Xen project Mailing List

Re: [Xen-devel] measuring guest boot process

To: Aastha Mehta <aasthakm@xxxxxxxxx>, Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>

From: Ian Campbell <Ian.Campbell@xxxxxxxxxx>

Date: Mon, 17 Mar 2014 10:32:16 +0000

Delivery-date: Mon, 17 Mar 2014 10:32:28 +0000

List-id: Xen developer discussion <xen-devel.lists.xen.org>

Daniel, Is what Aastha wants to do possible with the vtpm stuff? On Mon, 2014-03-17 at 09:31 +0100, Aastha Mehta wrote: > On 11 March 2014 11:08, Ian Campbell <Ian.Campbell@xxxxxxxxxx> wrote: > > On Fri, 2014-03-07 at 13:26 +0100, Aastha Mehta wrote: > >> I have a basic question regarding how to measure the guest boot > >> process. Is pv-grub an equivalent of trusted grub for guest domains? > >> Or is it possible to use trusted grub for the guest domains? If not, > >> what is the way to measure the guest boot process? > > > > TBH I'm not sure, and it probably depends what you mean by "trusted" > > here. > > > > I suppose it might involve a vTPM? > > > > Ian. > > > > Just as there is a process to establish the chain of trust on a > physical machine, I would like to extend the chain of trust from the > hypervisor (which is already measured on the physical TPM) to the > guest domain and the vTPM used by the guest domain. > > On the physical machine, the hardware TPM first measures the BIOS > before launching. The BIOS then measures and executes the MBR, which > in turn repeats the same steps for the grub and so on. There is a > trusted GRUB project, which extends the standard grub for performing > this chain of trust extension > (http://projects.sirrix.com/trac/trustedgrub/wiki/Documentation). > > I understand that the paravirtualized guests in Xen do not have a BIOS > and bootloader, so there is nothing to measure there. But what I would > like to do is the following - > > When I create a vtpm domain and a guest domain to use that vtpm, I > would measure the kernel and the initrd image used for the guest and > extend the measurement into the PCR of the vTPM. This will have to be > done in the dom0, which is creating the vtpm and the guest. Once this > is done, the guest can continue booting. > > I actually came across a paper that explains the design of vTPM and in > this case the authors implemented it in Xen > (https://www.usenix.org/legacy/event/sec06/tech/full_papers/berger/berger.pdf). > In section 4.4, they have mentioned a "SetupInstance" management > command that seems to be for the same purpose that I mentioned. > "The SetupInstance command prepares a vTPM instance for immediate > usage by the corresponding virtual machine and extends PCRs with > measurements of the operating system kernel image and other ïles > involved in the boot process. This command is used for virtual > machines that boot without the support of a TPM-enabled BIOS and boot > loader, which would otherwise initialize the TPM and extend the TPM > PCRs with appropriate measurements." > > I am not sure if the vTPM design in Xen follows from this paper and if > there is an implementation of such a command available. > > Apologies if I am vague, I am still trying to understand these things. > > Thanks and regards, > Aastha. _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.