[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH 0/4] vtpm{,mgr}: TPM groups and deep quotes

On 03/14/2014 12:50 PM, Ian Campbell wrote:
On Wed, 2014-03-12 at 14:41 -0400, Daniel De Graaf wrote:
This is an updated vTPM Manager domain which adds support for using the
physical TPM to protect vTPM secrets according to its PCR values, and to
allow virtual machines (including dom0) to attest to both the platform's
state and to their own state.  The commit message for the first patch
contains more details.

[PATCH 1/4] vtpmmgr: add TPM group support
[PATCH 2/4] vtpm: passthru requests to manager
[PATCH 3/4] vtpm: add ordinal for obtaining an EK signature
[PATCH 4/4] vtpm: Deep Quote support

I wonder who would be able to review this sensibly? Unless you want to
nominate someone who you think should ack it before it goes in then I'm
inclined to give it my "I've glanced at this Ack" and commit it (subject
to the very superficial comments I've made, which barely even count as

Unless there are any objections to that I'll do so next week.


I will post an updated version of the first patch with docs moved and
with some sample scripts.  There are also currently two follow-up
patches pending which I (or the author) will be posting when the author
is able to confirm their Signed-off-by; they address some issues where
real TPMs don't exactly conform to the TPM specification.

The two support scripts that I plan to add are:
The first is a management script used for provisioning and managing
vTPMs, which needs to be run in the management domain.  The second is a
back-end configuration approval script that should be part of the
attestation and upgrade approval infrastructure for the host of a vTPM.
Is tools the proper location for adding these scripts?

Daniel De Graaf
National Security Agency

Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.