Re: [PATCH v2 1/8] docs: documentation and schema for the new TPM Proxy model

On 5/13/20 12:45 PM, Stefan Berger wrote: [...] > > I think users need to understand that a pSeries guest will not > benefit from this but only a pSeries guest that is a secure virtual > machine that needs special hardware to run and where there is an > Ultravisor. Everyone would want more security for their pSeries > guest, especially if it comes for free. Unfortunately this is not the > case and one needs new hardware... > True. I propose this wording:           <span class="since">Since 6.4.0</span>, a new model called           <code>spapr-tpm-proxy</code> was added for pSeries guests. This model           only works with the 'passthrough' backend. It creates a TPM Proxy           device that communicates with an existing TPM Resource Manager in the host,           for example /dev/tpmrm0, to enable secure virtual machine support for the           guest with the help of an Ultravisor. Adding a TPM Proxy to a pSeries guest           brings no security benefits unless the guest is running in a PPC64 host that

          has Ultravisor support and access to a TPM Resource Manager. Only one TPM           Proxy device is allowed per guest, but a TPM Proxy device can be added together           with other TPM devices. If you agree, I'll use a similar text in the news.xml changes (patch 8/8) as well.

Thanks, DHB > >> >> >> Thanks, >> >> >> DHB > >