On Tue, Dec 13, 2011 at 07:51:17AM -0500, Stefan Berger wrote: > On 12/12/2011 11:51 PM, Paul Brook wrote: > >>>>+tpm_passthrough="no" > >>>Same as before, please probe for existence. > >>We would be probing for /dev/tpm0. Is that really what we want that this > >>driver only gets compiled if /dev/tpm0 is (currently) available? > >If what you say is true then this code should always be enabled. > > > Michael Tsirkin previously requested that there be an option for the > TPM passthrough driver to be selectively enabled since at least > using /dev/tpm0 may not be what everybody wants. The passthrough > driver at some point will also be able to use sockets to communicate > with a TPM when a file descriptor is passed to Qemu, so maybe that > changes then? > > > Stefan
The passthrough as it is, is pretty easy to misuse. This is a hardware problem, not software, and I don't think it's fixable. So I do not think all downstreams will want to support this mode, making it easy to disable this is IMO important. -- MST
