[PATCH v1 1/8] docs: documentation and schema for the new TPM Proxy device

David Gibson david at gibson.dropbear.id.au
Mon May 11 01:24:07 UTC 2020 

On Fri, May 08, 2020 at 06:43:20PM -0400, Stefan Berger wrote:
> On 5/8/20 8:06 AM, Daniel Henrique Barboza wrote:
> > QEMU 4.1.0 introduced a new device type called TPM Proxy, currently
> > implemented by PPC64 guests via a new virtual device called
> > 'spapr-tpm-proxy' (see QEMU 0fb6bd073230 for more info).
> > 
> > The TPM Proxy device interacts with a TPM Resource Manager, a host
> > device capable of multiplexing the host TPM with multiple processes.
> > This allows multiple guests to access some TPM features at the
> > same time. Note that this mode of operation does not provide
> > full TPM features to be available for the guest - for that case
> > the guest still needs to assign a vTPM device (tpm-spapr for
> > PPC64 guests). Although redundant, there is currently no technical
> > limitation for a guest to assign both a vTPM and a TPM Proxy at the
> > same time.
> > 
> > This patch adds documentation and schema for the new TPM Proxy device.
> > An example of a TPM Proxy device connected to a TPM Resource Manager
> > '/dev/tpmrm0' will look like this:
> > 
> >    <tpmproxy model='spapr-tpm-proxy'>
> >      <device path='/dev/tpmrm0'/>
> >    </tpmproxy>
> > 
> > Signed-off-by: Daniel Henrique Barboza <danielhb413 at gmail.com>
> > ---
> >   docs/formatdomain.html.in     | 42 +++++++++++++++++++++++++++++++++++
> >   docs/schemas/domaincommon.rng | 18 +++++++++++++++
> >   2 files changed, 60 insertions(+)
> > 
> > diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in
> > index 23eb029234..650e2a8c6e 100644
> > --- a/docs/formatdomain.html.in
> > +++ b/docs/formatdomain.html.in
> > @@ -8849,6 +8849,48 @@ qemu-kvm -net nic,model=? /dev/null
> >         </dd>
> >       </dl>
> > +    <h4><a id="elementsTpmProxy">TPM Proxy device</a></h4>
> > +
> > +    <p>
> > +      The TPM Proxy device allows a QEMU guest to interact with an
> > +      existing TPM Resource Manager in the host. A TPM Resource Manager
> > +      enables a TPM device to be securely multiplexed across several
> > +      guests. Only one TPM Proxy device is allowed per guest.
> 
> 
> I think you should mention SVMs here and that this is what this extension is
> used for or are there other uses than secure VMs?

Yes, I think talking about PEF secure VMs is a good idea.  This could
theoretically be used for other things, but secure VMs is the only
actual user I know of.

> > +    </p>
> > +    <p>
> > +      A guest using the TPM Proxy device does not have access to all the
> > +      features a TPM device provides. This means that a guest can have both
> > +      a TPM Proxy and a TPM device assigned at the same time.
> 
> 
> And this TPM Proxy device only enables the H_COMM_TPM hypercall rather than
> talking to /dev/tpm(rm)0 inside the SVM. I think this should be clarified
> because otherwise people might confuse it with the passthrough device that
> does expose /dev/tpm0 inside the VM for example.
> 
> 
> > +    </p>
> > +    <p>
> > +      The TPM Proxy device is currently available only for pSeries guests.
> > +      <span class="since">since 6.4.0</span>
> > +    </p>
> > +    <p>
> > +     Example: usage of the TPM Proxy device
> > +    </p>
> > +<pre>
> > +...
> > +<devices>
> > +  <tpmproxy model='spapr-tpm-proxy'>
> > +    <device path='/dev/tpmrm0'/>
> > +  </tpmproxy>
> > +</devices>
> > +...
> > +</pre>
> > +
> > +    <dl>
> > +      <dt><code>model</code></dt>
> > +      <dd>
> > +        <p>
> > +          The <code>model</code> attribute specifies what device
> > +          model QEMU provides to the guest. If no model name is provided,
> > +          <code>spapr-tpm-proxy</code> will automatically be chosen for
> > +          PPC64 architectures.
> > +        </p>
> > +      </dd>
> > +    </dl>
> > +
> >       <h4><a id="elementsNVRAM">NVRAM device</a></h4>
> >       <p>
> >         nvram device is always added to pSeries guest on PPC64, and its address
> > diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng
> > index 9d60b090f3..44bbd92244 100644
> > --- a/docs/schemas/domaincommon.rng
> > +++ b/docs/schemas/domaincommon.rng
> > @@ -4676,6 +4676,23 @@
> >       </optional>
> >     </define>
> > +  <define name="tpmproxy">
> > +    <element name="tpmproxy">
> > +      <optional>
> > +        <attribute name="model">
> > +          <choice>
> > +            <value>spapr-tpm-proxy</value>
> > +          </choice>
> > +        </attribute>
> > +      </optional>
> > +      <element name="device">
> > +        <attribute name="path">
> > +          <ref name="filePath"/>
> > +        </attribute>
> > +      </element>
> > +    </element>
> > +  </define>
> > +
> >     <define name="vsock">
> >       <element name="vsock">
> >         <optional>
> > @@ -5279,6 +5296,7 @@
> >               <ref name="tpm"/>
> >               <ref name="shmem"/>
> >               <ref name="memorydev"/>
> > +            <ref name="tpmproxy"/>
> >             </choice>
> >           </zeroOrMore>
> >           <optional>
> 
> 

-- 
David Gibson			| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au	| minimalist, thank you.  NOT _the_ _other_
				| _way_ _around_!
http://www.ozlabs.org/~dgibson
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20200511/46a638d2/attachment-0001.sig>

More information about the libvir-list mailing list