diff options
author | David Tolnay <dtolnay@chromium.org> | 2019-02-13 17:28:16 -0800 |
---|---|---|
committer | chrome-bot <chrome-bot@chromium.org> | 2019-02-21 06:29:41 -0800 |
commit | 43f8e21dd29af32a8937e22d5c5e135370934353 (patch) | |
tree | cefb217ef8ad1423ed097ba92f0757227502a4e2 /src | |
parent | 42e5fbd9f33eff538ac36fe0935e2973ede5c281 (diff) | |
download | crosvm-43f8e21dd29af32a8937e22d5c5e135370934353.tar crosvm-43f8e21dd29af32a8937e22d5c5e135370934353.tar.gz crosvm-43f8e21dd29af32a8937e22d5c5e135370934353.tar.bz2 crosvm-43f8e21dd29af32a8937e22d5c5e135370934353.tar.lz crosvm-43f8e21dd29af32a8937e22d5c5e135370934353.tar.xz crosvm-43f8e21dd29af32a8937e22d5c5e135370934353.tar.zst crosvm-43f8e21dd29af32a8937e22d5c5e135370934353.zip |
tpm: Runtime flag for software tpm device
Gate the current software tpm device behind a crosvm flag called `--software-tpm`. When we get to leveraging the physical tpm, we will likely want that behind a separate `--hardware-tpm` flag that is automatically detected when the vm being launched is gLinux. Based on feedback from apronin: > Hm, long-term it may actually make sense to have software-tpm and > real-tpm-for-glinux as two separate run-time options and only enable > real-tpm-for-glinux for glinux. > > we want to protect guests from exploits, but we also want to limit > access to tpm for random guests. So, enterprises may set this to "no > TPM" for Linux images their employees run on their devices, so that > they don't get creative with trying to break TPM from inside those > images. BUG=chromium:911799 TEST=run TPM playground program inside crosvm with flag set TEST=confirm TPM playground does not run with flag unset Change-Id: I1bccf62be63d40203463623f43b1a6ee2d51f6c0 Reviewed-on: https://chromium-review.googlesource.com/1478377 Commit-Ready: David Tolnay <dtolnay@chromium.org> Tested-by: David Tolnay <dtolnay@chromium.org> Tested-by: kokoro <noreply+kokoro@google.com> Reviewed-by: Zach Reizner <zachr@chromium.org>
Diffstat (limited to 'src')
-rw-r--r-- | src/linux.rs | 24 | ||||
-rw-r--r-- | src/main.rs | 7 |
2 files changed, 20 insertions, 11 deletions
diff --git a/src/linux.rs b/src/linux.rs index 0391f9d..2d6673d 100644 --- a/src/linux.rs +++ b/src/linux.rs @@ -312,17 +312,19 @@ fn create_virtio_devs( #[cfg(feature = "tpm")] { - let tpm_box = Box::new(devices::virtio::Tpm::new()); - let tpm_jail = if cfg.multiprocess { - let policy_path = cfg.seccomp_policy_dir.join("tpm_device.policy"); - Some(create_base_minijail(empty_root_path, &policy_path)?) - } else { - None - }; - devs.push(VirtioDeviceStub { - dev: tpm_box, - jail: tpm_jail, - }); + if cfg.software_tpm { + let tpm_box = Box::new(devices::virtio::Tpm::new()); + let tpm_jail = if cfg.multiprocess { + let policy_path = cfg.seccomp_policy_dir.join("tpm_device.policy"); + Some(create_base_minijail(empty_root_path, &policy_path)?) + } else { + None + }; + devs.push(VirtioDeviceStub { + dev: tpm_box, + jail: tpm_jail, + }); + } } if let Some(trackpad_spec) = cfg.virtio_trackpad { diff --git a/src/main.rs b/src/main.rs index d0c1e7d..4965deb 100644 --- a/src/main.rs +++ b/src/main.rs @@ -116,6 +116,7 @@ pub struct Config { multiprocess: bool, seccomp_policy_dir: PathBuf, gpu: bool, + software_tpm: bool, cras_audio: bool, null_audio: bool, virtio_trackpad: Option<TrackpadOption>, @@ -146,6 +147,7 @@ impl Default for Config { tap_fd: Vec::new(), cid: None, gpu: false, + software_tpm: false, wayland_socket_path: None, wayland_dmabuf: false, shared_dirs: Vec::new(), @@ -518,6 +520,9 @@ fn set_argument(cfg: &mut Config, name: &str, value: Option<&str>) -> argument:: "gpu" => { cfg.gpu = true; } + "software-tpm" => { + cfg.software_tpm = true; + } "trackpad" => { if cfg.virtio_trackpad.is_some() { return Err(argument::Error::TooManyArguments( @@ -629,6 +634,8 @@ fn run_vm(args: std::env::Args) -> std::result::Result<(), ()> { "File descriptor for configured tap device. A different virtual network card will be added each time this argument is given."), #[cfg(feature = "gpu")] Argument::flag("gpu", "(EXPERIMENTAL) enable virtio-gpu device"), + #[cfg(feature = "tpm")] + Argument::flag("software-tpm", "enable a software emulated trusted platform module device"), Argument::value("evdev", "PATH", "Path to an event device node. The device will be grabbed (unusable from the host) and made available to the guest with the same configuration it shows on the host"), Argument::value("trackpad", "PATH:WIDTH:HEIGHT", "Path to a socket from where to read trackpad input events and write status updates to, optionally followed by screen width and height (defaults to 800x1280)."), Argument::value("mouse", "PATH", "Path to a socket from where to read mouse input events and write status updates to."), |