Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S934862AbcCJC5c (ORCPT <rfc822;w@1wt.eu>);
	Wed, 9 Mar 2016 21:57:32 -0500
Received: from mail-ob0-f181.google.com ([209.85.214.181]:34087 "EHLO
	mail-ob0-f181.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S933445AbcCJC5Y (ORCPT
	<rfc822;linux-kernel@vger.kernel.org>);
	Wed, 9 Mar 2016 21:57:24 -0500
MIME-Version: 1.0
In-Reply-To: <56E0DD47.50208@linux.vnet.ibm.com>
References: <1457545170-30120-1-git-send-email-stefanb@linux.vnet.ibm.com>
 <1457545170-30120-9-git-send-email-stefanb@linux.vnet.ibm.com>
 <CALCETrXDfHRdFnqK15o1yD8106sn4e6Susr9j7=GGi4sb-p0qQ@mail.gmail.com> <56E0DD47.50208@linux.vnet.ibm.com>
From: Andy Lutomirski <luto@amacapital.net>
Date: Wed, 9 Mar 2016 18:57:04 -0800
Message-ID: <CALCETrWz8pir1o0Gj1FVsvojfmFb8XZRKfJWdS-A8R9SbudiRQ@mail.gmail.com>
Subject: Re: [PATCH v6 08/11] tpm: Driver for supporting multiple emulated TPMs
To: Stefan Berger <stefanb@linux.vnet.ibm.com>
Cc: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>,
        Jason Gunthorpe <jgunthorpe@obsidianresearch.com>,
        "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
        "linux-doc@vger.kernel.org" <linux-doc@vger.kernel.org>,
        Linux API <linux-api@vger.kernel.org>
Content-Type: text/plain; charset=UTF-8
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 1769
Lines: 43

On Wed, Mar 9, 2016 at 6:34 PM, Stefan Berger
<stefanb@linux.vnet.ibm.com> wrote:
> On 03/09/2016 01:01 PM, Andy Lutomirski wrote:
>>
>> On Wed, Mar 9, 2016 at 9:39 AM, Stefan Berger
>> <stefanb@linux.vnet.ibm.com> wrote:
>>>
>>> This patch implements a driver for supporting multiple emulated TPMs in a
>>> system.
>>>
>>> The driver implements a device /dev/vtpmx that is used to created
>>> a client device pair /dev/tpmX (e.g., /dev/tpm10) and a server side that
>>> is accessed using a file descriptor returned by an ioctl.
>>> The device /dev/tpmX is the usual TPM device created by the core TPM
>>> driver. Applications or kernel subsystems can send TPM commands to it
>>> and the corresponding server-side file descriptor receives these
>>> commands and delivers them to an emulated TPM.
>>
>> Nifty!
>>
>> Is anyone considering writing a modification or replacement of
>> trousers that creates claims the real tpm and exposes a vtpm that
>> handles multiplexing internally?  Does the vtpm driver intelligently
>> support multiple simultaneous clients?
>
>
> The vtpm driver allows to use an independent trousers instance in each
> container.
>
> Using the VTPM_NEW_DEV ioctl the container mgmt. stack can create a
> /dev/tpmX (X=0,1,2,...) device and a file descriptor. The file descriptor is
> passed to a vTPM instance, the /dev/tpmX is moved into the container,
> meaning a device with the same major/minor numbers is created in the
> container. This then allows each container to talk to an independent vTPM.
> The vTPM can either be 1.2 or 2.

What I meant was:

If two clients connect to the same vTPM slave node, can the master
program tell requests from the two clients apart?  If so, great!  If
not, then I'd consider that to be somewhat sad.

--Andy