From nobody Tue Nov 26 00:40:25 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 205.139.110.61 as permitted sender) client-ip=205.139.110.61; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-1.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 205.139.110.61 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=fail(p=none dis=none) header.from=gmail.com ARC-Seal: i=1; a=rsa-sha256; t=1589379128; cv=none; d=zohomail.com; s=zohoarc; b=bObcQw7X0UJJ4hRY14icecVqyvVjH6MDenDkNf1U23c6pgxpfhntExSaMwhworLU+qKXm8NiO5S3p20ZG7TGRUYlZHcxF12wh/rOGSUo+VAZAmZXvOUZKBKY/m/kgzcna1hCyLBwYZdsDJT2zlFot8oMXFTWLF4/IG7oRJCfAnw= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1589379128; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=VNc2ZnM/sEVTEAjI7Auhkvh8f3rsfbqUYYWM9jwLOT0=; b=GaMuOMQIK7DSCQNKHEGAZhwHPeZOKseJpowkxB240Yjq/JN/TA71E3RUcnQnhcAxX8uo3wmS2//WVsIAExGVEe5Aa6OrQptziLFeFpoOlSVNmSGsyRCmbXYzVaDbIU6N603JBaB/OULHe0q7YqkfNL9yveIq20h6l+EWKWY4jG8= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 205.139.110.61 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=fail header.from= (p=none dis=none) header.from= Return-Path: Received: from us-smtp-delivery-1.mimecast.com (us-smtp-1.mimecast.com [205.139.110.61]) by mx.zohomail.com with SMTPS id 1589379128265262.76371220363535; Wed, 13 May 2020 07:12:08 -0700 (PDT) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-130-TpNshqqAMSmpx0KStCWoIw-1; Wed, 13 May 2020 10:12:05 -0400 Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id AE2A9107ACF2; Wed, 13 May 2020 14:11:59 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 8C3AA391; Wed, 13 May 2020 14:11:59 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 5A3A0180BA96; Wed, 13 May 2020 14:11:59 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.rdu2.redhat.com [10.11.54.4]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 04DEB3nM026908 for ; Wed, 13 May 2020 10:11:03 -0400 Received: by smtp.corp.redhat.com (Postfix) id 400192017F0E; Wed, 13 May 2020 14:11:03 +0000 (UTC) Received: from mimecast-mx02.redhat.com (mimecast01.extmail.prod.ext.rdu2.redhat.com [10.11.55.17]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 148642029F62 for ; Wed, 13 May 2020 14:10:56 +0000 (UTC) Received: from us-smtp-1.mimecast.com (us-smtp-1.mimecast.com [205.139.110.61]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 40D28916102 for ; Wed, 13 May 2020 14:10:56 +0000 (UTC) Received: from mail-qt1-f194.google.com (mail-qt1-f194.google.com [209.85.160.194]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-54-4eVT6VCkPFauOd7uY1btOg-1; Wed, 13 May 2020 10:10:52 -0400 Received: by mail-qt1-f194.google.com with SMTP id 4so14234952qtb.4 for ; Wed, 13 May 2020 07:10:52 -0700 (PDT) Received: from rekt.ibmuc.com ([2804:431:c7c7:fbf2:bc5e:c314:af31:7070]) by smtp.gmail.com with ESMTPSA id y28sm9906755qtc.62.2020.05.13.07.10.50 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 13 May 2020 07:10:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1589379126; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=VNc2ZnM/sEVTEAjI7Auhkvh8f3rsfbqUYYWM9jwLOT0=; b=UIZGCQEBrRHsEGDDQ6NyojMgpC3zogQFPg4HPhvuO7CidMfM77h0v8fhLk24uf0fjFOhzL d58m1v/Kl4Qtksiu3bOLRvzIgDT1Ktd9ZenOio3Y6k05sQ8g9IvVaosWqk0ovJof6NH8ma OOlB0WCMSV8mB+54R2mREN0InfvVaSI= X-MC-Unique: TpNshqqAMSmpx0KStCWoIw-1 X-MC-Unique: 4eVT6VCkPFauOd7uY1btOg-1 X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=VNc2ZnM/sEVTEAjI7Auhkvh8f3rsfbqUYYWM9jwLOT0=; b=Nm2Hq5jlDPe7iNtgkt+JYG8sxnx975ZZrZJ+zgsiN/c9wR0OoHQb9bgm6WOtc8tiZG 3zdAqoVduqOkmzJ3+lTYYdINKwXcuwqIlkQFkEwRB7YP5AUbMu5BFkSLSzJFM+S7eSg6 2qBJfkpi6pswJXHsg9N8GWNSX2L6Y64aThW1zaiAOh1ZklC7HhFNBPP5yMp59wj5E8BO zZRdlILWBCQFj3ClH+tkCgn2OlqnevZbbAMnXL0VskjGOHb+9Z+LBpWd+tfKN/6AeJ57 4FJWGBEBtgllPtpiyXKYZ5E18ItFeBWmmkTnKinZVw5aaDWEW4VpI3TQV/vePaTa3fjN hHiQ== X-Gm-Message-State: