View Single Post
  #7  
Old 09-19-2021, 16:52
DominicCummings DominicCummings is offline
Friend
 
Join Date: Mar 2021
Posts: 14
Rept. Given: 0
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 28
Thanks Rcvd at 17 Times in 8 Posts
DominicCummings Reputation: 0
An update on this thread -- virtualbox devs are planning to pass through the physical TPM rather than emulating one to the guest -- www.virtualbox.org/changeset/90946/vbox -- which has just been pushed.

I don't get how that's supposed to work if two devices are trying to use it at the same time. Similarly, I don't like the idea of people using it to break VM isolation, or alternatively hide keys.

QEMU have already implemented tpm emulation but there are two currently "not supported" interrupts, fortunately not hugely relevant, but still -- https://qemu.readthedocs.io/en/latest/specs/tpm.html#. Fortunately, it's possible to directly inspect the TPM and its communication protocol (TIS) state by making a debug build:

Quote:
This patch uses the possibility to add a vendor-specific register and
adds a debug register useful for dumping the TIS's internal state. This
register is only active in a debug build (#define DEBUG_TIS).
Hopefully this won't last too long and won't protect too much...

Last edited by DominicCummings; 09-19-2021 at 17:24.
Reply With Quote