Re: [Qemu-devel] [PATCH v5 0/4] Extend TPM support with a QEMU-external
From:
Stefan Berger
Subject:
Re: [Qemu-devel] [PATCH v5 0/4] Extend TPM support with a QEMU-external TPM
Date:
Wed, 20 Jan 2016 10:23:50 -0500
"Daniel P. Berrange" <address@hidden>
wrote on 01/20/2016 09:58:39 AM:
> Subject: Re: [Qemu-devel] [PATCH v5 0/4] Extend
TPM support with a > QEMU-external TPM > > On Mon, Jan 04, 2016 at 10:23:18AM -0500, Stefan Berger wrote: > > The following series of patches extends TPM support with an > > external TPM that offers a Linux CUSE (character device in userspace) > > interface. This TPM lets each VM access its own private vTPM. > > What is the backing store for this vTPM ? Are the vTPMs all > multiplexed onto the host's physical TPM or is there something > else going on ?
The vTPM writes its state into a plain file. In case
the user started the vTPM, the user gets to choose the directory. In case
of libvirt, libvirt sets up the directory and starts the vTPM with the
directory as a parameter. The expectation for VMs (also containers) is
that each VM can use the full set of TPM commands with the vTPM and due
to how the TPM works, it cannot use the hardware TPM for that. SeaBIOS
has been extended with TPM 1.2 support and initializes the vTPM in the
same way it would initialize a hardware TPM.