"Daniel P. Berrange" <berra...@redhat.com> wrote on 03/01/2017 07:54:14 AM:
> From: "Daniel P. Berrange" <berra...@redhat.com> > To: Stefan Berger <stef...@linux.vnet.ibm.com> > Cc: "Dr. David Alan Gilbert" <dgilb...@redhat.com>, Stefan Berger/ > Watson/IBM@IBMUS, "m...@redhat.com" <m...@redhat.com>, "qemu- > de...@nongnu.org" <qemu-devel@nongnu.org>, "SERBAN, CRISTINA" > <cs1...@att.com>, "Xu, Quan" <quan...@intel.com>, > "silviu.vlasce...@gmail.com" <silviu.vlasce...@gmail.com>, > "hagen.la...@huawei.com" <hagen.la...@huawei.com>, "SHIH, CHING C" > <cs1...@att.com> > Date: 03/01/2017 08:03 AM > Subject: Re: [Qemu-devel] [PATCH v5 1/4] Provide support for the CUSE TPM > > On Wed, Mar 01, 2017 at 07:25:28AM -0500, Stefan Berger wrote: > > On 06/16/2016 04:25 AM, Daniel P. Berrange wrote: > > > On Thu, Jun 16, 2016 at 09:05:20AM +0100, Dr. David Alan Gilbert wrote: > > > > * Stefan Berger (stef...@linux.vnet.ibm.com) wrote: > > > > > On 06/15/2016 03:30 PM, Dr. David Alan Gilbert wrote: > > > > <snip> > > > > > > > > > > So what was the multi-instance vTPM proxy driver patch set about? > > > > > That's for containers. > > > > Why have the two mechanisms? Can you explain how the multi-instance > > > > proxy works; my brief reading when I saw your patch series seemed > > > > to suggest it could be used instead of CUSE for the non-container case. > > > One of the key things that was/is not appealing about this CUSE approach > > > is that it basically invents a new ioctl() mechanism for talking to > > > a TPM chardev. With in-kernel vTPM support, QEMU probably doesn't need > > > to have any changes at all - its existing driver for talking to TPM > > > > We still need the control channel with the vTPM to reset it upon VM reset, > > for getting and setting the state of the vTPM upon snapshot/suspend/resume, > > changing locality, etc. > > You ultimately need the same mechanisms if using in-kernel vTPM with > containers as containers can support snapshot/suspend/resume/etc too. The vTPM running on the backend side of the vTPM proxy driver is essentially the same as the CUSE TPM used for QEMU. I has the same control channel through sockets. So on that level we would have support for the operations but not integrated with anything that would support container migration. Stefan > > Regards, > Daniel > -- > |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| > |: http://libvirt.org -o- http://virt-manager.org :| > |: http://entangle-photo.org -o- http://search.cpan.org/~danberr/ :| >
