On Mon, 2022-12-12 at 09:27 -0500, Stefan Berger wrote: > > > On 12/12/22 08:59, James Bottomley wrote: > > On Mon, 2022-12-12 at 08:43 -0500, Stefan Berger wrote: > > > > > > > > > On 12/10/22 12:10, James Bottomley wrote: > > > > The Microsoft Simulator (mssim) is the reference emulation > > > > platform > > > > for the TCG TPM 2.0 specification. > > > > > > > > https://github.com/Microsoft/ms-tpm-20-ref.git > > > > > > > > It exports a fairly simple network socket baset protocol on two > > > > > > baset -> based. > > > > > > > sockets, one for command (default 2321) and one for control > > > > (default 2322). This patch adds a simple backend that can > > > > speak the mssim protocol over the network. It also allows the > > > > host, and two ports to be specified on the qemu command line. > > > > The benefits are twofold: firstly it gives us a backend that > > > > actually speaks a standard TPM emulation protocol instead of > > > > the linux specific TPM driver format of the current emulated > > > > TPM backend and secondly, using the microsoft protocol, the end > > > > point of the emulator can be anywhere on the network, > > > > facilitating the cloud use case where a central TPM ervice can > > > > be used over a control network. > > > > > > > > The implementation does basic control commands like power > > > > off/on, but doesn't implement cancellation or startup. The > > > > former because cancellation is pretty much useless on a fast > > > > operating TPM emulator and the latter because this emulator is > > > > designed to be used with OVMF which itself does TPM startup and > > > > I wanted to validate that. > > > > > > How did you implement VM suspend/resume and snapshotting support? > > > > TPM2 doesn't need to. The mssim follows the reference model which > > > You mean TPM2 doesn't need to resume at the point where the VM > resumes (I am not talking about ACPI resume but virsh save/restore) > after for example a host reboot? > What does this have to do with the mssim reference model and > TPM2_Shutdown protocol?
Running S3 suspend/resume before doing VM save/restore could fix a lot of issue with passthrough PCI and when QEMU gets around to doing that a TPM following the standard model should just work. It's useful to have a driver supporting this work. James
