[Xen-devel] [PATCH 7/12] VTPM mini-os: vtpm_manager bug fixes and change
This is a rather large path for vtpm_managerd. It can be broken up if
requested but seeing as nobody else seems to be maintaining the vtpm
code I don't think anyone will mind.
-A new routine to flush all handles from the tpm everytime vtpm_managerd
is started. Previously if the manager would crash it would leave stale
keys and auth handles in the tpm. After restarting the manager several
times and letting it crash, the tpm would run out of memory and the
manager would fail to start with a TPM_NO_SPACE error.
-Several memory errors fixed such as uninitialized reads and memory leaks.
-Fixed the signal handler to work with blocking IO and threads
correctly. Previously the manager would not shutdown correctly when you
tried to Ctrl+C close it on 64 bit.
-Removal of VTPM_MULTI_VM #defines. These were supposed to be a partial
implementation for a way to run vtpms in multiple domains but it was
never finished. It doesn't appear there has been any development on this
for several years. Since vtpm-stubdom performs this functionality I
removed these #defines and #ifdefs to make the code a little cleaner.
VTPM Stubdom functionality:
-New vTPM ordinals: VTPM_SAVE_KEY and VTPM_LOAD_KEY. The vtpm domains
encrypt their persistent state themselves, they only request the manager
to store the key.
-#define VTPM_STUBDOM will build the manager in stubdom mode. The
manager can only work in either vtpm-stubdom or vtpmd mode. You cannot
combine them. Clearing out the manager state will be required.
# rm /var/vtpm/VTPM /var/vtpm/vtpm_dm*
-See the vtpm-stubdom patch for more info
-Changes to how the ipc pipes are setup and used to avoid hanging in the
-vtpmmgrtalk: A c program for the dom0 scripts to correctly speak to the
vtpm manager. The next patch which fixes hotplug errors requires this
-Changed the way certain pieces of the vtpm manager are built. This
allows pieces of it to be included
-vtpmconnd: A simple program to pass tpm commands from the xen tpm
backend in dom0 to the hardware tpm. This is needed if you don't want to
passthrough the tpm directly to vtpmmgrdom (see the vtpmmgrdom patch for
Signed off by: Matthew Fioravante <matthew.fioravante@xxxxxxxxxx>
Description: Text Data
Description: S/MIME Cryptographic Signature
Xen-devel mailing list
|<Prev in Thread]
||[Next in Thread>|
- [Xen-devel] [PATCH 7/12] VTPM mini-os: vtpm_manager bug fixes and changes,
Matthew Fioravante <=