[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] measuring guest boot process


Is what Aastha wants to do possible with the vtpm stuff?

On Mon, 2014-03-17 at 09:31 +0100, Aastha Mehta wrote:
> On 11 March 2014 11:08, Ian Campbell <Ian.Campbell@xxxxxxxxxx> wrote:
> > On Fri, 2014-03-07 at 13:26 +0100, Aastha Mehta wrote:
> >> I have a basic question regarding how to measure the guest boot
> >> process. Is pv-grub an equivalent of trusted grub for guest domains?
> >> Or is it possible to use trusted grub for the guest domains? If not,
> >> what is the way to measure the guest boot process?
> >
> > TBH I'm not sure, and it probably depends what you mean by "trusted"
> > here.
> >
> > I suppose it might involve a vTPM?
> >
> > Ian.
> >
> Just as there is a process to establish the chain of trust on a
> physical machine, I would like to extend the chain of trust from the
> hypervisor (which is already measured on the physical TPM) to the
> guest domain and the vTPM used by the guest domain.
> On the physical machine, the hardware TPM first measures the BIOS
> before launching. The BIOS then measures and executes the MBR,  which
> in turn repeats the same steps for the grub and so on. There is a
> trusted GRUB project, which extends the standard grub for performing
> this chain of trust extension
> (http://projects.sirrix.com/trac/trustedgrub/wiki/Documentation).
> I understand that the paravirtualized guests in Xen do not have a BIOS
> and bootloader, so there is nothing to measure there. But what I would
> like to do is the following -
> When I create a vtpm domain and a guest domain to use that vtpm, I
> would measure the kernel and the initrd image used for the guest and
> extend the measurement into the PCR of the vTPM. This will have to be
> done in the dom0, which is creating the vtpm and the guest. Once this
> is done, the guest can continue booting.
> I actually came across a paper that explains the design of vTPM and in
> this case the authors implemented it in Xen
> (https://www.usenix.org/legacy/event/sec06/tech/full_papers/berger/berger.pdf).
> In section 4.4, they have mentioned a "SetupInstance" management
> command that seems to be for the same purpose that I mentioned.
> "The SetupInstance command prepares a vTPM instance for immediate
> usage by the corresponding virtual machine and extends PCRs with
> measurements of the operating system kernel image and other ïles
> involved in the boot process. This command is used for virtual
> machines that boot without the support of a TPM-enabled BIOS and boot
> loader, which would otherwise initialize the TPM and extend the TPM
> PCRs with appropriate measurements."
> I am not sure if the vTPM design in Xen follows from this paper and if
> there is an implementation of such a command available.
> Apologies if I am vague, I am still trying to understand these things.
> Thanks and regards,
> Aastha.

Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.