swtpm
swtpm copied to clipboard
stefanberger
How to use TPM hardware passthrough?
I was reading this: https://www.qemu.org/docs/master/specs/tpm.html#the-qemu-tpm-passthrough-device at the same time of reviewing the wiki in this project: https://github.com/stefanberger/swtpm/wiki/Using-the-Intel-TSS-with-swtpm
And I got confused: so are there two ways of using TPM passthrough then?
The first link implies that this is possible with just the right QEMU options; however the /dev/tpm0 device can only be read and written by user tss and group root. Does this mean I'd need root privileges to use this?
Regarding the TSS Intel wiki page, are both examples doing TPM passthrough, or just the chardev example? The chardev example uses sudo... so do I always need root privileges to use passthrough no matter what method I use?
Finally, how dangerous is it having two OS's -say, the Linux host and a Windows guest- using the same TPM chip? The first link implies this is risky...
Thanks again.
I was reading this: https://www.qemu.org/docs/master/specs/tpm.html#the-qemu-tpm-passthrough-device at the same time of reviewing the wiki in this project: https://github.com/stefanberger/swtpm/wiki/Using-the-Intel-TSS-with-swtpm
And I got confused: so are there two ways of using TPM passthrough then?
Whatever /dev/tpm0 is can be passed through to the OS running inside the QEMU VM. /dev/tpm0 can be a hardware TPM 1.2 or a TPM 2 or one started with the --vtpm-proxy parameter and in fact would be a swtpm instance.
The first link implies that this is possible with just the right QEMU options; however the /dev/tpm0 device can only be read and written by user tss and group root. Does this mean I'd need root privileges to use this?
Likely yes, or you have to tell root to change ownership of the device for your user account to be able to acces it.
Regarding the TSS Intel wiki page, are both examples doing TPM passthrough, or just the chardev example? The chardev example uses sudo... so do I always need root privileges to use passthrough no matter what method I use?
I don't know what you mean by 'passthrough'. The TSS Intel wiki page doesn't show 'passthrough' but that a swtpm instance can be accessible using the tpm_vtpm_proxy kernel modul. The purpose of the tpm_vtpm_proxy module is to make a TPM instance available to a container.
Finally, how dangerous is it having two OS's -say, the Linux host and a Windows guest- using the same TPM chip? The first link implies this is risky...
Generally it's not a good idea to have two OSes use the same hardware TPM. They may try to extend the same PCRs for example messing up the logs that go with them or compete for the limited number of key slots in the device etc. TPMs are not meant to be shared between OSes but each OS should have its own independent TPM whose limited resources it can manage all by itself.
Thanks again.
Hope that helps.
Thanks very much sir. It did help overall.
Likely yes, or you have to tell root to change ownership of the device for your user account to be able to acces it.
Or perhaps use the "Access Broker & Resource Manager": https://github.com/tpm2-software/tpm2-abrmd https://github.com/tpm2-software/tpm2-tss Regarding abrmd I just read it's a daemon (or also a manually run application?) which runs as the user tss, thus in theory I wouldn't need to do root stuff (though I haven't tried it yet...). Also seems to include some udev rules.
Generally it's not a good idea to have two OSes use the same hardware TPM. They may try to extend the same PCRs for example messing up the logs that go with them or compete for the limited number of key slots in the device etc. TPMs are not meant to be shared between OSes but each OS should have its own independent TPM whose limited resources it can manage all by itself.
Does this mean I must not attempt to pass through the physical /dev/tmp0 device to, say, a Windows guest, since the Linux host is already using it, and instead use emulated TPM in these cases? Or are there still alternatives?
Thanks again.
Does this mean I must not attempt to pass through the physical /dev/tmp0 device to, say, a Windows guest, since the Linux host is already using it, and instead use emulated TPM in these cases? Or are there still alternatives?
That's what I would suggest, yes. I don't know of any alternatives than giving each VM its own independent vTPM.