From f1d7d6c2cf192c8559dd43c85a7f4b21018c29f6 Mon Sep 17 00:00:00 2001 From: Daniel Henrique Barboza Date: Wed, 10 Jun 2020 15:11:43 -0300 Subject: [PATCH] docs: documentation and schema for the new TPM Proxy model MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit QEMU 4.1.0 introduced a new device type called TPM Proxy, currently implemented by PPC64 guests via a new virtual device called 'spapr-tpm-proxy' (see QEMU 0fb6bd073230 for more info). The TPM Proxy device interacts with a TPM Resource Manager, a host device capable of multiplexing the host TPM with multiple processes. This allows multiple guests to access some TPM features at the same time. Note that this mode of operation does not provide full TPM features to be available for the guest - for that case the guest still needs to assign a vTPM device (tpm-spapr for PPC64 guests). Although redundant, there is currently no technical limitation for a guest to assign both a vTPM and a TPM Proxy at the same time. This patch adds documentation and schema for a new TPM model type called 'spapr-tpm-proxy' that creates this new TPM Proxy device. This model is valid only for the 'passthrough' backend. An example of a TPM Proxy device connected to a TPM Resource Manager '/dev/tpmrm0' will look like this: Tested-by: Satheesh Rajendran Reviewed-by: Stefan Berger Signed-off-by: Daniel Henrique Barboza Signed-off-by: Ján Tomko Reviewed-by: Ján Tomko --- docs/formatdomain.html.in | 19 ++++++++++++++++++- docs/schemas/domaincommon.rng | 1 + 2 files changed, 19 insertions(+), 1 deletion(-) diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in index 83f0008640..bd662727d3 100644 --- a/docs/formatdomain.html.in +++ b/docs/formatdomain.html.in @@ -8849,6 +8849,18 @@ qemu-kvm -net nic,model=? /dev/null backend device is a TPM 2.0. Since 6.1.0, pSeries guests on PPC64 are supported and the default is tpm-spapr. + + Since 6.5.0, a new model called + spapr-tpm-proxy was added for pSeries guests. This model + only works with the passthrough backend. It creates a + TPM Proxy device that communicates with an existing TPM Resource Manager + in the host, for example /dev/tpmrm0, enabling the guest to + run in secure virtual machine mode with the help of an Ultravisor. Adding + a TPM Proxy to a pSeries guest brings no security benefits unless the guest + is running on a PPC64 host that has an Ultravisor and a TPM Resource Manager. + Only one TPM Proxy device is allowed per guest, but a TPM Proxy device can + be added together with + other TPM devices.

backend
@@ -8861,7 +8873,7 @@ qemu-kvm -net nic,model=? /dev/null
passthrough

- Use the host's TPM device. + Use the host's TPM or TPM Resource Manager device.

This backend type requires exclusive access to a TPM device on @@ -8869,6 +8881,11 @@ qemu-kvm -net nic,model=? /dev/null qualified file name is specified by path attribute of the source element. If no file name is specified then /dev/tpm0 is automatically used. + + Since 6.5.0, when choosing the + spapr-tpm-proxy model, the file name specified is + expected to be a TPM Resource Manager device, e.g. + /dev/tpmrm0.

diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng index 2e65340311..4b4aa60c66 100644 --- a/docs/schemas/domaincommon.rng +++ b/docs/schemas/domaincommon.rng @@ -4618,6 +4618,7 @@ tpm-tis tpm-crb tpm-spapr + spapr-tpm-proxy