"Xu, Quan" <quan...@intel.com> wrote on 01/04/2016 08:26:03 PM:
> Date: 01/04/2016 08:26 PM > Subject: RE: [PATCH v5 0/4] Extend TPM support with a QEMU-external TPM > > On January 04 2016 11:23 PM, <stef...@us.ibm.com> wrote: > > The following series of patches extends TPM support with an > external TPM that > > offers a Linux CUSE (character device in userspace) interface. This TPM lets > > each VM access its own private vTPM. > > The CUSE TPM supports suspend/resume and migration. Much out-of-band > > functionality necessary to control the CUSE TPM is implemented using ioctls. > > > > Stefan, > it is a good solution. Could you share more about this architecture? > If you have an existing doc. The architecture is as follows: An extern tool (i.e., libvirt) start the CUSE TPM, which then provides /dev/vtpm-<uuid> for the QEMU VM to talk to. QEMU receives the open filedescriptor or device name on the command line. All TPM commands from the guest go right into /dev/vtpm-<uuid> via read/write() interface, so just like the passthrough. Out-of-band control, which we need for proper vTPM emualtipon, such as setting the locality, getting and setting of the state blobs of the vTPM following suspend/resume/snapshotting/migration, resetting the vTPM following a VM reset, shutdown of the vTPM process following VM shutdown, is done through the ioctl interface. The ioctl interface is defined in this file here: https://github.com/stefanberger/swtpm/blob/master/include/swtpm/tpm_ioctl.h I do not have an existing doc but the github swtpm project contains a man page describing the ioctls: https://github.com/stefanberger/swtpm/blob/master/man/man3/swtpm_ioctls.pod I hope this helps us to make progress. Thanks and regards, Stefan
