WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-devel

[Xen-devel] [PATCH 11/12] VTPM mini-os: vtpmmgrdom

To: "xen-devel@xxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxx>
Subject: [Xen-devel] [PATCH 11/12] VTPM mini-os: vtpmmgrdom
From: Matthew Fioravante <matthew.fioravante@xxxxxxxxxx>
Date: Fri, 11 Mar 2011 18:26:12 -0500
Delivery-date: Fri, 11 Mar 2011 15:28:29 -0800
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.13) Gecko/20101208 Thunderbird/3.1.7
This patch provides a mini-os domain for the vtpm manager. It links in parts of the original vtpm_managerd code, openssl ported to mini-os, and implements the rest of the functionality itself.

All data and keys are stored in a disk image with a custom format which must be created and provided through the domain config file. This disk image is encrypted using TPM keys.

The vtpm manager requires access to the hardware tpm. This can be facilitated in 2 ways: 1. Direct access (default). To use this method, provide an io memory region to the domain using the vtpm managers domain config file.
mmio = ['fed40',5]

2. Passthrough dom0: To use this method, use the paravirtualized tpm driver and set its backend to dom0.
vtpm = ['backend=0']
Since hardware access is the default, you will also have tell the manager to use the paravirtualized driver
extra = 'tpmdriver=tpmfront'
Install the vtpm connection daemon in dom0
$ cd /tools/vtpm_manager/vtpmconnd
# make install
Finally run the connection daemon before booting the domain. Make sure tpmbk and tpm_tis are loaded in dom0.
# vtpmconnd


Further and more complete documentation is forthcoming

Signed off by: Matthew Fioravante <matthew.fioravante@xxxxxxxxxx>

Attachment: 11-vtpmmgrdom.patch
Description: Text Data

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
<Prev in Thread] Current Thread [Next in Thread>
  • [Xen-devel] [PATCH 11/12] VTPM mini-os: vtpmmgrdom, Matthew Fioravante <=