Re: [Xense-devel] questions about isolation model and GVTPM

[Stefan Berger <stefanb@xxxxxxxxxx>]

Hello Huang,

>Hi guys,

>I am interesting in vitrualization and tcpa.I want to do some research on Xen platform to present a more trusted VMM. I think the key points are isolation and integrity.

>With isoliation, I want to use uninterference policy to confine the communication between xen and domains with device channel.That is to say, map the formal model to xen. I think now the MAC mechanism also does >some isolation, the channel-control analyse with formal model is another way, especially used for confine the TCB where access control can do nothing.By the way,I think critical application also is a part of TCB.

>And from Reiner, I see Xen is not a isolation VMM,or separation VMM.But I think formal analyze can benefit confinement of Xen's I/O device.

>With integrity, I want to examine the GVTPM architecture and do something based on it.

>My questions are: does the isolation provided by Xen for domains is strong enough from your developer's view? Is there anybody can help me to learn more about GVTPM except for a .ppt document? Something like >what the function of "shared memory TPM driver" in the code? is it a backend driver? Or what is the opinion of TCG about GVTPM?

The function of the shared memory driver  is to send TPM request from a guest domain to the virtual TPM running in another domain. The virtual TPM is listening for commands on top of the TPM backend driver.

I don't know about the offiicial opionion of the TCG about 'GVTPM', but maybe representatives from Intel can tell you more about it.

Regards,

   Stefan

_______________________________________________
Xense-devel mailing list
Xense-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xense-devel