|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [v9 00/19] QEMU:Xen stubdom vTPM for HVM virtual machine(QEMU Part)
Hi Quan, thanks for CC'ing me. sstabellini@xxxxxxxxxx is the right address to reach me now. I am also CC'ing Anthony Perard who is Xen co-maintainer in QEMU. Cheers, Stefano On Wed, 13 Jul 2016, Xu, Quan wrote: > Emil, Thanks for your effort ( today I just come back to return my laptop). > > btw, sstabellini@xxxxxxxxxx may be the right email. > Stefan / Stefano, could you help us review these patches? Thanks in > advance!! > > Quan > > > On July 10, 2016 7:48 PM, Emil Condrea <emilcondrea@xxxxxxxxx> wrote: > > *INTRODUCTION* > > The goal of virtual Trusted Platform Module (vTPM) is to provide a TPM > > functionality to virtual machines (Fedora, Ubuntu, Redhat, Windows .etc). > > This allows programs to interact with a TPM in a virtual machine the same > > way > > they interact with a TPM on the physical system. Each virtual machine gets > > its > > own unique, emulated, software TPM. Each major component of vTPM is > > implemented as a stubdom, providing secure separation guaranteed by the > > hypervisor. > > > > The vTPM stubdom is a Xen mini-OS domain that emulates a TPM for the > > virtual machine to use. It is a small wrapper around the Berlios TPM > > emulator. > > TPM commands are passed from mini-os TPM backend driver. > > > > *ARCHITECTURE* > > The architecture of stubdom vTPM for HVM virtual machine: > > > > +--------------------+ > > | Windows/Linux DomU | ... > > | | ^ | > > | v | | > > | Qemu tpm1.2 Tis | > > | | ^ | > > | v | | > > | XenStubdoms backend| > > +--------------------+ > > | ^ > > v | > > +--------------------+ > > | XenDevOps | > > +--------------------+ > > | ^ > > v | > > +--------------------+ > > | mini-os/tpmback | > > | | ^ | > > | v | | > > | vtpm-stubdom | ... > > | | ^ | > > | v | | > > | mini-os/tpmfront | > > +--------------------+ > > | ^ > > v | > > +--------------------+ > > | mini-os/tpmback | > > | | ^ | > > | v | | > > | vtpmmgr-stubdom | > > | | ^ | > > | v | | > > | mini-os/tpm_tis | > > +--------------------+ > > | ^ > > v | > > +--------------------+ > > | Hardware TPM | > > +--------------------+ > > > > * Windows/Linux DomU: > > The HVM based guest that wants to use a vTPM. There may be > > more than one of these. > > > > * Qemu tpm1.2 Tis: > > Implementation of the tpm1.2 Tis interface for HVM virtual > > machines. It is Qemu emulation device. > > > > * vTPM xenstubdoms driver: > > Qemu vTPM driver. This driver provides vtpm initialization > > and sending data and commends to a para-virtualized vtpm > > stubdom. > > > > * XenDevOps: > > Register Xen stubdom vTPM frontend driver, and transfer any > > request/repond between TPM xenstubdoms driver and Xen vTPM > > stubdom. Facilitate communications between Xen vTPM stubdom > > and vTPM xenstubdoms driver. > > > > * mini-os/tpmback: > > Mini-os TPM backend driver. The Linux frontend driver connects > > to this backend driver to facilitate communications between the > > Linux DomU and its vTPM. This driver is also used by vtpmmgr > > stubdom to communicate with vtpm-stubdom. > > > > * vtpm-stubdom: > > A mini-os stub domain that implements a vTPM. There is a > > one to one mapping between running vtpm-stubdom instances and > > logical vtpms on the system. The vTPM Platform Configuration > > Registers (PCRs) are all initialized to zero. > > > > * mini-os/tpmfront: > > Mini-os TPM frontend driver. The vTPM mini-os domain vtpm > > stubdom uses this driver to communicate with vtpmmgr-stubdom. > > This driver could also be used separately to implement a mini-os > > domain that wishes to use a vTPM of its own. > > > > * vtpmmgr-stubdom: > > A mini-os domain that implements the vTPM manager. There is only > > one vTPM