This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


RE: [Xen-devel] Xen talk to TPM

To: "Security Initiative Team" <passrete@xxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxx
Subject: RE: [Xen-devel] Xen talk to TPM
From: "Petersson, Mats" <Mats.Petersson@xxxxxxx>
Date: Fri, 22 Sep 2006 14:49:36 +0200
Delivery-date: Fri, 22 Sep 2006 05:53:28 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
In-reply-to: <20060921213436.27184.qmail@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
Thread-index: AcbeLLqyEjih7X2QQ1O9jW5rhsa+KwAGGyQg
Thread-topic: [Xen-devel] Xen talk to TPM

From: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx [mailto:xen-devel-bounces@xxxxxxxxxxxxxxxxxxx] On Behalf Of Security Initiative Team
Sent: 21 September 2006 22:35
To: xen-devel@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-devel] Xen talk to TPM


As I understand, there are no device drivers in the Xen hypervisor
layer (they are in Dom0).

Is it then possible for Xen to talk to a Trusted Platform Module (TPM)
I think it works like this at the moment: Dom0 has the ability to use TPM, and there is a vTPM interface that allows other domains to access the "virtual TPM". Xen (as in the actual hypervisor) isn't able to access the TPM itself, nor should it.
I also think the future holds a "split up" Dom0 so that some of the functions currently carried out by Dom0 are moved to another "more secure" domain (Dom-1, DomS0 or whatever you'd like to call it). But that's not the current situation, and it's probably going to be some time before this happens.
If I've got this wrong, I'm sure someone will tell us... ;-)


Get your own web address for just $1.99/1st yr. We'll help. Yahoo! Small Business.
Xen-devel mailing list
<Prev in Thread] Current Thread [Next in Thread>