Add support for running an arbitrary chipset device in another process, and do so with the TPM#2466
Merged
smalis-msft merged 10 commits intomicrosoft:mainfrom Dec 19, 2025
Merged
Conversation
jstarks
reviewed
Nov 20, 2025
jstarks
reviewed
Nov 20, 2025
This comment was marked as outdated.
This comment was marked as outdated.
jstarks
reviewed
Nov 20, 2025
jstarks
reviewed
Nov 20, 2025
smalis-msft
force-pushed
the
dev-work
branch
7 times, most recently
from
82d0205 to
35c2b25
Compare
smalis-msft
changed the title
jstarks
reviewed
Dec 8, 2025
jstarks
reviewed
Dec 8, 2025
Contributor
There was a problem hiding this comment.
Pull request overview
This WIP PR introduces infrastructure to run chipset devices in isolated processes, with the TPM device as the initial use case. The implementation follows a worker/proxy pattern where a ChipsetDeviceProxy in the main process communicates with a RemoteChipsetDeviceWorker in a separate process via mesh channels. This provides process-level isolation for devices, enhancing security and fault tolerance.
Key changes:
- New
chipset_device_workercrate with proxy/worker/resolver pattern for remote device execution - Integration of TPM device to run in a separate process across OpenVMM, OpenHCL, and Petri test framework
- Mesh-based communication infrastructure for device operations (MMIO, PIO, PCI config space)
Reviewed changes
Copilot reviewed 20 out of 21 changed files in this pull request and generated 19 comments.
Show a summary per file
| File | Description |
|---|---|
| workers/chipset_device_worker/src/lib.rs | Core types for remote device communication (requests, responses, initialization) |
| workers/chipset_device_worker/src/worker.rs | Worker implementation that runs devices in separate process |
| workers/chipset_device_worker/src/proxy.rs | Client-side proxy forwarding device operations over channels |
| workers/chipset_device_worker/src/resolver.rs | Resource resolver for launching remote device workers |
| workers/chipset_device_worker/src/worker/configure.rs | Stub implementations for device configuration (all todo!()) |
| workers/chipset_device_worker/Cargo.toml | Dependencies for the new worker crate |
| petri/src/vm/openvmm/construct.rs | Integrate remote TPM device in Petri tests |
| petri/src/vm/openvmm/mod.rs | Add mesh host to Petri VM configuration |
| petri/src/vm/openvmm/start.rs | Thread mesh initialization through start sequence |
| petri/Cargo.toml | Add chipset_device_worker dependency |
| openvmm/openvmm_entry/src/lib.rs | Wrap TPM device with remote worker in OpenVMM |
| openvmm/openvmm_entry/Cargo.toml | Add chipset_device_worker dependency |
| openvmm/openvmm_resources/src/lib.rs | Register remote chipset device resolver and worker |
| openvmm/openvmm_resources/Cargo.toml | Add chipset_device_worker dependency |
| openhcl/underhill_core/src/worker.rs | Wrap TPM device with remote worker in OpenHCL |
| openhcl/underhill_core/src/dispatch/mod.rs | Add device_mesh to LoadedVm state |
| openhcl/underhill_core/Cargo.toml | Add chipset_device_worker dependency |
| openhcl/openvmm_hcl_resources/src/lib.rs | Register remote chipset device resolver and worker |
| openhcl/openvmm_hcl_resources/Cargo.toml | Add chipset_device_worker dependency |
| Cargo.toml | Add chipset_device_worker to workspace |
| Cargo.lock | Lock file updates for new dependencies |
jstarks
reviewed
Dec 8, 2025
|
This PR modifies files containing For more on why we check whole files, instead of just diffs, check out the Rustonomicon |
smalis-msft
added
the
release-ci-required
jstarks
reviewed
Dec 15, 2025
jstarks
reviewed
Dec 15, 2025
jstarks
reviewed
Dec 15, 2025
jstarks
reviewed
Dec 15, 2025
jstarks
reviewed
Dec 15, 2025
jstarks
reviewed
Dec 15, 2025
jstarks
reviewed
Dec 15, 2025
jstarks
reviewed
Dec 15, 2025
smalis-msft
force-pushed
the
dev-work
branch
from
0f90dda to
9fc8974
Compare
jstarks
reviewed
Dec 19, 2025
jstarks
approved these changes
Dec 19, 2025
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Package the required resources into MeshPayloads, send them into a new process, and build the device there. Then proxy across any IOs and memory accesses.