This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


[Xen-devel] [ANNOUNCE] TPM virtualization

To: <xen-devel@xxxxxxxxxxxxxxxxxxx>, <xense-devel@xxxxxxxxxxxxxxxxxxx>
Subject: [Xen-devel] [ANNOUNCE] TPM virtualization
From: "Cihula, Joseph" <joseph.cihula@xxxxxxxxx>
Date: Wed, 17 Aug 2005 13:49:45 -0700
Cc: Stefan Berger <stefanb@xxxxxxxxxx>, "Scarlata, Vincent R" <vincent.r.scarlata@xxxxxxxxx>, Steven Hand <Steven.Hand@xxxxxxxxxxxx>, "Rozas, Carlos V" <carlos.v.rozas@xxxxxxxxx>
Delivery-date: Wed, 17 Aug 2005 20:48:27 +0000
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
Thread-index: AcWjbTLQxznBdQdKQJ6VpToZswWoGQ==
Thread-topic: [ANNOUNCE] TPM virtualization
Xen Community,

Intel and IBM have been working together to provide TPM (Trusted
Platform Module) virtualization for Xen.  You can find out more about
the architecture and ideas for TPM virtualization at
http://summit.xensource.com/pdfs/XenSecurity_Intel_CRozas.pdf and

[Detailed description of TPM:
rview.pdf; overview:

The patches that will be sent later today contain the changes and a
readme that describes how to integrate and run this TPM virtualization.
This is the first release of this functionality and we will continue to
maintain and enhance it.

TPM virtualization (vTPM) support will consist of the following patches
(in two emails).  The default behavior will be to build and install
these components.

1.  hypervisor: additions to include files
2.  tools directory: for xend to be able to setup TPM front- and backend
interfaces; allows it to parse VM configuration files with vtpm and
tpmif entries in the configuration files 
3.  sparse directory: the TPM front- and backend drivers used by Linux
on XEN; a PCI-independent implementation of the TPM driver including a
plug-in for interfacing with the TPM front-end driver

4.  tools directory: a virtual TPM manager in charge of managing vtpm
instances and protecting their secrets while they are offline
5.  tools directory: a virtual TPM which will be instantiated by the
manager on a one-per-guest basis
6.  tools directory: a TPM emulator to allow development and testing on
machines which lack a physical TPM

A developer-level summary of the functionality is:
*  The patches support TPM v1.1b.
*  Support is provided through a TPM block device that can be installed
in any domain (dom0 doesn't need one because the physical TPM driver
resides there).
*  For systems that don't have a physical TPM but would like to use the
measurement functionality, there is a build option that will allow the
use of a TPM emulator in dom0  in place of a physical TPM.  Naturally,
this will not have the security and trust properties of a physical TPM.
*  All components except the TPM FE driver reside in dom0 (the FEs go
into each domU).
*  Migration (of domU TPM state) is not supported at this time, but it
is being worked on.

We hope that many of you will give this a try and look forward to your
comments and feedback.

Intel & IBM

Xen-devel mailing list

<Prev in Thread] Current Thread [Next in Thread>
  • [Xen-devel] [ANNOUNCE] TPM virtualization, Cihula, Joseph <=