summary refs log tree commit diff
path: root/src/linux.rs
diff options
context:
space:
mode:
authorDavid Tolnay <dtolnay@chromium.org>2019-02-13 17:28:16 -0800
committerchrome-bot <chrome-bot@chromium.org>2019-02-21 06:29:41 -0800
commit43f8e21dd29af32a8937e22d5c5e135370934353 (patch)
treecefb217ef8ad1423ed097ba92f0757227502a4e2 /src/linux.rs
parent42e5fbd9f33eff538ac36fe0935e2973ede5c281 (diff)
downloadcrosvm-43f8e21dd29af32a8937e22d5c5e135370934353.tar
crosvm-43f8e21dd29af32a8937e22d5c5e135370934353.tar.gz
crosvm-43f8e21dd29af32a8937e22d5c5e135370934353.tar.bz2
crosvm-43f8e21dd29af32a8937e22d5c5e135370934353.tar.lz
crosvm-43f8e21dd29af32a8937e22d5c5e135370934353.tar.xz
crosvm-43f8e21dd29af32a8937e22d5c5e135370934353.tar.zst
crosvm-43f8e21dd29af32a8937e22d5c5e135370934353.zip
tpm: Runtime flag for software tpm device
Gate the current software tpm device behind a crosvm flag called
`--software-tpm`. When we get to leveraging the physical tpm, we will
likely want that behind a separate `--hardware-tpm` flag that is
automatically detected when the vm being launched is gLinux.

Based on feedback from apronin:

> Hm, long-term it may actually make sense to have software-tpm and
> real-tpm-for-glinux as two separate run-time options and only enable
> real-tpm-for-glinux for glinux.
>
> we want to protect guests from exploits, but we also want to limit
> access to tpm for random guests. So, enterprises may set this to "no
> TPM" for Linux images their employees run on their devices, so that
> they don't get creative with trying to break TPM from inside those
> images.

BUG=chromium:911799
TEST=run TPM playground program inside crosvm with flag set
TEST=confirm TPM playground does not run with flag unset

Change-Id: I1bccf62be63d40203463623f43b1a6ee2d51f6c0
Reviewed-on: https://chromium-review.googlesource.com/1478377
Commit-Ready: David Tolnay <dtolnay@chromium.org>
Tested-by: David Tolnay <dtolnay@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Zach Reizner <zachr@chromium.org>
Diffstat (limited to 'src/linux.rs')
-rw-r--r--src/linux.rs24
1 files changed, 13 insertions, 11 deletions
diff --git a/src/linux.rs b/src/linux.rs
index 0391f9d..2d6673d 100644
--- a/src/linux.rs
+++ b/src/linux.rs
@@ -312,17 +312,19 @@ fn create_virtio_devs(
 
     #[cfg(feature = "tpm")]
     {
-        let tpm_box = Box::new(devices::virtio::Tpm::new());
-        let tpm_jail = if cfg.multiprocess {
-            let policy_path = cfg.seccomp_policy_dir.join("tpm_device.policy");
-            Some(create_base_minijail(empty_root_path, &policy_path)?)
-        } else {
-            None
-        };
-        devs.push(VirtioDeviceStub {
-            dev: tpm_box,
-            jail: tpm_jail,
-        });
+        if cfg.software_tpm {
+            let tpm_box = Box::new(devices::virtio::Tpm::new());
+            let tpm_jail = if cfg.multiprocess {
+                let policy_path = cfg.seccomp_policy_dir.join("tpm_device.policy");
+                Some(create_base_minijail(empty_root_path, &policy_path)?)
+            } else {
+                None
+            };
+            devs.push(VirtioDeviceStub {
+                dev: tpm_box,
+                jail: tpm_jail,
+            });
+        }
     }
 
     if let Some(trackpad_spec) = cfg.virtio_trackpad {
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-05-03 09:38:18 +0000