Re: [Qemu-devel] [PATCH 0/4] tpm: Provide a software vTPM

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH 0/4] tpm: Provide a software vTPM

From:	Anthony Liguori
Subject:	Re: [Qemu-devel] [PATCH 0/4] tpm: Provide a software vTPM
Date:	Tue, 19 Nov 2013 15:03:37 -0800

On Tue, Nov 19, 2013 at 1:32 PM, Corey Bryant <address@hidden> wrote:
>
> On 11/19/2013 02:50 PM, Anthony Liguori wrote:
>>
>> On Wed, Nov 6, 2013 at 6:38 AM, Corey Bryant <address@hidden>
>> wrote:
>>>
>>> This patch series provides support for a software Trusted Platform
>>> Module (otherwise known as a vTPM).  This support is provided via a
>>> new backend that works with the existing QEMU tpm-tis front end.
>>
>>
>> We do device emulation within QEMU.  This is fundamentally what QEMU does.
>>
>> Why should we link against an external library instead of providing
>> TPM emulation within QEMU itself?  What makes TPM so special here?
>
>
> Because 70k+ LOC *definitely* doesn't have a chance of getting into QEMU, so
> it makes more sense to link against a library.

That's not because we're terrible people who institute horribly
bureaucratic procedures for getting code merged.

It's because we have a high standard of quality and work hard to do
things in a minimal yet robust fashion.

That is a large blob of untested and untrustworthy code.  That's
nothing against the authors but that's simple a fact of life.

>> I know the answer to these questions of course.  There isn't a good
>> reason but there exists vTPM as an external tool for historical
>> reasons.  I don't think that's a good justification for doing this.
>> libtpms has had no review by anyone and does not have a community
>> around it.  Once we link against it, we are responsible for resolving
>
>
> The source is now more readily available on github and while the community
> is small, there is a community.  Besides, QEMU uses other libraries that
> have very small communities doesn't it?

The repo has 4 commits with 1 contributor.  It's a code dump.  There
is no community.

We are extremely careful in the dependencies we carry.

>> any security issue around it and fixing any bug within it.
>
>
> Is this really true?

Yes.

>  Is QEMU responsible for fixing every bug in glibc?

If a guest can trigger an exploit from QEMU, then during the embargo
period you can bet on the fact that QEMU developers would be working
to resolve it along with the glibc developers.

glibc isn't guest facing.  Neither is glib.  libtpms is making it a
massive security exposure surface.

TPMs aren't that complex of a device compared to other things on the
platform.  There's no reason for it to be 70k of code other than it
was someone's playground.

If someone wrote a concise implementation of TPM within QEMU, I'd be
more than eager to merge it.  libtpms is not that.

Regards,

Anthony Liguori

>
> --
> Regards,
> Corey Bryant
>
>
>>
>> That's essentially asking us to merge 70k+ LOCS without any review or
>> validation ahead of time.  That's an unreasonable request.
>>
>> Regards,
>>
>> Anthony Liguori
>>
>>> With this patch series, multiple guests can run with their own vTPM.
>>> In comparison, the existing passthrough vTPM does not allow this
>>> because the host TPM cannot be shared.
>>>
>>> Note: There is seabios code that is not yet upstream that is
>>> required to run with this support.  It provides support such as
>>> initialization, ACPI table updates, and menu updates.  If anyone
>>> would like to run with that support, let me know and I can send you
>>> a bios.bin.
>>>
>>> Following is a sample command line:
>>>
>>> qemu-img create -f qcow2 /home/qemu/images/nvram.qcow2 500K
>>>
>>> qemu-system-x86_64 ... \
>>> -drive
>>> file=/home/qemu/images/nvram.qcow2,if=none,id=nvram0-0-0,format=qcow2 \
>>> -device tpm-tis,tpmdev=tpm-tpm0,id=tpm0 \
>>> -tpmdev libtpms,id=tpm-tpm0,nvram=nvram0-0-0
>>>
>>> Corey Bryant (4):
>>>    tpm: Add TPM NVRAM implementation
>>>    tpm: Share tpm_write_fatal_error_response
>>>    tpm: QMP/HMP support for libtpms TPM backend
>>>    tpm: Provide libtpms software TPM backend
>>>
>>>   configure                    |   24 ++
>>>   hmp.c                        |    5 +
>>>   hw/tpm/Makefile.objs         |    2 +
>>>   hw/tpm/tpm_libtpms.c         |  885
>>> ++++++++++++++++++++++++++++++++++++++++++
>>>   hw/tpm/tpm_nvram.c           |  340 ++++++++++++++++
>>>   hw/tpm/tpm_nvram.h           |   25 ++
>>>   hw/tpm/tpm_passthrough.c     |   14 -
>>>   hw/tpm/tpm_tis.h             |    1 +
>>>   include/sysemu/tpm_backend.h |    3 +
>>>   qapi-schema.json             |   18 +-
>>>   qemu-options.hx              |   31 ++-
>>>   tpm.c                        |   28 ++-
>>>   12 files changed, 1357 insertions(+), 19 deletions(-)
>>>   create mode 100644 hw/tpm/tpm_libtpms.c
>>>   create mode 100644 hw/tpm/tpm_nvram.c
>>>   create mode 100644 hw/tpm/tpm_nvram.h
>>>
>>>
>>
>>
>

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-devel] [PATCH 0/4] tpm: Provide a software vTPM, Corey Bryant, 2013/11/06
- Re: [Qemu-devel] [PATCH 0/4] tpm: Provide a software vTPM, Anthony Liguori, 2013/11/19
  - Re: [Qemu-devel] [PATCH 0/4] tpm: Provide a software vTPM, Corey Bryant, 2013/11/19
    - Re: [Qemu-devel] [PATCH 0/4] tpm: Provide a software vTPM, Anthony Liguori <=
    - Re: [Qemu-devel] [PATCH 0/4] tpm: Provide a software vTPM, Stefan Berger, 2013/11/20
    - Re: [Qemu-devel] [PATCH 0/4] tpm: Provide a software vTPM, Anthony Liguori, 2013/11/20

Prev by Date: [Qemu-devel] commit b1bbfe72 causes huge slowdown with no kvm
Next by Date: Re: [Qemu-devel] [PATCH v3 1/2] linux-user: create target_structsheader to place ipc_perm and shmid_dss
Previous by thread: Re: [Qemu-devel] [PATCH 0/4] tpm: Provide a software vTPM
Next by thread: Re: [Qemu-devel] [PATCH 0/4] tpm: Provide a software vTPM
Index(es):
- Date
- Thread