|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH v3 0/5] QEMU:Xen stubdom vTPM for HVM virtual machine
> -----Original Message----- > From: Stefano Stabellini [mailto:stefano.stabellini@xxxxxxxxxxxxx] > Sent: Tuesday, January 20, 2015 1:53 AM > To: Stefano Stabellini > Cc: Xu, Quan; qemu-devel@xxxxxxxxxx; xen-devel@xxxxxxxxxxxxx; > lcapitulino@xxxxxxxxxx; eblake@xxxxxxxxxx; armbru@xxxxxxxxxx; > aliguori@xxxxxxxxxx; pbonzini@xxxxxxxxxx > Subject: Re: [PATCH v3 0/5] QEMU:Xen stubdom vTPM for HVM virtual machine > > On Mon, 19 Jan 2015, Stefano Stabellini wrote: > > Hi Quan, > > thanks for the update: this version is much much better than the > > previous one. > > > > I am not familiar enough with QAPI, HMP and TPM to review the first > > and the last patches though. > > I meant the first and the fourth. The last one is fine. > Stefano, Thanks, I appreciate your help. I will send out v4 ASAP. BTW, the XenStore will be modified as previous emails, which is mentioned and fed back From Xen community. For example: Domain 0: runs QEMU for guest A Domain 1: vtpmmgr Domain 2: vTPM for guest A Domain 3: HVM guest A I will design XenStore as following: ## XenStore >> ### local = "" domain = "" 0 = "" frontend = "" vtpm = "" 2 = "" 0 = "" backend = "/local/domain/2/backend/vtpm/0/0" backend-id = "2" state = "*" handle = "0" domain = "Domain3's name" ring-ref = "*" event-channel = "*" feature-protocol-v2 = "1" backend = "" qdisk = "" [...] console = "" vif = "" [...] 2 = "" [...] backend = "" vtpm = "" 0 = "" 0 = "" frontend = "/local/domain/0/frontend/vtpm/2/0" frontend-id = "0" ('0', frontend is running in Domain-0) [...] 3 = "" [...] device = "" (frontend device, the backend is running in QEMU/.etc) vkbd = "" [...] vif = "" [...] ## XenStore << ## Add [domain = "Domain3's name"] under /local/domain/0/frontend/vtpm/2/0. Then, 'xs_directory()' can help to find out which domain is the backend. It can be of low efficiency. -Quan > > > Cheers, > > > > Stefano > > > > > > On Tue, 30 Dec 2014, Quan Xu wrote: > > > *INTRODUCTION* > > > The goal of virtual Trusted Platform Module (vTPM) is to provide a TPM > functionality to virtual machines (Fedora, Ubuntu, Redhat, Windows .etc). This > allows programs to interact with a TPM in a virtual machine the same way they > interact with a TPM on the physical system. Each virtual machine gets its own > unique, emulated, software TPM. Each major component of vTPM is > implemented as a stubdom, providing secure separation guaranteed by the > hypervisor. > > > > > > The vTPM stubdom is a Xen mini-OS domain that emulates a TPM for the > virtual machine to use. It is a small wrapper around the Berlios TPM emulator. > TPM commands are passed from mini-os TPM backend driver. > > > > > > *ARCHITECTURE* > > > The architecture of stubdom vTPM for HVM virtual machine: > > > > > > +--------------------+ > > > | Windows/Linux DomU | ... > > > | | ^ | > > > | v | | > > > | Qemu tpm1.2 Tis | > > > | | ^ | > > > | v | | > > > | XenStubdoms backend| > > > +--------------------+ > > > | ^ > > > v | > > > +--------------------+ > > > | XenDevOps | > > > +--------------------+ > > > | ^ > > > v | > > > +--------------------+ > > > | mini-os/tpmback | > > > | | ^ | > > > | v | | > > > | vtpm-stubdom | ... > > > | | ^ | > > > | v | | > > > | mini-os/tpmfront | > > > +--------------------+ > > > | ^ > > > v | > > > +--------------------+ > > > | mini-os/tpmback | > > > | | ^ | > > > | v | | > > > | vtpmmgr-stubdom | > > > | | ^ | > > > | v | | > > > | mini-os/tpm_tis | > > > +--------------------+ > > > | ^ > > > v | > > > +--------------------+ > > > | Hardware TPM | > > > +--------------------+ > > > > > > > > > > > > * Windows/Linux DomU: > > > The HVM based guest that wants to use a vTPM. There may be > > > more than one of these. > > > > > > * Qemu tpm1.2 Tis: > > > Implementation of the tpm1.2 Tis interface for HVM virtual > > > machines. It is Qemu