WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xense-devel

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Xense-devel] [Q] about vTPM

from [Martin Hermanowski] [Permanent Link][Original]
To: "Scarlata, Vincent R" <vincent.r.scarlata@xxxxxxxxx>
Subject: Re: [Xense-devel] [Q] about vTPM
From: Martin Hermanowski <lists@xxxxxxxxxxxxxxxxxxxxxxx>
Date: Sun, 02 Jul 2006 15:53:54 +0200
Cc: xense-devel@xxxxxxxxxxxxxxxxxxx
Delivery-date: Sun, 02 Jul 2006 06:54:21 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
In-reply-to: <D936D925018D154694D8A362EEB0892055ACD6@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>
List-help: <mailto:xense-devel-request@lists.xensource.com?subject=help>
List-id: "A discussion list for those developing security enhancements for Xen." <xense-devel.lists.xensource.com>
List-post: <mailto:xense-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xense-devel>, <mailto:xense-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xense-devel>, <mailto:xense-devel-request@lists.xensource.com?subject=unsubscribe>
Openpgp: id=98A3D1EC
References: <D936D925018D154694D8A362EEB0892055ACD6@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>
Sender: xense-devel-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Thunderbird 1.5.0.2 (X11/20060516) 
Scarlata, Vincent R wrote:
>  
> 
>> -----Original Message-----
>> From: xense-devel-bounces@xxxxxxxxxxxxxxxxxxx 
>> [mailto:xense-devel-bounces@xxxxxxxxxxxxxxxxxxx] On Behalf Of 
>> Martin Hermanowski
>> Sent: Saturday, July 01, 2006 6:43 AM
>> To: Ronald Perez
>> Cc: xense-devel@xxxxxxxxxxxxxxxxxxx
>> Subject: Re: [Xense-devel] [Q] about vTPM
>>
>> One thing that surprised me after reading the report was, that the
>> current vTPM implementation in xen-testing did not do any measurements
>> to PCRs, and that it seems like the vTPM is created when the tpm-xen
>> module is loaded in DomU, and not when the DomU is created.
>>
>> If I understood the vTPM architecture correctly, this is not
>> implementation specific (this is only the vtpm_managerd part, right?),
>> but a Xen issue.
> 
> I think a couple of different issues are being combined here. 
> 
> 1) As an artifact of xen's FE/BE structure and the way we *were*
> signaling the vtpm manager about new domains, a new VTPM instance wasn't
> created until the FE driver executed and told the BE about it. When
> Dom0/DomU merged into one kernel tree, the FE has become a module, which
> is far to late to start the vTPM. This, however, has changed in the
> unstable tree. The instance is now created during domain construction
> before the domain starts executing.

OK, I will have a look at -unstable. This behaviour is what I expected
to find.

> 2) The boot process and xen and the currently trusted dom 0 are not
> measured into the TPM. This requires you to install a TPM enhanced GRUB
> on your system. This is not included in xen, but is a standard part of
> TPM enabling your linux-based system.

Yes, I am aware of this. This does not differ from "normal" TPM secured
systems.

> 3) When the guest comes up, PCRRead indicates that all the PCRs are
> empty. This has 2 causes. One is that standard linux does not have a TPM
> measurement facility. If you want your OS measured, you will need to
> install something like IBM's Integrity Measurement Agent (IMA). Second,
> we are currently not preloading any of the low PCRs with appropriate
> boot information. This is mostly because we haven't bottomed out on what
> they should be, and TCG hasn't declared the correct behavior in the form
> of a spec. There are legitimate arguments in several different
> directions, depending on a variety of factors. I would be happy to break
> out into a discussion about various was to represent a virtual
> environment in VTPM, but I would want to take it off the list as it is
> not a xen discussion.

I understand that extending the PCR concept to support virtualization is
still in discussion, and thus problematic to implement. While I think
that the idea expressed in the RC23879 report (Measuring Dom0 to PCR 8
and marking it read-only in DomU) looks very nice, it might run into
problems when HVM domains should be supported, which want to use PCR 8
for their own measurements...

Is there a public list for this discussion?

Thanks a lot for the clarifications!
Regards,
Martin

-- 
Martin Hermanowski
http://martin.hermanowski.name

_______________________________________________
Xense-devel mailing list
Xense-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xense-devel
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: [Xense-devel] [Q] about vTPM, Reiner Sailer
Next by Date:  Re: [Xense-devel] [Q] about vTPM, Stefan Berger
Previous by Thread:  RE: [Xense-devel] [Q] about vTPM, Reiner Sailer
Next by Thread:  Re: [Xense-devel] [Q] about vTPM, Stefan Berger
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy