[PATCH v2 1/8] docs: documentation and schema for the new TPM Proxy model
Stefan Berger
stefanb at linux.ibm.com
Wed May 13 16:52:10 UTC 2020
On 5/13/20 12:49 PM, Daniel Henrique Barboza wrote:
>
>
> On 5/13/20 12:45 PM, Stefan Berger wrote:
> [...]
>>
>> I think users need to understand that a pSeries guest will not
>> benefit from this but only a pSeries guest that is a secure virtual
>> machine that needs special hardware to run and where there is an
>> Ultravisor. Everyone would want more security for their pSeries
>> guest, especially if it comes for free. Unfortunately this is not the
>> case and one needs new hardware...
>>
>
> True. I propose this wording:
>
> <span class="since">Since 6.4.0</span>, a new model called
> <code>spapr-tpm-proxy</code> was added for pSeries guests.
> This model
> only works with the 'passthrough' backend. It creates a TPM
> Proxy
> device that communicates with an existing TPM Resource
> Manager in the host,
> for example /dev/tpmrm0, to enable secure virtual machine
> support for the
> guest with the help of an Ultravisor. Adding a TPM Proxy to
> a pSeries guest
> brings no security benefits unless the guest is running in a
> PPC64 host that
in -> on
>
> has Ultravisor support and access to a TPM Resource Manager.
> Only one TPM
> Proxy device is allowed per guest, but a TPM Proxy device
> can be added together
> with other TPM devices.
>
>
> If you agree, I'll use a similar text in the news.xml changes (patch
> 8/8) as well.
I would agree to this.
>
>
> Thanks,
>
>
> DHB
>
>
>>
>>>
>>>
>>> Thanks,
>>>
>>>
>>> DHB
>>
>>
More information about the libvir-list
mailing list