emulation device. > > > > > > * vTPM xenstubdoms driver: > > > Qemu vTPM driver. This driver provides vtpm initialization > > > and sending data and commends to a para-virtualized vtpm > > > stubdom. > > > > > > * XenDevOps: > > > Register Xen stubdom vTPM frontend driver, and transfer any > > > request/repond between TPM xenstubdoms driver and Xen vTPM > > > stubdom. Facilitate communications between Xen vTPM stubdom > > > and vTPM xenstubdoms driver. > > > > > > * mini-os/tpmback: > > > Mini-os TPM backend driver. The Linux frontend driver connects > > > to this backend driver to facilitate communications between the > > > Linux DomU and its vTPM. This driver is also used by vtpmmgr > > > stubdom to communicate with vtpm-stubdom. > > > > > > * vtpm-stubdom: > > > A mini-os stub domain that implements a vTPM. There is a > > > one to one mapping between running vtpm-stubdom instances and > > > logical vtpms on the system. The vTPM Platform Configuration > > > Registers (PCRs) are all initialized to zero. > > > > > > * mini-os/tpmfront: > > > Mini-os TPM frontend driver. The vTPM mini-os domain vtpm > > > stubdom uses this driver to communicate with vtpmmgr-stubdom. > > > This driver could also be used separately to implement a mini-os > > > domain that wishes to use a vTPM of its own. > > > > > > * vtpmmgr-stubdom: > > > A mini-os domain that implements the vTPM manager. There is only > > > one vTPM manager and it should be running during the entire lifetime > > > of the machine. vtpmmgr domain securely stores encryption keys for > > > each of the vtpms and accesses to the hardware TPM to get the root of > > > trust for the entire system. > > > > > > * mini-os/tpm_tis: > > > Mini-os TPM version 1.2 TPM Interface Specification (TIS) driver. > > > This driver used by vtpmmgr-stubdom to talk directly to the hardware > > > TPM. Communication is facilitated by mapping hardware memory pages > > > into vtpmmgr stubdom. > > > > > > * Hardware TPM: The physical TPM 1.2 that is soldered onto the > motherboard. > > > > > > --Changes in v3: > > > -New xen_frontend.c file > > > -Adjust the format of command line options > > > -Move xenbus_switch_state() to xen_frontend.c > > > -Move xen_stubdom_be() to xenstore_fe_read_be_str() > > > -Move *_stubdom_*() to *_fe_*() > > > -Move xen_stubdom_vtpm.c to xen_vtpm_frontend.c > > > -Read Xen vTPM status via XenStore > > > -Call vtpm_send() and vtpm_recv() directly. > > > > > > --Changes in v2: > > > -adding xen_fe_register() that handle any Xen PV frontend registration > > > -remove a private structure 'QEMUBH' > > > -change version number to 2.3 in qapi-schema.json > > > -move hw/xen/xen_stubdom_vtpm.c to > hw/tpm/xen_stubdom_vtpm.c > > > > > > Quan Xu (5): > > > Qemu-Xen-vTPM: Support for Xen stubdom vTPM command line options > > > Qemu-Xen-vTPM: Xen frontend driver infrastructure > > > Qemu-Xen-vTPM: Register Xen stubdom vTPM frontend driver > > > Qemu-Xen-vTPM: Qemu vTPM xenstubdoms backen. > > > Qemu-Xen-vTPM: QEMU machine class is initialized before tpm_init() > > > > > > configure | 14 ++ > > > hmp.c | 7 + > > > hw/tpm/Makefile.objs | 1 + > > > hw/tpm/tpm_xenstubdoms.c | 245 > ++++++++++++++++++++++++++++++++ > > > hw/tpm/xen_vtpm_frontend.c | 264 > +++++++++++++++++++++++++++++++++++ > > > hw/xen/Makefile.objs | 2 +- > > > hw/xen/xen_backend.c | 45 +++++- > > > hw/xen/xen_frontend.c | 323 > +++++++++++++++++++++++++++++++++++++++++++ > > > include/hw/xen/xen_backend.h | 19 +++ > > > include/hw/xen/xen_common.h | 6 + > > > qapi-schema.json | 19 ++- > > > qemu-options.hx | 13 +- > > > tpm.c | 7 +- > > > vl.c | 16 ++- > > > xen-hvm.c | 16 +++ > > > 15 files changed, 983 insertions(+), 14 deletions(-) create mode > > > 100644 hw/tpm/tpm_xenstubdoms.c create mode 100644 > > > hw/tpm/xen_vtpm_frontend.c create mode 100644 > hw/xen/xen_frontend.c > > > > > > -- > > > 1.8.3.2 > > > > > _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |