RE: [Xen-devel] Xen talk to TPM

["Petersson, Mats" <Mats.Petersson@xxxxxxx>]

---

From: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx [mailto:xen-devel-bounces@xxxxxxxxxxxxxxxxxxx] On Behalf Of Security Initiative Team
Sent: 21 September 2006 22:35
To: xen-devel@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-devel] Xen talk to TPM

Hi,

As I understand, there are no device drivers in the Xen hypervisor
layer (they are in Dom0).

Is it then possible for Xen to talk to a Trusted Platform Module (TPM)
directly?  

 

 

I think it works like this at the moment: Dom0 has the ability to use TPM, and there is a vTPM interface that allows other domains to access the "virtual TPM". Xen (as in the actual hypervisor) isn't able to access the TPM itself, nor should it.

 

I also think the future holds a "split up" Dom0 so that some of the functions currently carried out by Dom0 are moved to another "more secure" domain (Dom-1, DomS0 or whatever you'd like to call it). But that's not the current situation, and it's probably going to be some time before this happens.

 

If I've got this wrong, I'm sure someone will tell us... ;-)

 

--
Mats

 

-Brian

---

Get your own web address for just $1.99/1st yr. We'll help. Yahoo! Small Business.

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel