RE: [Xense-devel] Run vTPM in its own VM?

To:	"Stefan Berger" <stefanb@xxxxxxxxxx>
Subject:	RE: [Xense-devel] Run vTPM in its own VM?
From:	"Scarlata, Vincent R" <vincent.r.scarlata@xxxxxxxxx>
Date:	Sun, 17 Sep 2006 15:01:06 -0700
Cc:	xense-devel-bounces@xxxxxxxxxxxxxxxxxxx, Xense-devel@xxxxxxxxxxxxxxxxxxx
Delivery-date:	Sun, 17 Sep 2006 15:01:25 -0700
Envelope-to:	www-data@xxxxxxxxxxxxxxxxxx
List-help:	<mailto:xense-devel-request@lists.xensource.com?subject=help>
List-id:	"A discussion list for those developing security enhancements for Xen." <xense-devel.lists.xensource.com>
List-post:	<mailto:xense-devel@lists.xensource.com>
List-subscribe:	<http://lists.xensource.com/cgi-bin/mailman/listinfo/xense-devel>, <mailto:xense-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe:	<http://lists.xensource.com/cgi-bin/mailman/listinfo/xense-devel>, <mailto:xense-devel-request@lists.xensource.com?subject=unsubscribe>
Sender:	xense-devel-bounces@xxxxxxxxxxxxxxxxxxx
Thread-index:	AcbY6Q4MnYS3cxcMTnG5GbCN4lH9FAAAgRqg
Thread-topic:	[Xense-devel] Run vTPM in its own VM?

If you use TPM resources for vtpm's, you will greatly inhibit your ability to migrate you vtpm. In the end, you will likely have to make the age old trade of of security vs performance. There may be some tricks you can do to make it possible to use some resources without totally impairing your flexibility.

-Vinnie

From: Stefan Berger [mailto:stefanb@xxxxxxxxxx]
Sent: Friday, September 15, 2006 10:04 AM
To: Scarlata, Vincent R
Cc: Fischer, Anna; Xense-devel@xxxxxxxxxxxxxxxxxxx; xense-devel-bounces@xxxxxxxxxxxxxxxxxxx
Subject: RE: [Xense-devel] Run vTPM in its own VM?

"Scarlata, Vincent R" <vincent.r.scarlata@xxxxxxxxx> wrote on 09/15/2006 12:53:39 PM: > The current implementation does not forward any commands to the TPM, > however, if one wanted too, you could write the TPM code such that > rather than using openssl for generating key, you called the TPM to > generate keys. Now, my comment about forwarding was that you will not be > able to just forward commands to use these keys down to the TPM. Rather > the vtpm would share an OIAP session with the application in the guest. > The vtpms handles checking that the TPM_Unbind for example is ok. Then > the vtpm makes a separate request down to the TPM to request that the > key owned by the vtpm that resides in the tpm be used to decrypt some > data (that happened to originate from a guest).

.. as long as you never let the hardware TPM create AIKs or non-migrateable(!) keys on behalf of the vTPM. So you have to treat those types of keys separately because if they are in the TPM they will not migrate with the vTPM. That makes it a little harder for handling non-migrateable keys that a children of the SRK. What SRK password would a user use inside the VM using the vTPM? Would he use the SRK password of the HWTPM or of the vTPM? At least once you send the CreateWrapKey command to the HWTPM you would have to make sure that the authorization inside the TPM request is using the HWTPM's SRK password.

Whose EK certificate would you use to have your AIKs certified?

Stefan > > -Vinnie

_______________________________________________
Xense-devel mailing list
Xense-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xense-devel

WARNING - OLD ARCHIVES

xense-devel

RE: [Xense-devel] Run vTPM in its own VM?