TPM passthrough

[fwoodruff-ab]

Is your feature request related to a problem? Please describe.
TPM passthrough would allow a PCS account holder with local hardware and an interposer, but no physical access to bare metal cloud infrastructure, to attest to firmware binaries.

Describe the solution you'd like
I tried passing this to Qemu:

-tpmdev passthrough,id=tpm0,path=/dev/tpm0 \
-device tpm-crb,tpmdev=tpm0 \

I get the error:

qemu-system-x86_64: -tpmdev passthrough,id=tpm0,path=/dev/tpm0: tpm_passthrough: Could not guess TPM cancel path

It seems like TDX doesn't support hardware TPM passthrough?
How can I securely enable TPM passthrough in TDX?

Additional context
N/A

System report
N/A

[syncronize-issues-to-jira]

Thank you for reporting your feedback to us!

The internal ticket has been created: https://warthogs.atlassian.net/browse/PEK-2387.

This message was autogenerated

[BFuhry]

The communication between a Trust Domain (TD) and a physical TPM is not secure. Thus, you should not use such a TPM. TD Quotes contains several measurement registers, e.g., MRTD and RTMRs, to attest various pieces of the boot stack. Exact details depend on your boot stack.

Related documents:

• Confidential Computing section in UEFI specitifaction
• Intel TDX Virtual Firmware Design Guide