|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] measuring guest boot process
On 18 March 2014 15:35, Daniel De Graaf <dgdegra@xxxxxxxxxxxxx> wrote: > On 03/17/2014 06:32 AM, Ian Campbell wrote: >> >> Daniel, >> >> Is what Aastha wants to do possible with the vtpm stuff? > > > Yes; most of it will work with Xen 4.3 and above for PV Linux. > > >> On Mon, 2014-03-17 at 09:31 +0100, Aastha Mehta wrote: >>> >>> On 11 March 2014 11:08, Ian Campbell <Ian.Campbell@xxxxxxxxxx> wrote: >>>> >>>> On Fri, 2014-03-07 at 13:26 +0100, Aastha Mehta wrote: >>>>> >>>>> I have a basic question regarding how to measure the guest boot >>>>> process. Is pv-grub an equivalent of trusted grub for guest domains? >>>>> Or is it possible to use trusted grub for the guest domains? If not, >>>>> what is the way to measure the guest boot process? > > > The pv-grub included in Xen 4.3 will send the kernel and initrd hashes > to a connected vTPM (PCRs 4 and 5; see commit d78dab3ec). HVM guests > currently do not have an equivalent capability; this would require > enabling TPM support in QEMU and the hvmloader/BIOS, and using either > trusted GRUB or (more complex but in theory possible) TBOOT in the guest. > > [...] > >>> I actually came across a paper that explains the design of vTPM and in >>> this case the authors implemented it in Xen >>> >>> (https://www.usenix.org/legacy/event/sec06/tech/full_papers/berger/berger.pdf). >>> In section 4.4, they have mentioned a "SetupInstance" management >>> command that seems to be for the same purpose that I mentioned. >>> "The SetupInstance command prepares a vTPM instance for immediate >>> usage by the corresponding virtual machine and extends PCRs with >>> measurements of the operating system kernel image and other ïles >>> involved in the boot process. This command is used for virtual >>> machines that boot without the support of a TPM-enabled BIOS and boot >>> loader, which would otherwise initialize the TPM and extend the TPM >>> PCRs with appropriate measurements." >>> >>> I am not sure if the vTPM design in Xen follows from this paper and if >>> there is an implementation of such a command available. > > > The vTPM design in Xen does not directly follow from this paper. A few > key differences: Xen's vTPM Manager is a separate domain and manages > keys for all vTPMs. The vTPM domains are not capable of creating other > vTPMs, but instead rely on the normal domain building process. > A vTPM in Xen does not get a report of the hash of the kernel in its > guest. Since you still need to trust domain 0 for guest measurements to > have any meaning, requiring that all guests be built using a trusted > pv-grub image is suitable as a basis for a trust chain from hardware to > a guest; the vTPM still contains the running kernel and initrd hashes. > > The introduction of a dedicated domain builder can allow domains to be > created without needing to trust the hardware domain in the creation > process. When using this service, the TPM Manager for Xen 4.5 can be > modified to accept kernel hashes from the domain builder in order to > verify the integrity of the vTPM domain and report the hash of a guest > to its vTPM when the vTPM requests it. These patches have not been > posted for inclusion in Xen 4.5 because the underlying communication > mechanism they use is not upstream (and V4V, the upstream counterpart, > has not yet been merged). > > -- > Daniel De Graaf > National Security Agency Thank you for the reply. Regards, Aastha. _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |