On May 6, 2021, at 10:00, Jason Andryuk <jandr...@gmail.com> wrote: > The vtpmmgr TPM 2.0 support is incomplete. Add a warning about that to > the documentation so others don't have to work through discovering it is > broken. > > Signed-off-by: Jason Andryuk <jandr...@gmail.com> > Acked-by: Andrew Cooper <andrew.coop...@citrix.com> > --- > docs/man/xen-vtpmmgr.7.pod | 11 +++++++++++ > 1 file changed, 11 insertions(+) > > diff --git a/docs/man/xen-vtpmmgr.7.pod b/docs/man/xen-vtpmmgr.7.pod > index af825a7ffe..875dcce508 100644 > --- a/docs/man/xen-vtpmmgr.7.pod > +++ b/docs/man/xen-vtpmmgr.7.pod > @@ -222,6 +222,17 @@ XSM label, not the kernel. > > =head1 Appendix B: vtpmmgr on TPM 2.0 > > +=head2 WARNING: Incomplete - cannot persist data > + > +TPM 2.0 support for vTPM manager is incomplete. There is no support for > +persisting an encryption key, so vTPM manager regenerates primary and > secondary > +key handles each boot. > + > +Also, the vTPM manger group command implementation hardcodes TPM 1.2 > commands. > +This means running manage-vtpmmgr.pl fails when the TPM 2.0 hardware rejects > +the TPM 1.2 commands. vTPM manager with TPM 2.0 cannot create groups and > +therefore cannot persist vTPM contents. > + > =head2 Manager disk image setup: > > The vTPM Manager requires a disk image to store its encrypted data. The image > -- > 2.30.2
Should SUPPORT.md also be updated? https://xenbits.xen.org/gitweb/?p=xen.git;a=blob;f=SUPPORT.md;hb=refs/heads/master Rich
