[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] Pass through physical TPM

To: John Sherwood <jrs@xxxxxx>
From: Ian Campbell <Ian.Campbell@xxxxxxxxxx>
Date: Tue, 10 Dec 2013 10:41:33 +0000
Cc: xen-users <xen-users@xxxxxxxxxxxxxxxxxxx>
Delivery-date: Tue, 10 Dec 2013 10:41:55 +0000
List-id: Xen user discussion <xen-users.lists.xen.org>

On Mon, 2013-12-09 at 17:51 -0800, John Sherwood wrote:
> I'm aware of the Xen vTPM capabilities, but is it possible to directly
> pass through the hardware TPM of a host to a domU?

I suppose ultimately a TPM is just hardware and therefore you can map it
through using either PCI passthrough (if it is a PCI device, I don't
know about TPM) or "manually" map the individual i/o ports, mmio regions
and interrupts using ioports, iomem and irqs directives in your guest
config (see the xl.cfg man page for details).

PCI passthrough certainly works with HVM guests. I'm not 100% sure about
the others, I can see the hypervisor side code to make ioports work, but
the other two are too subtle for me to grok right now ;-) I suggest
trying it and seeing...

What I can't advise on is all the TPM specific stuff like the
attestation and measurement which happens during boot and how that is
impacted by the need to start a VM. Maybe that's not an issue  -- I
really have no idea how that all works or whether Bitlocker even needs
it to have happened.

Ian.

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxx
http://lists.xen.org/xen-users

References:
- [Xen-users] Pass through physical TPM
  - From: John Sherwood

Prev by Date: Re: [Xen-users] hypercall implementation
Next by Date: Re: [Xen-users] hypercall implementation
Previous by thread: [Xen-users] Pass through physical TPM
Next by thread: [Xen-users] hypercall implementation
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.