On Mon, 2022-12-12 at 09:44 -0500, Stefan Berger wrote: > > > On 12/12/22 09:32, James Bottomley wrote: > > On Mon, 2022-12-12 at 09:27 -0500, Stefan Berger wrote: > > > > > > > > > On 12/12/22 08:59, James Bottomley wrote: > > > > On Mon, 2022-12-12 at 08:43 -0500, Stefan Berger wrote: > > > > > > > > > > > > > > > On 12/10/22 12:10, James Bottomley wrote: > > > > > > The Microsoft Simulator (mssim) is the reference emulation > > > > > > platform > > > > > > for the TCG TPM 2.0 specification. > > > > > > > > > > > > https://github.com/Microsoft/ms-tpm-20-ref.git > > > > > > > > > > > > It exports a fairly simple network socket baset protocol on > > > > > > two > > > > > > > > > > baset -> based. > > > > > > > > > > > sockets, one for command (default 2321) and one for control > > > > > > (default 2322). This patch adds a simple backend that can > > > > > > speak the mssim protocol over the network. It also allows > > > > > > the > > > > > > host, and two ports to be specified on the qemu command > > > > > > line. > > > > > > The benefits are twofold: firstly it gives us a backend > > > > > > that > > > > > > actually speaks a standard TPM emulation protocol instead > > > > > > of > > > > > > the linux specific TPM driver format of the current > > > > > > emulated > > > > > > TPM backend and secondly, using the microsoft protocol, the > > > > > > end > > > > > > point of the emulator can be anywhere on the network, > > > > > > facilitating the cloud use case where a central TPM ervice > > > > > > can > > > > > > be used over a control network. > > > > > > > > > > > > The implementation does basic control commands like power > > > > > > off/on, but doesn't implement cancellation or startup. The > > > > > > former because cancellation is pretty much useless on a > > > > > > fast > > > > > > operating TPM emulator and the latter because this emulator > > > > > > is > > > > > > designed to be used with OVMF which itself does TPM startup > > > > > > and > > > > > > I wanted to validate that. > > > > > > > > > > How did you implement VM suspend/resume and snapshotting > > > > > support? > > > > > > > > TPM2 doesn't need to. The mssim follows the reference model > > > > which > > > > > > > > > You mean TPM2 doesn't need to resume at the point where the VM > > > resumes (I am not talking about ACPI resume but virsh > > > save/restore) > > > after for example a host reboot? > > > What does this have to do with the mssim reference model and > > > TPM2_Shutdown protocol? > > > > Running S3 suspend/resume before doing VM save/restore could fix a > > lot of issue with passthrough PCI and when QEMU gets around to > > doing that a TPM following the standard model should just work. > > It's useful to have a driver supporting this work. > Did you test it with virsh save / restore with the mssim TPM? Does it > work? Does it work if you reboot the host in between?
I don't actually use virsh in my harness. I'm mostly interested in the running the kernel TPM selftests against the reference model. But I anticipate it wouldn't currently work because I don't believe virsh triggers a S3 event which is why snapshot and migration doesn't always work with PCI passthrough. James
