Incus supports adding vTPMs to containers and virtual machines, which I believe is implemented with swtpm. The docs mention two uses: securing certificates (the same way one would use a HSM) and for secure boot validation.
Another use would be for remote attestation – a container or VM could create a certificate on the TPM, then prove to an external party that the certificate was created by that TPM with certain properties. The trust model works by chaining everything up to the Endorsement Key, which is signed by the hardware vendor.
Because the TPM is virtual, there isn’t a hardware vendor cert for the TPM’s Endorsement Key to chain up to. But Incus could be configured with a certificate, and sign the EK of every vTPM it creates with that cert. This would allow an external party to believe that a VM created a key on the TPM, so long as it trusts Incus’s “TPM vendor cert”.
I wanted to know if this is able to be implemented, or if there is a gap in my understanding of the Incus tpm implementation that makes this impossible.
Should be possible. We could add config keys to the tpm device type to provide the signing certificate and key. Then if you want the same to apply to a bunch of VMs, you could use a profile.
In my personal view, the “vendor cert” wouldn’t be a part of an existing online PKI like step-ca. It should probably be offline, since creating a new Incus instance is not a common occurrence.
Instead, a properly provisioned vTPM would allow a container or VM use step-ca’s device-attest-01 challenge to obtain certificates from a step-ca instance. Those certs would be locked to the vTPM, so even if a full compromise of the VM occurred, the private key wouldn’t be leaked.