC | #4
On Mon, 2022-12-19 at 09:15 -0500, Stefan Berger wrote:
> 
> 
> On 12/19/22 08:55, James Bottomley wrote:
> > On Mon, 2022-12-19 at 08:51 -0500, Stefan Berger wrote:
> > > 
> > > 
> > > On 12/19/22 08:13, James Bottomley wrote:
> > > > From: James Bottomley <James.Bottomley@HansenPartnership.com>
> > > > 
> > > > The requested feedback was to convert the tpmdev handler to
> > > > being json based, which requires rethreading all the backends. 
> > > > The good news is this reduced quite a bit of code (especially
> > > > as I converted it to error_fatal handling as well, which
> > > > removes the return status threading).  The bad news is I can't
> > > > test any of the conversions. swtpm still isn't building on
> > > > opensuse and, apparently, passthrough
> > > 
> > > The package seems to be available:
> > > https://software.opensuse.org/package/swtpm
> > 
> > It's not building for any of the platforms I currently have.
> 
> You would have to tell me what is failing. I have been building it
> for several platforms for a while and the build works, including
> OpenSuSE Tumbleweed:
> 
> 
> https://app.travis-ci.com/github/stefanberger/swtpm-distro-compile/builds/258769183
> 
> There have been issues with what seems to be seccomp policy on 2 of
> these platforms for a while but this is unrelated to SuSE and build
> issues -- obviously.

All I know is what the build service says, which is the URL I first
pointed you to:

https://build.opensuse.org/package/show/security/swtpm

I haven't dug into the problem.

James
Stefan Berger Dec. 19, 2022, 3:16 p.m. UTC | #5
On 12/19/22 08:13, James Bottomley wrote:
> From: James Bottomley <James.Bottomley@HansenPartnership.com>
> 
> The requested feedback was to convert the tpmdev handler to being json
> based, which requires rethreading all the backends.  The good news is
> this reduced quite a bit of code (especially as I converted it to
> error_fatal handling as well, which removes the return status
> threading).  The bad news is I can't test any of the conversions.
> swtpm still isn't building on opensuse and, apparently, passthrough
> doesn't like my native TPM because it doesn't allow cancellation.

For passthrough you can use /dev/null in place of the cancel file. Libvirt does that also:

https://github.com/stefanberger/libvirt-tpm/blob/master/src/util/virtpm.c#L88

    Stefan
James Bottomley Dec. 19, 2022, 3:21 p.m. UTC | #6
On Mon, 2022-12-19 at 10:16 -0500, Stefan Berger wrote:
> 
> 
> On 12/19/22 08:13, James Bottomley wrote:
> > From: James Bottomley <James.Bottomley@HansenPartnership.com>
> > 
> > The requested feedback was to convert the tpmdev handler to being
> > json
> > based, which requires rethreading all the backends.  The good news
> > is
> > this reduced quite a bit of code (especially as I converted it to
> > error_fatal handling as well, which removes the return status
> > threading).  The bad news is I can't test any of the conversions.
> > swtpm still isn't building on opensuse and, apparently, passthrough
> > doesn't like my native TPM because it doesn't allow cancellation.
> 
> For passthrough you can use /dev/null in place of the cancel file.
> Libvirt does that also:
> 
> https://github.com/stefanberger/libvirt-tpm/blob/master/src/util/virtpm.c#L88

OK, so passthrough works with the visitor conversion.  If /dev/null is
the default for no cancel path, the backend shouldn't really beat the
end user up about not specifying it if it can't find the cancel path
for the chosen host TPM.

James