mirror of
https://chromium.googlesource.com/crosvm/crosvm
synced 2025-02-06 02:25:23 +00:00
43f8e21dd2
Gate the current software tpm device behind a crosvm flag called `--software-tpm`. When we get to leveraging the physical tpm, we will likely want that behind a separate `--hardware-tpm` flag that is automatically detected when the vm being launched is gLinux. Based on feedback from apronin: > Hm, long-term it may actually make sense to have software-tpm and > real-tpm-for-glinux as two separate run-time options and only enable > real-tpm-for-glinux for glinux. > > we want to protect guests from exploits, but we also want to limit > access to tpm for random guests. So, enterprises may set this to "no > TPM" for Linux images their employees run on their devices, so that > they don't get creative with trying to break TPM from inside those > images. BUG=chromium:911799 TEST=run TPM playground program inside crosvm with flag set TEST=confirm TPM playground does not run with flag unset Change-Id: I1bccf62be63d40203463623f43b1a6ee2d51f6c0 Reviewed-on: https://chromium-review.googlesource.com/1478377 Commit-Ready: David Tolnay <dtolnay@chromium.org> Tested-by: David Tolnay <dtolnay@chromium.org> Tested-by: kokoro <noreply+kokoro@google.com> Reviewed-by: Zach Reizner <zachr@chromium.org> |
||
|---|---|---|
| .. | ||
| plugin | ||
| argument.rs | ||
| linux.rs | ||
| main.rs | ||
| panic_hook.rs | ||