On Tue, 2017-07-18 at 05:08 -0700, Marc-André Lureau wrote: > Hi > > On Tue, Jul 18, 2017 at 1:49 AM, Amarnath Valluri > <amarnath.vall...@intel.com> wrote: > > This change introduces a new TPM backend driver that can communicate with > > swtpm(software TPM emulator) using unix domain socket interface. > > > > Swtpm uses two unix sockets, one for plain TPM commands and responses, and > > one > > for out-of-band control messages. > > > > The swtpm and associated tools can be found here: > > https://github.com/stefanberger/swtpm > > > > The swtpm's control channel protocol specification can be found here: > > https://github.com/stefanberger/swtpm/wiki/Control-Channel-Specification > > I am afraid this isn't enough yet. > > > Usage: > > # setup TPM state directory > > mkdir /tmp/mytpm > > chown -R tss:root /tmp/mytpm > > /usr/bin/swtpm_setup --tpm-state /tmp/mytpm --createek > > > > # Ask qemu to use TPM emulator with given tpm state directory > > qemu-system-x86_64 \ > > [...] \ > > -tpmdev > > emulator,id=tpm0,tpmstatedir=/tmp/mytpm,logfile=/tmp/swtpm.log \ > > We should rather follow the vhost-user pattern: do not deal with > spawning the external swtpm/backend, just use chardev to connect to > it. At least you don't have to deal with process argument details, > management etc that may change version to version. I made the spawning completely optional and it is useful in some environments, especially makes life easier when multiple QEMU instances on a system.
One can configure QEMU to connect to already running software emulator using Unix domain socket paths: -tpmdev emulator,id=tpm0,data-path=/path/,ctrl-path=/path - Amarnath
