On 5/13/20 12:49 PM, Daniel Henrique Barboza wrote:
On 5/13/20 12:45 PM, Stefan Berger wrote:
[...]
I think users need to understand that a pSeries guest will not
benefit from this but only a pSeries guest that is a secure virtual
machine that needs special hardware to run and where there is an
Ultravisor. Everyone would want more security for their pSeries
guest, especially if it comes for free. Unfortunately this is not the
case and one needs new hardware...
True. I propose this wording:
<span class="since">Since 6.4.0</span>, a new model called
<code>spapr-tpm-proxy</code> was added for pSeries guests.
This model
only works with the 'passthrough' backend. It creates a TPM
Proxy
device that communicates with an existing TPM Resource
Manager in the host,
for example /dev/tpmrm0, to enable secure virtual machine
support for the
guest with the help of an Ultravisor. Adding a TPM Proxy to
a pSeries guest
brings no security benefits unless the guest is running in a
PPC64 host that
in -> on
has Ultravisor support and access to a TPM Resource Manager.
Only one TPM
Proxy device is allowed per guest, but a TPM Proxy device
can be added together
with other TPM devices.
If you agree, I'll use a similar text in the news.xml changes (patch
8/8) as well.
I would agree to this.
Thanks,
DHB
Thanks,
DHB
