On 2/22/19 7:30 AM, James Bottomley wrote: > On Thu, 2019-02-21 at 18:14 -0800, David Tolnay wrote: >> Add a config TCG_VIRTIO_VTPM which enables a driver providing the >> guest kernel side of TPM over virtio. > > What's the use case for using this over the current non-virtio vTPM?. > I always thought virtio was about guest to host transport efficiency, > but the phsical TPM, being connected over a very slow bus, is about as > inefficient as you can get in that regard, so why do we need to use > virtio to drive the virtual one? > >> Use case: TPM support is needed for performing trusted work from >> within a virtual machine launched by Chrome OS. > > The current vTPM does this, what's the use case for your special one? Thanks James, these are important questions and the intention certainly isn't to have another driver that does the same thing with differences for no reason. I see three existing vTPM drivers already in drivers/char/tpm. - tpm_ibmvtpm, which is specific to PowerPC and implemented in terms of PowerPC hcalls. - xen-tpmfront, which is specific to Xen. - tpm_vtpm_proxy, which as I understand it is intended to enable userspace TPM. That is, if we are using this driver in a guest kernel, the TPM implementation also needs to reside in the guest kernel rather than in the hypervisor. For our use case which is not PowerPC and is running in our own hypervisor with the TPM needing to be provided by the hypervisor, none of the existing vTPM drivers seemed to fit the bill. Please let me know if I arrived at the wrong conclusion on this! Thanks, David
