Hi Dave, On Tue, Mar 21, 2023 at 03:06:19PM +0000, Dr. David Alan Gilbert wrote: > Interesting; it would have been nice to have known about this a little > earlier, some people have been working on stuff built on top of the AMD > one for a while. Sorry for that, we wanted to have it in a state where it could at least boot an SMP Linux guest. It took us some more time to get the foundations right and get to that point. > You mention two things that I wonder how they interact: > > a) TPMs in the future at a higher ring > b) Making (almost) unmodified guests > > What interface do you expect the guest to see from the TPM - would it > look like an existing TPM hardware interface or would you need some > changes? For a) without b) the guest interface will be the SVSM TPM protocol. The ring-0 code will forward any request to the TPM process and return to the guest when it is done. For b), or the paravisor mode, this is the vision, which is probably more than a year out. The idea behind that is to be able to emulate what Hyper-V is doing to boot Windows guests under SEV-SNP on an open source SW stack. How the TPM interface will look like for that paravisor mode is not clear yet. In theory we can emulate a real TPM interface to make this work, but that is not sure yet. Regards, -- Jörg Rödel jroedel@xxxxxxx SUSE Software Solutions Germany GmbH Frankenstraße 146 90461 Nürnberg Germany (HRB 36809, AG Nürnberg) Geschäftsführer: Ivo Totev, Andrew Myers, Andrew McDonald, Boudien Moerman
