docs: Warn about incomplete vtpmmgr TPM 2.0 support

The vtpmmgr TPM 2.0 support is incomplete. Add a warning about that to the documentation so others don't have to work through discovering it is broken. Signed-off-by: Jason Andryuk <jandryuk@gmail.com> Acked-by: Andrew Cooper <andrew.cooper3@citrix.com> Reviewed-by: Daniel P. Smith <dpsmith@apertussolutions.com>
author: Jason Andryuk <jandryuk@gmail.com> 2021-05-06 09:59:11 -0400
committer: Andrew Cooper <andrew.cooper3@citrix.com> 2021-05-07 19:50:50 +0100
commit: 93b2558fae83ab3a6a9b48c851d48ccf57be2298 (patch)
tree: b1a517c40c8becad639c4eaf62acc78cdd28febe /docs
parent: 27a4986d4fcd6a1bfdac9cafbce1a2f7a58f796e (diff)
1 files changed, 11 insertions, 0 deletions
diff --git a/docs/man/xen-vtpmmgr.7.pod b/docs/man/xen-vtpmmgr.7.pod
index af825a7ffe..875dcce508 100644
--- a/docs/man/xen-vtpmmgr.7.pod
+++ b/docs/man/xen-vtpmmgr.7.pod
@@ -222,6 +222,17 @@ XSM label, not the kernel.
 
 =head1 Appendix B: vtpmmgr on TPM 2.0
 
+=head2 WARNING: Incomplete - cannot persist data
+
+TPM 2.0 support for vTPM manager is incomplete.  There is no support for
+persisting an encryption key, so vTPM manager regenerates primary and secondary
+key handles each boot.
+
+Also, the vTPM manger group command implementation hardcodes TPM 1.2 commands.
+This means running manage-vtpmmgr.pl fails when the TPM 2.0 hardware rejects
+the TPM 1.2 commands.  vTPM manager with TPM 2.0 cannot create groups and
+therefore cannot persist vTPM contents.
+
 =head2 Manager disk image setup:
 
 The vTPM Manager requires a disk image to store its encrypted data. The image
author	Jason Andryuk <jandryuk@gmail.com>	2021-05-06 09:59:11 -0400
committer	Andrew Cooper <andrew.cooper3@citrix.com>	2021-05-07 19:50:50 +0100
commit	93b2558fae83ab3a6a9b48c851d48ccf57be2298 (patch)
tree	b1a517c40c8becad639c4eaf62acc78cdd28febe /docs
parent	27a4986d4fcd6a1bfdac9cafbce1a2f7a58f796e (diff)