[PATCH v2 1/8] docs: documentation and schema for the new TPM Proxy model

Stefan Berger stefanb at linux.ibm.com
Wed May 13 16:52:10 UTC 2020


On 5/13/20 12:49 PM, Daniel Henrique Barboza wrote:
>
>
> On 5/13/20 12:45 PM, Stefan Berger wrote:
> [...]
>>
>> I think users need to understand that a pSeries guest will not 
>> benefit from this but only a pSeries guest that is a secure virtual 
>> machine that needs special hardware to run and where there is an 
>> Ultravisor. Everyone would want more security for their pSeries 
>> guest, especially if it comes for free. Unfortunately this is not the 
>> case and one needs new hardware...
>>
>
> True. I propose this wording:
>
>           <span class="since">Since 6.4.0</span>, a new model called
>           <code>spapr-tpm-proxy</code> was added for pSeries guests. 
> This model
>           only works with the 'passthrough' backend. It creates a TPM 
> Proxy
>           device that communicates with an existing TPM Resource 
> Manager in the host,
>           for example /dev/tpmrm0, to enable secure virtual machine 
> support for the
>           guest with the help of an Ultravisor. Adding a TPM Proxy to 
> a pSeries guest
>           brings no security benefits unless the guest is running in a 
> PPC64 host that

in -> on


>
>           has Ultravisor support and access to a TPM Resource Manager. 
> Only one TPM
>           Proxy device is allowed per guest, but a TPM Proxy device 
> can be added together
>           with other TPM devices.
>
>
> If you agree, I'll use a similar text in the news.xml changes (patch 
> 8/8) as well.


I would agree to this.


>
>
> Thanks,
>
>
> DHB
>
>
>>
>>>
>>>
>>> Thanks,
>>>
>>>
>>> DHB
>>
>>





More information about the libvir-list mailing list