On Mon, Feb 25, 2019 at 1:00 PM Matthew Garrett <mjg59@xxxxxxxxxx> wrote: > > I'm still looking for the pragmatic use case. I think yours is attack > > surface reduction, because the virtio discovery and operation is less > > code and therefore more secure than physical hardware discovery and > > operation? I'm not entirely sure I buy that because the TPM > > communication interface is pretty simple and it's fairly deep down in > > the kernel internal stack making it difficult to exploit. > > Being able to get away without any LPC support code at all seems like > a win, as does not having any ACPI or DeviceTree parsing code. > Injecting the hardware information via the kernel command line isn't > impossible, but it's not an attractive solution. Oh, but to be clear - I think the bigger win is having a reduced surface in the *hypervisor*, not the kernel. Just having enough support to pass commands through to the vTPM is a lot easier than emulating the whole hardware interface to the TPM (and see the number of bugs in things like qemu's floppy drive emulation as an example of how hard this can be to get right)