[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH 1/4] vtpmmgr: add TPM group support



On 03/14/2014 12:40 PM, Ian Campbell wrote:
On Wed, 2014-03-12 at 14:41 -0400, Daniel De Graaf wrote:
This is a complete rewrite of the disk format and key hierarchy for the
[...]
  29 files changed, 5308 insertions(+), 2157 deletions(-)

You weren't joking ;-)

I'm not sure who is going to be able to sensibly review this stuff (not
just due to the size, but due to the required TPM knowledge).

What is the upgrade story here?

There is no direct upgrade supported from the previous vtpmmgr domain.
If an upgrade is needed, the incomplete verification of the vTPM's identity
can be used to request the 52-byte key blob from the old vtpmmgr and load
this blob into the new one.  Basically:

1. Start the old vtpmmgr
2. Create a vtpm backend in xenstore with the UUID of the target vTPM,
   referencing a gntalloc page of the migration application
3. Executevtpmmgr_LoadHashKey and save the returned key blob
4. Start the new vtpmmgr
5. Create a vtpm backend in xenstore with the UUID of the target vTPM,
   referencing a gntalloc page of the migration application
6. Execute vtpmmgr_SaveHashKey with the returned key blob
7. Start the new vTPM and let it load the restored key

The XSM policy must permit this migration; normally, the vtpmmgr domain
would not be permitted to map granted pages from any non-vtpm domain.
The TPM manager also has the ability to verify the kernel hash of the
vTPM to further restrict what updates are possible, but this is not
currently available (the hash reports require a V4V-like mechanism).

diff --git a/stubdom/vtpmmgr/README b/stubdom/vtpmmgr/README
index a70c1cc..f51ccf8 100644
--- a/stubdom/vtpmmgr/README
+++ b/stubdom/vtpmmgr/README

If you move this to docs somewhere then it will get published on xenbits
etc automagically -- which seems beneficial.

(or else if you want to set up some build system runes to pull stuff
from outside docs into the docs build that might work too)

I'll move the docs; there's no good reason to have them split them up
from the existing docs/misc/vtpm.txt.

I glanced through the rest and didn't spot anything, but that's hardly
surprising...

Ian.


--
Daniel De Graaf
National Security Agency

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.