xense-devel
RE: [Xense-devel] [Q] about vTPM
Vincent,
>This has 2 causes. One is that standard linux
does not have a TPM
>measurement facility. If you want your OS measured, you will need to
>install something like IBM's Integrity Measurement Agent (IMA). Second,
this is a good point. There is no reason
why Linux should not have an integrity module that offers generic integrity-related
services (measurements included). Probably a good topic to discuss with
the Linux Kernel community on the upcoming Ottawa Linux Symposium (OLS)
in July. The core Linux kernel does support application access to the hardware
TPM, so it seems natural to also support the core TPM operations in the
kernel.
In fact, when we released the IBM Integrity
Measurement Architecture to the Linux Kernel Mailing list some time
ago, the objective discussion went along these lines. Rather than being
bound to the Linux Security Module inteface (currently IMA uses LSM), the
better approach is to make it a core kernel service.
We have also discussed releasing an
IMA patch exactly for the purpose cited in this mail threat ( we have experiment
internally with it for some time) but we concluded that there should be
a generic solution that is integrated into the core Linux kernel. There
was not a lot of (positive :-) interest in this area at that time so priorities
took over.
For those interested to learn more about
the Integrity Measurement Architecture:
Open-source code: http://sourceforge.net/projects/linux-ima
Some descriptive information and code
links:
http://domino.research.ibm.com/comm/research_people.nsf/pages/sailer.ima.html
and http://www.research.ibm.com/ssd_ima.
Reiner
__________________________________________________________
Reiner Sailer, Research Staff Member, Secure Systems Department
IBM T J Watson Research Ctr, 19 Skyline Drive, Hawthorne NY 10532
Phone: 914 784 6280 (t/l 863) Fax: 914 784 6205, sailer@xxxxxxxxxx
http://www.research.ibm.com/people/s/sailer/
"Scarlata, Vincent
R" <vincent.r.scarlata@xxxxxxxxx>
Sent by: xense-devel-bounces@xxxxxxxxxxxxxxxxxxx
07/01/2006 01:21 PM
|
To
| "Martin Hermanowski" <lists@xxxxxxxxxxxxxxxxxxxxxxx>
|
cc
| xense-devel@xxxxxxxxxxxxxxxxxxx
|
Subject
| RE: [Xense-devel] [Q] about vTPM |
|
>-----Original Message-----
>From: xense-devel-bounces@xxxxxxxxxxxxxxxxxxx
>[mailto:xense-devel-bounces@xxxxxxxxxxxxxxxxxxx] On Behalf Of
>Martin Hermanowski
>Sent: Saturday, July 01, 2006 6:43 AM
>To: Ronald Perez
>Cc: xense-devel@xxxxxxxxxxxxxxxxxxx
>Subject: Re: [Xense-devel] [Q] about vTPM
>
>One thing that surprised me after reading the report was, that the
>current vTPM implementation in xen-testing did not do any measurements
>to PCRs, and that it seems like the vTPM is created when the tpm-xen
>module is loaded in DomU, and not when the DomU is created.
>
>If I understood the vTPM architecture correctly, this is not
>implementation specific (this is only the vtpm_managerd part, right?),
>but a Xen issue.
I think a couple of different issues are being combined here.
1) As an artifact of xen's FE/BE structure and the way we *were*
signaling the vtpm manager about new domains, a new VTPM instance wasn't
created until the FE driver executed and told the BE about it. When
Dom0/DomU merged into one kernel tree, the FE has become a module, which
is far to late to start the vTPM. This, however, has changed in the
unstable tree. The instance is now created during domain construction
before the domain starts executing.
2) The boot process and xen and the currently trusted dom 0 are not
measured into the TPM. This requires you to install a TPM enhanced GRUB
on your system. This is not included in xen, but is a standard part of
TPM enabling your linux-based system.
3) When the guest comes up, PCRRead indicates that all the PCRs are
empty. This has 2 causes. One is that standard linux does not have a TPM
measurement facility. If you want your OS measured, you will need to
install something like IBM's Integrity Measurement Agent (IMA). Second,
we are currently not preloading any of the low PCRs with appropriate
boot information. This is mostly because we haven't bottomed out on what
they should be, and TCG hasn't declared the correct behavior in the form
of a spec. There are legitimate arguments in several different
directions, depending on a variety of factors. I would be happy to break
out into a discussion about various was to represent a virtual
environment in VTPM, but I would want to take it off the list as it is
not a xen discussion.
-Vinnie Scarlata
Trusted Platforms Lab
System Technology Lab, CTG
Intel Corporation
_______________________________________________
Xense-devel mailing list
Xense-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xense-devel
_______________________________________________
Xense-devel mailing list
Xense-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xense-devel
|
|
|