AGi0PubZijEwiok5zJtMRQzbtriP84jot0YcPoQ0eIx3UnzJIQdHRnO1 NQNtDtfQnWJCXloZqyNV9Okrlg1119o= X-Google-Smtp-Source: APiQypKXnwsBX/Oe0rPPEgk8QO15Oans18wzUqhINIYwwOjudS87iX7/wNaGs3Pf0QNJ7aoIPAOhbQ== X-Received: by 2002:ac8:7b8e:: with SMTP id p14mr28585081qtu.219.1589379052030; Wed, 13 May 2020 07:10:52 -0700 (PDT) From: Daniel Henrique Barboza To: libvir-list@redhat.com Subject: [PATCH v2 1/8] docs: documentation and schema for the new TPM Proxy model Date: Wed, 13 May 2020 11:10:32 -0300 Message-Id: <20200513141040.2580726-2-danielhb413@gmail.com> In-Reply-To: <20200513141040.2580726-1-danielhb413@gmail.com> References: <20200513141040.2580726-1-danielhb413@gmail.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.78 on 10.11.54.4 X-loop: libvir-list@redhat.com Cc: Daniel Henrique Barboza , stefanb@linux.ibm.com, david@gibson.dropbear.id.au X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) Content-Type: text/plain; charset="utf-8" QEMU 4.1.0 introduced a new device type called TPM Proxy, currently implemented by PPC64 guests via a new virtual device called 'spapr-tpm-proxy' (see QEMU 0fb6bd073230 for more info). The TPM Proxy device interacts with a TPM Resource Manager, a host device capable of multiplexing the host TPM with multiple processes. This allows multiple guests to access some TPM features at the same time. Note that this mode of operation does not provide full TPM features to be available for the guest - for that case the guest still needs to assign a vTPM device (tpm-spapr for PPC64 guests). Although redundant, there is currently no technical limitation for a guest to assign both a vTPM and a TPM Proxy at the same time. This patch adds documentation and schema for a new TPM model type called 'spapr-tpm-proxy' that creates this new TPM Proxy device. This model is valid only for the 'passthrough' backend. An example of a TPM Proxy device connected to a TPM Resource Manager '/dev/tpmrm0' will look like this: Signed-off-by: Daniel Henrique Barboza --- docs/formatdomain.html.in | 16 +++++++++++++++- docs/schemas/domaincommon.rng | 1 + 2 files changed, 16 insertions(+), 1 deletion(-) diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in index 23eb029234..ccbb696058 100644 --- a/docs/formatdomain.html.in +++ b/docs/formatdomain.html.in @@ -8792,6 +8792,15 @@ qemu-kvm -net nic,model=3D? /dev/null backend device is a TPM 2.0. Since 6.1.0, pSeries guests on PPC64 are supported and the default is tpm-spapr. + + Since 6.4.0, a new model called + spapr-tpm-proxy was added for pSeries guests. This = model + only works with the 'passthrough' backend. It creates a TPM Proxy + device that allows a QEMU guest to interact with an existing TPM= Resource + Manager in the host, for example /dev/tpmrm0. A TPM Resource Man= ager + enables the host TPM device to be securely multiplexed across + several guests. Only one TPM Proxy device is allowed per guest, = but + a TPM Proxy device can be added together with other TPM devices.

backend
@@ -8804,7 +8813,7 @@ qemu-kvm -net nic,model=3D? /dev/null
passthrough

- Use the host's TPM device. + Use the host's TPM or TPM Resource Manager device.

This backend type requires exclusive access to a TPM device = on @@ -8812,6 +8821,11 @@ qemu-kvm -net nic,model=3D? /dev/null qualified file name is specified by path attribute of the source element. If no file name is specified th= en /dev/tpm0 is automatically used. + + Since 6.4.0, when choosing the + spapr-tpm-proxy model, the file name specified = is + expected to be a TPM Resource Manager device, e.g. + /dev/tpmrm0.

diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng index 9d60b090f3..50860419c3 100644 --- a/docs/schemas/domaincommon.rng +++ b/docs/schemas/domaincommon.rng @@ -4610,6 +4610,7 @@ tpm-tis tpm-crb tpm-spapr + spapr-tpm-proxy --=20 2.26.2