Re: [Xense-devel] Run vTPM in its own VM?

[Stefan Berger <stefanb@xxxxxxxxxx>]

xense-devel-bounces@xxxxxxxxxxxxxxxxxxx wrote on 09/14/2006
05:00:56 AM:

> The README of the current Xen unstable version says that setting
> VTPM_MULTI_VM allows running each vTPM in its own VM. However, compiling
> with this option doesn't work on my machine and the code doesn't seem
to
> be complete for this option.
> 
> Did I miss to configure something or is the current implementation
in
> Xen not really ready for running a vTPM in a separate VM?

I am not familiar with the option above since I am
running a different implementation of a VTPM, but I can say that it should
generally be possible to run a vTPM in a separate domain, but I haven't
done this in a long time. There exists an option when defining the vtpm
in the VM configuration file to have it's backend located in a different
domain than domain-0. Typically such an entry looks like

vtpm=['backend=0,instance=1']

to talk to a vTPM in domain-0 ( => backend=0 ).

There's one catch, though, and that's that all the
hotplug scripts that are typically doing the life-cycle management of the
vTPM instances now also have to be installed in that domain along with
hotplug daemon etc.. I myself haven't run the vTPM in any other domain
than domain-0 in a long time.

> 
> Can you explain to me how a communication will look like for the planned
> implementation in Xen? Will all communication continue to go through
the
> vTPM manager and the vTPM manager talks to a kind of FE that transmits
> TPM commands to a BE running in a separate domain? Or is it possible
to
> set up direct connections between a user domain TPM FE and the vTPM
> running in an isolated VM?

It is possible to connect them directly with the vm
configuration option above.
It should be possible to start a 2nd domain whose
only purpose would be to run the vTPM - along with the hotplug stuff mentioned
above running in that domain. That domain would have to be started from
domain-0. However, you have a gap then if it's about taking integrity measurements
of applications and a correct 'trust' chain. The proper way of doing this
would be to have that vTPM-hosting domain started before domain 0 (including
all the complications on how to access persistent storage etc.).
Can you tell us a bit more about what you are planning
on doing?

  Stefan

> 
> Regards,
> Anna
> 
> _______________________________________________
> Xense-devel mailing list
> Xense-devel@xxxxxxxxxxxxxxxxxxx
> http://lists.xensource.com/xense-devel
_______________________________________________
Xense-devel mailing list
Xense-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xense-devel