|
From: | Stefan Berger |
Subject: | Re: [Qemu-devel] Is is possible to virtualise or share the TPM? |
Date: | Wed, 29 Aug 2012 08:57:14 -0400 |
User-agent: | Mozilla/5.0 (X11; Linux x86_64; rv:13.0) Gecko/20120605 Thunderbird/13.0 |
On 08/23/2012 04:05 PM, Corey Bryant wrote:
On 08/21/2012 06:31 AM, Jordi Cucurull Juan wrote:Dear all, After applying the TPM patches to QEMU, I was wondering if it is possible to simultaneously use the TPM in more than one virtual machine, i.e. virtualisation of the TPM. According to the paper "Stefan Berger, Ramón Cáceres, Kenneth A. Goldman, Ronald Perez, Reiner Sailer, Leendert van Doorn. vTPM: Virtualizing the Trusted Platform Module" this seems to be possible in Xen. Is not possible in QEMU? Thanks! Jordi.I don't think the pass-through driver supports use by multiple VMs. Stefan Berger should be able to answer better so I'm adding him to the thread.
The pass-through driver cannot provide access for multiple VMs to the single hardware TPM on the host. The usage model and the statefulness of the TPM (SRK password, owner password, keys) basically prevent/complicate this. The implementation for Xen was indep. of the Qemu code base today and there we used a software implementation of the TPM that provided a private TPm instance to each VM. I have patches for this for Qemu but due to an IRC chat in Sept. 2011 they are 'behind' the pass-through driver patches.
Stefan
[Prev in Thread] | Current Thread | [Next in Thread] |