To protect the state, a user can use a secret to encrypt the state, which will make it more difficult for an administrator to extract secrets from the swtpm's state files but does not prevent the administrator from peeking into the running swtpm process. Whoever can access those files can extract its secrets. The persistent state the swtpm keeps is written into files and those are protected by file ownership and file access permission flags. When the swtpm process is running, process ownership governs who can peek into the process and find secrets there, by hooking gdb to it for example. Since the swtpm is fully implemented in software its security is not as strong as that of a hardware TPM. Mailing Listsįor announcements of swtpm releases and security issues, please subscribe to the swtpm-announce mailing list here.įor user discussions, please subscribe to the swtpm-user mailing list here.
Swtpm builds on top of libtpms that provides the TPM 1.2 and TPM 2 emulation. So far it has been integrated into QEMU and as a prototype into RunC ( PR). The goal of the swtpm project is to provide a TPM emulator (TPM 1.2 & TPM 2) that can be integrated into virtualized environments, such as virtual machines and containers.
