[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH 2/4] vtpm: passthru requests to manager

On Fri, 2014-03-14 at 16:30 -0400, Daniel De Graaf wrote:
> On 03/14/2014 12:48 PM, Ian Campbell wrote:
> > On Wed, 2014-03-12 at 14:41 -0400, Daniel De Graaf wrote:
> >> When sending commands to a vTPM, commands with the VTPM_TAG_REQ2 tag are
> >> passed directly to the TPM Manager since they are used in the management
> >> interface to the TPM Manager. The VTPM_TAG_REQ tag is translated to
> >> TPM_TAG_RQU_COMMAND to allow access to the physical TPM for certain
> >> ordinals (PCRRead, Extend, and GetRandom).
> >
> > Is this translation sufficient to prevent other types of access getting
> > passed through? (I presume the intention is not to let the guest access
> > arbitrary pTPM functionality)
> The restriction on what commands are actually passed down to the physical
> TPM is handled by the TPM Manager, not the vTPM.  Currently, only three
> commands are permitted for pass-through: GetRandom, PcrRead, and (only for
> a suitably privileged vTPM) Extend.


> >>
> >> Signed-off-by: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>

FWIW: Acked-by: Ian Campbell <ian.campbell@xxxxxxxxxx>

Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.