Xen project Mailing List

Re: [Xen-devel] [PATCH 1/4] vtpmmgr: add TPM group support

To: Ian Campbell <Ian.Campbell@xxxxxxxxxx>

From: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>

Date: Fri, 14 Mar 2014 16:45:10 -0400

Delivery-date: Fri, 14 Mar 2014 20:46:17 +0000

List-id: Xen developer discussion <xen-devel.lists.xen.org>

On 03/14/2014 12:40 PM, Ian Campbell wrote:

On Wed, 2014-03-12 at 14:41 -0400, Daniel De Graaf wrote:

This is a complete rewrite of the disk format and key hierarchy for the

[...]

  29 files changed, 5308 insertions(+), 2157 deletions(-)


You weren't joking ;-)

I'm not sure who is going to be able to sensibly review this stuff (not
just due to the size, but due to the required TPM knowledge).

What is the upgrade story here?

There is no direct upgrade supported from the previous vtpmmgr domain. If an upgrade is needed, the incomplete verification of the vTPM's identity can be used to request the 52-byte key blob from the old vtpmmgr and load this blob into the new one. Basically: 1. Start the old vtpmmgr 2. Create a vtpm backend in xenstore with the UUID of the target vTPM, referencing a gntalloc page of the migration application 3. Executevtpmmgr_LoadHashKey and save the returned key blob 4. Start the new vtpmmgr 5. Create a vtpm backend in xenstore with the UUID of the target vTPM, referencing a gntalloc page of the migration application 6. Execute vtpmmgr_SaveHashKey with the returned key blob 7. Start the new vTPM and let it load the restored key The XSM policy must permit this migration; normally, the vtpmmgr domain would not be permitted to map granted pages from any non-vtpm domain. The TPM manager also has the ability to verify the kernel hash of the vTPM to further restrict what updates are possible, but this is not currently available (the hash reports require a V4V-like mechanism).

diff --git a/stubdom/vtpmmgr/README b/stubdom/vtpmmgr/README
index a70c1cc..f51ccf8 100644
--- a/stubdom/vtpmmgr/README
+++ b/stubdom/vtpmmgr/README


If you move this to docs somewhere then it will get published on xenbits
etc automagically -- which seems beneficial.

(or else if you want to set up some build system runes to pull stuff
from outside docs into the docs build that might work too)

I'll move the docs; there's no good reason to have them split them up from the existing docs/misc/vtpm.txt.

I glanced through the rest and didn't spot anything, but that's hardly
surprising...

Ian.

-- Daniel De Graaf National Security Agency _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.