RE: [Xense-devel] [Q] about vTPM

To:	"Martin Hermanowski" <lists@xxxxxxxxxxxxxxxxxxxxxxx>
Subject:	RE: [Xense-devel] [Q] about vTPM
From:	"Scarlata, Vincent R" <vincent.r.scarlata@xxxxxxxxx>
Date:	Sat, 1 Jul 2006 10:21:20 -0700
Cc:	xense-devel@xxxxxxxxxxxxxxxxxxx
Delivery-date:	Sat, 01 Jul 2006 10:21:36 -0700
Envelope-to:	www-data@xxxxxxxxxxxxxxxxxx
List-help:	<mailto:xense-devel-request@lists.xensource.com?subject=help>
List-id:	"A discussion list for those developing security enhancements for Xen." <xense-devel.lists.xensource.com>
List-post:	<mailto:xense-devel@lists.xensource.com>
List-subscribe:	<http://lists.xensource.com/cgi-bin/mailman/listinfo/xense-devel>, <mailto:xense-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe:	<http://lists.xensource.com/cgi-bin/mailman/listinfo/xense-devel>, <mailto:xense-devel-request@lists.xensource.com?subject=unsubscribe>
Sender:	xense-devel-bounces@xxxxxxxxxxxxxxxxxxx
Thread-index:	AcadFD8MkDOgvqXTRDOjOR7UVYzmhgAG8KOw
Thread-topic:	[Xense-devel] [Q] about vTPM

 

>-----Original Message-----
>From: xense-devel-bounces@xxxxxxxxxxxxxxxxxxx 
>[mailto:xense-devel-bounces@xxxxxxxxxxxxxxxxxxx] On Behalf Of 
>Martin Hermanowski
>Sent: Saturday, July 01, 2006 6:43 AM
>To: Ronald Perez
>Cc: xense-devel@xxxxxxxxxxxxxxxxxxx
>Subject: Re: [Xense-devel] [Q] about vTPM
>
>One thing that surprised me after reading the report was, that the
>current vTPM implementation in xen-testing did not do any measurements
>to PCRs, and that it seems like the vTPM is created when the tpm-xen
>module is loaded in DomU, and not when the DomU is created.
>
>If I understood the vTPM architecture correctly, this is not
>implementation specific (this is only the vtpm_managerd part, right?),
>but a Xen issue.

I think a couple of different issues are being combined here. 

1) As an artifact of xen's FE/BE structure and the way we *were*
signaling the vtpm manager about new domains, a new VTPM instance wasn't
created until the FE driver executed and told the BE about it. When
Dom0/DomU merged into one kernel tree, the FE has become a module, which
is far to late to start the vTPM. This, however, has changed in the
unstable tree. The instance is now created during domain construction
before the domain starts executing.

2) The boot process and xen and the currently trusted dom 0 are not
measured into the TPM. This requires you to install a TPM enhanced GRUB
on your system. This is not included in xen, but is a standard part of
TPM enabling your linux-based system.

3) When the guest comes up, PCRRead indicates that all the PCRs are
empty. This has 2 causes. One is that standard linux does not have a TPM
measurement facility. If you want your OS measured, you will need to
install something like IBM's Integrity Measurement Agent (IMA). Second,
we are currently not preloading any of the low PCRs with appropriate
boot information. This is mostly because we haven't bottomed out on what
they should be, and TCG hasn't declared the correct behavior in the form
of a spec. There are legitimate arguments in several different
directions, depending on a variety of factors. I would be happy to break
out into a discussion about various was to represent a virtual
environment in VTPM, but I would want to take it off the list as it is
not a xen discussion.

-Vinnie Scarlata
Trusted Platforms Lab
System Technology Lab, CTG
Intel Corporation

_______________________________________________
Xense-devel mailing list
Xense-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xense-devel

WARNING - OLD ARCHIVES

xense-devel

RE: [Xense-devel] [Q] about vTPM