[Qemu-devel] Money pledge: TPM hardware integration

[Andreas Kotes]

Hello,

I'll try something new because I don't have the time to do it myself:

I need support for a tpm_tis style device in the mainstream qemu/kvm
code (eventually). The idea is that client Windows or Linux machines
(using tpm_tis) will be able to use host TPM functionality.

I myself have a machine (Lenovo Thinkpad T61p) that natively has tpm_tis
hardware, so a simple passthru would work for me - but I think the
better way would be to simulate a tpm_tis device and hook it up with the
TrouSerS daemon. There was a TPM emulator patch posted some time ago,
but it was never finished - and connecting back to a TPM emulator only.
It might be useful as reference.

I'd recommend implementing this emulated device it in a way that
different TPM chips (e.g. tpm_atmel) could be emulated alternatively.

General information can be found in
http://www.thinkwiki.org/wiki/Embedded_Security_Subsystem

I offer 120 EUR for the case that the following criteria are met:
- TPM 1.2 support as used by tpm_tis
- either passthru from host tpm_tis or to TrouSerS (preferred)
- tpm-selftest and other functions work in a client Ubuntu 64bit
- (a Window system detects the hardware correctly and can use it the same
  way the Ubuntu system does - the Ubunutu system is the reference)
- good coding style an practices are expected to be followed
- code passes review of list participants (if necessary after several
  iterations) and applies to trunk

I know that inclusion into the mainlin code can't be expected and is out
of the hands of the corresponding coder, but there should be absolutely
no technical reasons for this to not go into mainline.

The 120 EUR can either be paid to the coder or to the FSFE, at coders
discretion. If wished, I can put the money in escrow, e.g. with Fefe (if
he accepts that - I at least trust him completely).

I'd expect the person taking this to step up and answer to this mail by
14.5.2010, and complete the task by 30.6.2010. Please describe whether
you'd implement passthru or TrouSerS functionality. If more than one
person considers this worthwhile and you'd want to team up and implement
it together, that's even better. For the fairness towards all concerned
I'd give the money to the FSFE in full in this case.

If a group of people finds itself - start already. In the spirit of
community and open collaboration I'll give this preference over
individuals. If multiple individuals want to take this, I'll award the
offer to the person with the best (subjective) track record in
partitipation on qemu-devel. No dealings via private mail, only
transparent and on-list.

Cheers,

   Andreas

P.S: if this is unacceptable for this mailinglist, please discuss. I'll
watch the mail traffic this causes closely ;)

-- 
Andreas Kotes, CISSP, CCNA - flatline IT services - ISP & IT Consulting
"Don't ask what the world needs. Ask what makes you come alive, and go do it.
Because what the world needs is people who have come alive." -- Howard Thurman

signature.asc
Description: Digital signature