[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] Pass through physical TPM

On Mon, 2013-12-09 at 17:51 -0800, John Sherwood wrote:
> I'm aware of the Xen vTPM capabilities, but is it possible to directly
> pass through the hardware TPM of a host to a domU?

I suppose ultimately a TPM is just hardware and therefore you can map it
through using either PCI passthrough (if it is a PCI device, I don't
know about TPM) or "manually" map the individual i/o ports, mmio regions
and interrupts using ioports, iomem and irqs directives in your guest
config (see the xl.cfg man page for details).

PCI passthrough certainly works with HVM guests. I'm not 100% sure about
the others, I can see the hypervisor side code to make ioports work, but
the other two are too subtle for me to grok right now ;-) I suggest
trying it and seeing...

What I can't advise on is all the TPM specific stuff like the
attestation and measurement which happens during boot and how that is
impacted by the need to start a VM. Maybe that's not an issue  -- I
really have no idea how that all works or whether Bitlocker even needs
it to have happened.


Xen-users mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.