Conversation
Jarkko Sakkinen
jarkko
Edited 21 days ago
Created beginnings of TPM 2.0 emulator integrated directly to QEMU based on Infineon SLB9672. It requires compilation with optionally enabled Rust shenanigans.
Right now it processes only self-test, reading of capabilities and stuff like that but is bound and wired to qemu. I.e. can do "-tpmdev vtpm,id=tpm0".
Not out anytime soon but will be out in foreseeable future :-)
#qemu #tpm #emulator
Right now it processes only self-test, reading of capabilities and stuff like that but is bound and wired to qemu. I.e. can do "-tpmdev vtpm,id=tpm0".
Not out anytime soon but will be out in foreseeable future :-)
#qemu #tpm #emulator
3
4
11
Vlastimil Babka π¨πΏπͺπΊπΊπ¦
vbabka@mastodon.social@jarkko would some of https://github.com/coconut-svsm/cocoon-tpm be reusable for this
1
0
1
@jarkko how are you finding the rust? Is it allowing for more expressive code or is it just helping avoid the C foot guns?
1
0
0
Jarkko Sakkinen
jarkko
@vbabka At least when it comes to protocol itself I want to base it on https://crates.io/crates/tpm2-protocol but I have to look if some of the code lke crypto primitives would be reusable. I'll take a look at it :-)
tpm2-protocol crate that I did defines a syntax macros to define the full TCG protocol in a bidirectonial way so that it can parse and emit to both directions. And I believe it is the most advanced peace of code for this particular niche :-) That's why it was so easy to ramp beginnings of a QEMU patch.
tpm2-protocol crate that I did defines a syntax macros to define the full TCG protocol in a bidirectonial way so that it can parse and emit to both directions. And I believe it is the most advanced peace of code for this particular niche :-) That's why it was so easy to ramp beginnings of a QEMU patch.
1
0
1
Jarkko Sakkinen
jarkko
@troglobit This is basically collecting the fruits of what I created during the Fall :-)
0
0
1
@stsquad Area where I still don't think Rust has an edge: early initialization code of kernel. In that it is super important to roughly have an idea of the generated assembly code while you develop and debug it. You are defining the basic constraints of e.g. mm at that point of time, so I just don't pragmatically get Rust at that point.
I don't believe one-tool-conquers-it-all world. Everything should be evaluated by the context.
I don't believe one-tool-conquers-it-all world. Everything should be evaluated by the context.
2
0
1
Riku Voipio
suihkulokki@society.oftrolls.com
1
0
0
Jarkko Sakkinen
jarkko
@suihkulokki @stsquad It's exactly like that. It's near proximity enough that if you've looked a lot of C and Assembly during course of your life it is easy to have in the ballpark idea of how C will transform.
1
0
1
@suihkulokki @stsquad And defining memory layout etc. it's all unsafe. You can probably make it syntactically nicer and feel less unsafe but in the end of the day you're still out of the sandbox you're defining. Syntax does add to complexity in this sense, and it is the price of using Rust.
0
0
0
@vbabka It has also a slightly different goal if I got it right. i do emulation and cocoon-tpm does production (in an enclave or whatever SEV VM workloads are called). they could find possibly tpm2-protocol crate useful tho as it is an isolated binariy parser (no IO or similar ties, requires only stack).
It's good to keep this project in mind tho. I mean probably there is a meningful intersection of code eventually. Just get things going on I'll take max redundancy path for the time being :-) Probably a bunch of projects would benefit a common emulator core (in SGX, TDX enclaves for instance and what-TEE-not).
It's good to keep this project in mind tho. I mean probably there is a meningful intersection of code eventually. Just get things going on I'll take max redundancy path for the time being :-) Probably a bunch of projects would benefit a common emulator core (in SGX, TDX enclaves for instance and what-TEE-not).
0
0
1