 Home |
Products |
Support |
Community |
News |
xen-devel
Re: [Xen-devel] Re: [vTPM] Prevent domain with attached vTPM from doing
| To: | Ewan Mellor <ewan@xxxxxxxxxxxxx> |
|---|---|
| Subject: | Re: [Xen-devel] Re: [vTPM] Prevent domain with attached vTPM from doing local migration |
| From: | Stefan Berger <stefanb@xxxxxxxxxx> |
| Date: | Tue, 5 Sep 2006 09:19:23 -0400 |
| Cc: | xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxx> |
| Delivery-date: | Tue, 05 Sep 2006 06:19:51 -0700 |
| Envelope-to: | www-data@xxxxxxxxxxxxxxxxxx |
| In-reply-to: | <20060905125049.GF7810@xxxxxxxxxxxxxxxxxxxxxx> |
| List-help: | <mailto:xen-devel-request@lists.xensource.com?subject=help> |
| List-id: | Xen developer discussion <xen-devel.lists.xensource.com> |
| List-post: | <mailto:xen-devel@lists.xensource.com> |
| List-subscribe: | <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe> |
| List-unsubscribe: | <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe> |
| Sender: | xen-devel-bounces@xxxxxxxxxxxxxxxxxxx |
|
xen-devel-bounces@xxxxxxxxxxxxxxxxxxx wrote on 09/05/2006 08:50:49 AM: > On Fri, Aug 25, 2006 at 05:33:08PM -0400, Stefan Berger wrote: > > > The attached patch prevents a domain with an attached vTPM from doing > > local migration since this does not seem to work correctly (see tests in > > xm test suite). If no vTPM has been attached, the local migration > > proceeds as usual. > > > > Signed-off-by: Stefan Berger <stefanb@xxxxxxxxxx> > > I've applied this, thanks. Do you know what it would take to get localhost > migration working for domains with a vTPM? Localhost migration is a useful > test, and it seems a shame to break it in this case. The vTPM needs to be able to handle the messages that are sent to it via the hotplug scripts either in-order or out-of-order, where in-order means that an equivalent of a 'close' message comes before the 'open' and out-of-order means that the 'open' comes before the 'close'. >From what I saw when I wrote and tested the vTPM hotplug scripts is that the messages sent from these scripts (kicked-off by the xenbus) can come in either one of these orders when doing local migration, probably due to timing. The vTPM also must not tear down its state when the 'close' comes since a) the 'open' might have come before it *and* b) one would have to re-initialize the vTPM. The reason for this is that a TPM keeps internal state, such as keys, that are created or loaded into it and that can normally be removed upon a 'close' *if* that 'close' always means power-off. Here (in Xen) it has to be treated differently, which boils down to ignoring the 'close' since this can also be sent during a suspend. So the trick that I found was to handle things late in the 'open' where I can determine whether a domain was 'created' or 'resumed' (after local migration or suspend/resume) and reset the device if necessary. Well, it's a bit tricky intergrating the vTPM. Stefan > > Ewan. > > _______________________________________________ > Xen-devel mailing list > Xen-devel@xxxxxxxxxxxxxxxxxxx > http://lists.xensource.com/xen-devel _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-devel |
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | Re: [Xen-devel] Re: [Xen-changelog] [xen-unstable] Update user manual to use blktap for file-based VBDs., Andrew Warfield |
|---|---|
| Next by Date: | Re: [Xen-devel] [PATCH] kexec: framework and i386 (Take XIV), Horms |
| Previous by Thread: | [Xen-devel] Re: [vTPM] Prevent domain with attached vTPM from doing local migration, Ewan Mellor |
| Next by Thread: | Re: [Xen-devel] [PATCH] [MAN]Fix xm info of man manual, Ewan Mellor |
| Indexes: | [Date] [Thread] [Top] [All Lists] |
