On Mon, Feb 25, 2019 at 12:20:43PM -0800, James Bottomley wrote: > On Mon, 2019-02-25 at 11:17 -0800, Matthew Garrett wrote: > > On Mon, Feb 25, 2019 at 7:36 AM James Bottomley > > <James.Bottomley@xxxxxxxxxxxxxxxxxxxxx> wrote: > > > > The virtio driver performs discovery via virtio, which crosvm > > > > implements already for all of its supported devices. This > > > > substantially reduces the amount of TPM-specific code compared to > > > > your suggestions, and lowers the barrier to entry for > > > > implementing TPM support in other hypervisors which I hope we > > > > agree is beneficial. > > > > > > Well, that's somewhat misleading: The reason we already have two > > > hypervisor specific drivers already is because every hypervisor has > > > a different virtual discovery mechanism. You didn't find the other > > > two hypervisor drivers remotely useful, so why would another > > > hypervisor find yours useful? > > > > The existing hypervisor drivers expose hypervisor-specific details. > > This proposed driver provides an abstract interface that is usable by > > other hypervisors. It allows building a VM that exposes TPM > > functionality without requiring additional hardware emulation, > > reducing the hypervisor attack surface. > > Well, that depends whether you think a virtio bus is an abstract > concept or a hypervisor specific detail. There are currently four > major hypervisors: xen, kvm, hyper-v and ESX. Of those, only one > implements virtio: kvm. I agree virtio is a standard and certainly a > slew of minor hypervisors implement it because they need paravirt > support on Linux so they piggyback off kvm, but I don't see any of the > other major hypervisors jumping on the bandwagon. > > I certainly agree our lives would be easier if all the major hypervisor > vendors would just agree a single paravirt driver standard. I think that a Windows hypervisor (Hyper-V) and a closed hypervisor (VMWare) are out of context for this discussion. I think it is a good thing that there exist a fully open alternative to closed solutions such as VMBus. It is not only good for Linux but also for other open source operating systems (*BSD, Fuchsia etc.). I won't disregard virtio-TPM based on that. The main interest lies in these: - QEMU - KVM - Xen > > Using the more generic virtio > > infrastructure reduces the need for that, since any hypervisor should > > be able to implement the backend (eg, in this case it'd be very easy > > to add support for this driver to qemu, > > I certainly agree there ... is there a plan for this? I don't *necessarily* require QEMU to support this in the implementation level in order to accept the change. What I do require is a buy-in from the QEMU and Xen community that this is the right path. /Jarkko
