summary refs log tree commit diff
path: root/src
diff options
context:
space:
mode:
authorDavid Tolnay <dtolnay@chromium.org>2019-02-13 17:28:16 -0800
committerchrome-bot <chrome-bot@chromium.org>2019-02-21 06:29:41 -0800
commit43f8e21dd29af32a8937e22d5c5e135370934353 (patch)
treecefb217ef8ad1423ed097ba92f0757227502a4e2 /src
parent42e5fbd9f33eff538ac36fe0935e2973ede5c281 (diff)
downloadcrosvm-43f8e21dd29af32a8937e22d5c5e135370934353.tar
crosvm-43f8e21dd29af32a8937e22d5c5e135370934353.tar.gz
crosvm-43f8e21dd29af32a8937e22d5c5e135370934353.tar.bz2
crosvm-43f8e21dd29af32a8937e22d5c5e135370934353.tar.lz
crosvm-43f8e21dd29af32a8937e22d5c5e135370934353.tar.xz
crosvm-43f8e21dd29af32a8937e22d5c5e135370934353.tar.zst
crosvm-43f8e21dd29af32a8937e22d5c5e135370934353.zip
tpm: Runtime flag for software tpm device
Gate the current software tpm device behind a crosvm flag called
`--software-tpm`. When we get to leveraging the physical tpm, we will
likely want that behind a separate `--hardware-tpm` flag that is
automatically detected when the vm being launched is gLinux.

Based on feedback from apronin:

> Hm, long-term it may actually make sense to have software-tpm and
> real-tpm-for-glinux as two separate run-time options and only enable
> real-tpm-for-glinux for glinux.
>
> we want to protect guests from exploits, but we also want to limit
> access to tpm for random guests. So, enterprises may set this to "no
> TPM" for Linux images their employees run on their devices, so that
> they don't get creative with trying to break TPM from inside those
> images.

BUG=chromium:911799
TEST=run TPM playground program inside crosvm with flag set
TEST=confirm TPM playground does not run with flag unset

Change-Id: I1bccf62be63d40203463623f43b1a6ee2d51f6c0
Reviewed-on: https://chromium-review.googlesource.com/1478377
Commit-Ready: David Tolnay <dtolnay@chromium.org>
Tested-by: David Tolnay <dtolnay@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Zach Reizner <zachr@chromium.org>
Diffstat (limited to 'src')
-rw-r--r--src/linux.rs24
-rw-r--r--src/main.rs7
2 files changed, 20 insertions, 11 deletions
diff --git a/src/linux.rs b/src/linux.rs
index 0391f9d..2d6673d 100644
--- a/src/linux.rs
+++ b/src/linux.rs
@@ -312,17 +312,19 @@ fn create_virtio_devs(
 
     #[cfg(feature = "tpm")]
     {
-        let tpm_box = Box::new(devices::virtio::Tpm::new());
-        let tpm_jail = if cfg.multiprocess {
-            let policy_path = cfg.seccomp_policy_dir.join("tpm_device.policy");
-            Some(create_base_minijail(empty_root_path, &policy_path)?)
-        } else {
-            None
-        };
-        devs.push(VirtioDeviceStub {
-            dev: tpm_box,
-            jail: tpm_jail,
-        });
+        if cfg.software_tpm {
+            let tpm_box = Box::new(devices::virtio::Tpm::new());
+            let tpm_jail = if cfg.multiprocess {
+                let policy_path = cfg.seccomp_policy_dir.join("tpm_device.policy");
+                Some(create_base_minijail(empty_root_path, &policy_path)?)
+            } else {
+                None
+            };
+            devs.push(VirtioDeviceStub {
+                dev: tpm_box,
+                jail: tpm_jail,
+            });
+        }
     }
 
     if let Some(trackpad_spec) = cfg.virtio_trackpad {
diff --git a/src/main.rs b/src/main.rs
index d0c1e7d..4965deb 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -116,6 +116,7 @@ pub struct Config {
     multiprocess: bool,
     seccomp_policy_dir: PathBuf,
     gpu: bool,
+    software_tpm: bool,
     cras_audio: bool,
     null_audio: bool,
     virtio_trackpad: Option<TrackpadOption>,
@@ -146,6 +147,7 @@ impl Default for Config {
             tap_fd: Vec::new(),
             cid: None,
             gpu: false,
+            software_tpm: false,
             wayland_socket_path: None,
             wayland_dmabuf: false,
             shared_dirs: Vec::new(),
@@ -518,6 +520,9 @@ fn set_argument(cfg: &mut Config, name: &str, value: Option<&str>) -> argument::
         "gpu" => {
             cfg.gpu = true;
         }
+        "software-tpm" => {
+            cfg.software_tpm = true;
+        }
         "trackpad" => {
             if cfg.virtio_trackpad.is_some() {
                 return Err(argument::Error::TooManyArguments(
@@ -629,6 +634,8 @@ fn run_vm(args: std::env::Args) -> std::result::Result<(), ()> {
                           "File descriptor for configured tap device. A different virtual network card will be added each time this argument is given."),
           #[cfg(feature = "gpu")]
           Argument::flag("gpu", "(EXPERIMENTAL) enable virtio-gpu device"),
+          #[cfg(feature = "tpm")]
+          Argument::flag("software-tpm", "enable a software emulated trusted platform module device"),
           Argument::value("evdev", "PATH", "Path to an event device node. The device will be grabbed (unusable from the host) and made available to the guest with the same configuration it shows on the host"),
           Argument::value("trackpad", "PATH:WIDTH:HEIGHT", "Path to a socket from where to read trackpad input events and write status updates to, optionally followed by screen width and height (defaults to 800x1280)."),
           Argument::value("mouse", "PATH", "Path to a socket from where to read mouse input events and write status updates to."),
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-05-17 20:11:17 +0000