manager and it should be running during the entire lifetime > > of the machine. vtpmmgr domain securely stores encryption keys for > > each of the vtpms and accesses to the hardware TPM to get the root of > > trust for the entire system. > > > > * mini-os/tpm_tis: > > Mini-os TPM version 1.2 TPM Interface Specification (TIS) driver. > > This driver used by vtpmmgr-stubdom to talk directly to the hardware > > TPM. Communication is facilitated by mapping hardware memory pages > > into vtpmmgr stubdom. > > > > * Hardware TPM: The physical TPM 1.2 that is soldered onto the > > motherboard. > > > > --- > > Changes in v9 > > High level changes: (each patch has a detailed history versioning) > > * rebase on upstream qemu > > * refactor qemu xendevs, xenstore functions in order to be shared with both > > backend and frontends > > * convert tpm stubdoms to new qapi layout > > * use libxengnttab, libxenevtchn stable API instead of xc_* calls > > * added reset_tpm_established_flag and get_tpm_version for TPMDriverOps > > * instead of xen_frontend.c global variable xenstore_dev, use vtpm specific > > xenstore_vtpm_dev (since it will be needed just for tpm_xenstubdoms qemu > > driver) > > > > > > Emil Condrea (19): > > xen: Create a new file xen_pvdev.c > > xen: Create a new file xen_frontend.c > > xen: Move xenstore_update to xen_pvdev.c > > xen: Move evtchn functions to xen_pvdev.c > > xen: Prepare xendev qtail to be shared with frontends > > xen: Rename xen_be_printf to xen_pv_printf > > xen: Rename xen_be_unbind_evtchn > > xen: Rename xen_be_send_notify > > xen: Rename xen_be_evtchn_event > > xen: Rename xen_be_find_xendev > > xen: Rename xen_be_del_xendev > > xen: Rename xen_be_frontend_changed > > xen: Distinguish between frontend and backend devops > > Qemu-Xen-vTPM: Support for Xen stubdom vTPM command line options > > Qemu-Xen-vTPM: Xen frontend driver infrastructure > > Qemu-Xen-vTPM: Register Xen stubdom vTPM frontend driver > > Qemu-Xen-vTPM: Move tpm_passthrough_is_selftest() into tpm_util.c > > Qemu-Xen-vTPM: Qemu vTPM xenstubdoms backend > > Qemu-Xen-vTPM: QEMU machine class is initialized before tpm_init() > > > > backends/tpm.c | 11 ++ > > configure | 14 ++ > > hmp.c | 2 + > > hw/block/xen_disk.c | 59 +++--- > > hw/char/xen_console.c | 16 +- > > hw/display/xenfb.c | 57 +++--- > > hw/net/xen_nic.c | 29 +-- > > hw/tpm/Makefile.objs | 3 +- > > hw/tpm/tpm_passthrough.c | 13 +- > > hw/tpm/tpm_util.c | 11 ++ > > hw/tpm/tpm_util.h | 1 + > > hw/tpm/tpm_xenstubdoms.c | 284 ++++++++++++++++++++++++++ > > hw/tpm/xen_vtpm_frontend.c | 303 ++++++++++++++++++++++++++++ > > hw/tpm/xen_vtpm_frontend.h | 10 + > > hw/usb/xen-usb.c | 38 ++-- > > hw/xen/Makefile.objs | 2 +- > > hw/xen/xen_backend.c | 378 ++++------------------------------- > > hw/xen/xen_devconfig.c | 4 +- > > hw/xen/xen_frontend.c | 416 > > +++++++++++++++++++++++++++++++++++++++ > > hw/xen/xen_pvdev.c | 298 ++++++++++++++++++++++++++++ > > include/hw/xen/xen_backend.h | 71 +------ > > include/hw/xen/xen_frontend.h | 20 ++ > > include/hw/xen/xen_pvdev.h | 83 ++++++++ > > include/sysemu/tpm_backend_int.h | 2 + > > qapi-schema.json | 16 +- > > qemu-options.hx | 13 +- > > tpm.c | 7 +- > > vl.c | 17 +- > > xen-common.c | 4 +- > > xen-hvm.c | 6 + > > 30 files changed, 1649 insertions(+), 539 deletions(-) create mode 100644 > > hw/tpm/tpm_xenstubdoms.c create mode 100644 > > hw/tpm/xen_vtpm_frontend.c create mode 100644 > > hw/tpm/xen_vtpm_frontend.h create mode 100644 hw/xen/xen_frontend.c > > create mode 100644 hw/xen/xen_pvdev.c create mode 100644 > > include/hw/xen/xen_frontend.h create mode 100644 > > include/hw/xen/xen_pvdev.h > > > > -- > > 1.9.1 > _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx https://lists.xen.org/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |