This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


[Xense-devel] RE: [TrouSerS-users] vTPM data seal issue

To: "Hal Finney" <hal.finney@xxxxxxxxx>
Subject: [Xense-devel] RE: [TrouSerS-users] vTPM data seal issue
From: "Osborn, Justin D." <Justin.Osborn@xxxxxxxxxx>
Date: Thu, 19 Oct 2006 08:30:30 -0400
Cc: xense-devel@xxxxxxxxxxxxxxxxxxx, trousers-users@xxxxxxxxxxxxxxxxxxxxx
Delivery-date: Thu, 19 Oct 2006 05:30:48 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
List-help: <mailto:xense-devel-request@lists.xensource.com?subject=help>
List-id: "A discussion list for those developing security enhancements for Xen." <xense-devel.lists.xensource.com>
List-post: <mailto:xense-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xense-devel>, <mailto:xense-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xense-devel>, <mailto:xense-devel-request@lists.xensource.com?subject=unsubscribe>
Sender: xense-devel-bounces@xxxxxxxxxxxxxxxxxxx
Thread-index: AcbzIiGSPyNVHCnmT8WP/2wWf9vkNwAVX06g
Thread-topic: [TrouSerS-users] vTPM data seal issue

-----Original Message-----
From: Hal Finney [mailto:hal.finney@xxxxxxxxx] 
Sent: Wednesday, October 18, 2006 9:53 PM
To: Osborn, Justin D.
Cc: xense-devel@xxxxxxxxxxxxxxxxxxx;
trousers-users@xxxxxxxxxxxxxxxxxxxxx; vincent.r.scarlata@xxxxxxxxx
Subject: Re: [TrouSerS-users] vTPM data seal issue

> That's neat that you got that to work. I've been interested in
experimenting with Xen and TPM but I've 
> had trouble getting Xen to run at all on my Thinkpad. Maybe the
xen-unstable version would work better. 
> What kernel are you using?

Xen-unstable works with kernel (which has the tpm_tis driver
for TPM v. 1.2 support).

> One thing I don't understand is how the PCRs are shared between the
various VMs. I wonder if the idea 
> is that user code doesn't talk to the "real" PCRs, at all, rather Xen
makes up a set of fake PCRs for each
> VM. The real PCRs are only used to measure Xen. Then I think most TPM
operations wouldn't even touch the 
> real TPM. If you seal and unseal, it is Xen which is maintaining its
virtual PCRs, does the crypto, and 
> decides if the unseal will work. Xen protects the user's secrets using
its virtual TPM code, and all of 
> Xen's secrets are protected by the real TPM. Something like this,
anyway. I need to learn more about how 
> all this will work.

Actually, you're right.  The vTPM PCRs are just a buffer in the memory
of vtpmd.  Right now they are just defined to be zero on initialization.
The original IBM vTPM paper says that vTPM PCRs 1-8 should be the same
as the physical TPM's PCRs, but from what I can tell people were in
disagreement on that so right now they're all set to zero.

Speaking of which, here's a question for the vTPM developers:  Is there
code out there to load the vTPM PCRs (1-8) with the values from the
physical TPM?  I'm about to (attempt to) write that, and it'd be helpful
if someone's already done it.


Xense-devel mailing list

<Prev in Thread] Current Thread [Next in Thread>