Xen project Mailing List

RE: [Xense-devel] Run vTPM in its own VM?

To: "Stefan Berger" <stefanb@xxxxxxxxxx>

From: "Scarlata, Vincent R" <vincent.r.scarlata@xxxxxxxxx>

Date: Fri, 15 Sep 2006 09:53:39 -0700

Cc: xense-devel-bounces@xxxxxxxxxxxxxxxxxxx, Xense-devel@xxxxxxxxxxxxxxxxxxx

Delivery-date: Fri, 15 Sep 2006 09:53:58 -0700

List-id: "A discussion list for those developing security enhancements for Xen." <xense-devel.lists.xensource.com>

Thread-index: AcbY5NJezRtmvVrhS6WiRg7H21AAsQAAQQ/w

Thread-topic: [Xense-devel] Run vTPM in its own VM?

>________________________________ > >From: Stefan Berger [mailto:stefanb@xxxxxxxxxx] >Sent: Friday, September 15, 2006 9:34 AM >To: Scarlata, Vincent R >Cc: Fischer, Anna; Xense-devel@xxxxxxxxxxxxxxxxxxx; xense-devel-bounces@xxxxxxxxxxxxxxxxxxx >Subject: RE: [Xense-devel] Run vTPM in its own VM? > > > > xense-devel-bounces@xxxxxxxxxxxxxxxxxxx wrote on 09/15/2006 12:18:12 PM: > > > This is already supported, even in the single VM model. At any time, a >> vtpm can issue a request to the manager (similar to the way you request >> save/load state) to access the TPM below. On one of my configurations >> (not submitted but available upon request) that have the vtpm's copy >> certain hwpcrs during its initialization steps. Note, however, on >You will also have to clone the logs related to those PCRs and carry them with you when you migrate. >Now if you copy the PCRs upon creation, what do you do with the PCR register values after migration? Do they still >reflect the old environment? The code I mentioned is being used for a very specific environment where not all of the functions in xen are used. I meant it more as an illustrative statement that not only is calling the tpm from a vtpm supported, there exist code that is using it. The code hasn't been checked in to the tree, because as you point out, it is not necessarily a general purpose approach to vPCR usage. >> commands that use authorization digests, it won't be as simple has >> forwarding the commands down from vtpm to manager to tpm, you'll need to >> be more careful to ensure the auth sessions are maintained as the client >> expects. > >Which commands are you for example forwarding to the hardware TPM? Are you rooting your key tree to the SRK of >the hardware TPM? The current implementation does not forward any commands to the TPM, however, if one wanted too, you could write the TPM code such that rather than using openssl for generating key, you called the TPM to generate keys. Now, my comment about forwarding was that you will not be able to just forward commands to use these keys down to the TPM. Rather the vtpm would share an OIAP session with the application in the guest. The vtpms handles checking that the TPM_Unbind for example is ok. Then the vtpm makes a separate request down to the TPM to request that the key owned by the vtpm that resides in the tpm be used to decrypt some data (that happened to originate from a guest). -Vinnie _______________________________________________ Xense-devel mailing list Xense-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xense-devel

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.