On Sun, Mar 13, 2016 at 06:54:38PM -0400, Stefan Berger wrote: > This patch implements a proxy driver for supporting multiple emulated TPMs > in a system. > > The driver implements a device /dev/vtpmx that is used to created > a client device pair /dev/tpmX (e.g., /dev/tpm10) and a server side that > is accessed using a file descriptor returned by an ioctl. > The device /dev/tpmX is the usual TPM device created by the core TPM > driver. Applications or kernel subsystems can send TPM commands to it > and the corresponding server-side file descriptor receives these > commands and delivers them to an emulated TPM. > > Signed-off-by: Stefan Berger <stefanb@xxxxxxxxxxxxxxxxxx> > CC: linux-kernel@xxxxxxxxxxxxxxx > CC: linux-doc@xxxxxxxxxxxxxxx > CC: linux-api@xxxxxxxxxxxxxxx Alternative to this would be to have /dev/vtpmx create: * /dev/vtpm0 for the server * /dev/tpm0 for the client This is how David Howell's PoC worked and that's why I want to make this alternative visible. The server could even respawn without container noticing it. This solution have better availability properties. /Jarkko -- To unsubscribe from this list: send the line "unsubscribe linux-doc" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
