KVM virtual TPM aka the "Universal Smartcard"

KVM has recently added virtualized TPM support. They can be very valuable from a security standpoint (and more trustworthy than hardware TPMs). A big thing is they can be used like virtual smartcards providing security like Qubes’ split-gpg but for more types of software keys like OpenSSH, OpenSSL and more.

To summarize in someone else’s words:

TPMs are useful as an alternative to key cards: they provide the same security against key theft and the same cryptographic protections. The main difference is that TPMs are universally present in every laptop, so they provide a simple and ubiquitous solution to key security. The only real downside is that unlike key cards, TPM protected keys cannot be transferred between laptops, you must instead keep an offline backup copy of the key can then be transferred to the TPM of any new laptop.

The way TPM protection works is slightly different from key cards.
Instead of moving the key inside the card, the TPM converts any given key to a TPM specific representation (meaning it’s encrypted by a special key that only the TPM possesses). The TPM represenation must be stored offline somewhere and if it is lost, so is the protected key.

The way I implemented this is to use the TPM to convert the key to
protected representation and then store it in the shadow_info of a
shadowed-private-key using a shadow type of tpm2-v1. The TPM can handle an arbitrary number of keys, but the price is the shadow_info stores the keys and must be preserved.


Patches for GPG support for TPMs has been submitted but I have yet to see what happened. Needs following up for sure so it can make it before the next freeze hopefully.

To be done:

  • How to secure OpenSSH keys
  • Suggesting Tor supports this for Onion service keys and even session key material if TPM detected.

Contents of TPM can be encrypted in the libvirt version in Bullseye.


This nifty code supports the major applications on TPM 2


* OpenSSH Client (SSH key in TPM)
* Firefox (Private key of Client certificate in TPM)
* GnuPG using gnupg-pkcs11-scd (PGP key in TPM)
1 Like

How so?

Hopefully the average cryptomessenger too?

Hardware TPMs come with their own secret keys burned into the chip from the factory. If they collude with states or are infiltrated then these private keys are considered compromised. There is no way I can trust the crypto engine’s RNG on these things as these can be silently compromised and there is no way to find out unlike other security exploits. As QEMU’s hardware is an open implementation it has a chance of being properly vetted and being easily fixed in case of a vuln more than a hardware chip can be. The Infineon TPM debacle makes a case for this.

A software TPM can be easily updated to support more modern encryption algos which is not the case for laptops that have chips with the 1.2 spec where they are limited to SHA1 and can’t be upgraded without changing the hardware.

Note that physical access is out of scope here, but I would never rely on the physical chip to store secrets because they can be cracked by those who get their hands on the machine.

If they natively support TPMs then yes it can happen. Adam Langley’s asynchronous messenger over Tor “Pond” was designed to make use of TPMs. Without their explicit support, the software package I found can in theory be extended to support other programs though I’m not sure if they must support the PKCS#11 standard or not.

[Imprint] [Privacy Policy] [Cookie Policy] [Terms of Use] [E-Sign Consent] [DMCA] [Investors] [Priority Support] [Professional Support]