* Jörg Rödel (jroedel@xxxxxxx) wrote: > Hi Dave, > > On Tue, Mar 21, 2023 at 03:06:19PM +0000, Dr. David Alan Gilbert wrote: > > Interesting; it would have been nice to have known about this a little > > earlier, some people have been working on stuff built on top of the AMD > > one for a while. > > Sorry for that, we wanted to have it in a state where it could at least > boot an SMP Linux guest. It took us some more time to get the > foundations right and get to that point. > > > You mention two things that I wonder how they interact: > > > > a) TPMs in the future at a higher ring > > b) Making (almost) unmodified guests > > > > What interface do you expect the guest to see from the TPM - would it > > look like an existing TPM hardware interface or would you need some > > changes? > > For a) without b) the guest interface will be the SVSM TPM protocol. The > ring-0 code will forward any request to the TPM process and return to > the guest when it is done. > > For b), or the paravisor mode, this is the vision, which is probably > more than a year out. The idea behind that is to be able to emulate what > Hyper-V is doing to boot Windows guests under SEV-SNP on an open source > SW stack. > > How the TPM interface will look like for that paravisor mode is not > clear yet. In theory we can emulate a real TPM interface to make this > work, but that is not sure yet. OK, I'm just trying to avoid having guests that have a zillion different TPM setups for different SVSM and clouds. Timing is a little tricky here; in many ways the thing that sounds nicest to me about Coconut is the mostly-unmodified guest (b) - but if that's a while out then hmm. Dave > Regards, > > -- > Jörg Rödel > jroedel@xxxxxxx > > SUSE Software Solutions Germany GmbH > Frankenstraße 146 > 90461 Nürnberg > Germany > > (HRB 36809, AG Nürnberg) > Geschäftsführer: Ivo Totev, Andrew Myers, Andrew McDonald, Boudien Moerman > -- Dr. David Alan Gilbert / dgilbert@xxxxxxxxxx / Manchester, UK
