Xen project Mailing List

[Xen-changelog] [xen master] docs/vtpm: explain dom0 physical TPM access caveats

Date: Fri, 14 Mar 2014 22:04:37 +0000

Delivery-date: Fri, 14 Mar 2014 22:04:42 +0000

List-id: "Change log for Mercurial \(receive only\)" <xen-changelog.lists.xen.org>

commit 2fb930dd374669a7618cd79998975201fc31c745 Author: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx> AuthorDate: Wed Mar 12 10:37:40 2014 -0400 Commit: Ian Campbell <ian.campbell@xxxxxxxxxx> CommitDate: Fri Mar 14 11:00:20 2014 +0000 docs/vtpm: explain dom0 physical TPM access caveats Signed-off-by: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx> Acked-by: Ian Campbell <ian.campbell@xxxxxxxxxx> --- docs/misc/vtpm.txt | 22 ++++++++++++++++++---- 1 files changed, 18 insertions(+), 4 deletions(-) diff --git a/docs/misc/vtpm.txt b/docs/misc/vtpm.txt index df1dfae..d20b424 100644 --- a/docs/misc/vtpm.txt +++ b/docs/misc/vtpm.txt @@ -120,10 +120,24 @@ the stubdom tree. Compiling the LINUX dom0 kernel: -------------------------------- -The Linux dom0 kernel should not try accessing the TPM while the vTPM -Manager domain is accessing it; the simplest way to accomplish this is -to ensure the kernel is compiled without a driver for the TPM, or avoid -loading the driver by blacklisting the module. +Because the TPM manager uses direct access to the physical TPM, it may interfere +with access to the TPM by dom0. The simplest solution for this is to prevent +dom0 from accessing the physical TPM by compiling the kernel without a driver or +blacklisting the module. If dom0 needs a TPM but does not need to use it during +the boot process (i.e. it is not using IMA), a virtual TPM can be attached to +dom0 after the system is booted. + +Because the TPM manager does not yet accept requests for deep quotes, if a quote +or other request needs to be fulfilled by the physical TPM, dom0 will need to +access the physical TPM. In order to prevent interference, the TPM Manager and +dom0 should use different values for the TPM's locality; since Linux always uses +locality 0, using locality 2 for the TPM Manager is recommended. If both Linux +and the TPM Manager attempt to access the TPM at the same time, the TPM device +will return a busy status; some applications will consider this a fatal error +instead of retrying the command at a later time. If a vTPM gets an error when +loading its key, it will currently generate a fresh vTPM image (with a new EK, +SRK, and blank NVRAM). + Compiling the LINUX domU kernel: -------------------------------- -- generated by git-patchbot for /home/xen/git/xen.git#master _______________________________________________ Xen-changelog mailing list Xen-changelog@xxxxxxxxxxxxx http://lists.xensource.com/xen-changelog

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.