[Xen-devel] [PATCH 11/12] VTPM mini-os: vtpmmgrdom

[Matthew Fioravante <matthew.fioravante@xxxxxxxxxx>]

This patch provides a mini-os domain for the vtpm manager. It links in 
parts of the original vtpm_managerd code, openssl ported to mini-os, and 
implements the rest of the functionality itself.
All data and keys are stored in a disk image with a custom format which 
must be created and provided through the domain config file. This disk 
image is encrypted using TPM keys.
The vtpm manager requires access to the hardware tpm. This can be 
facilitated in 2 ways:
1. Direct access (default). To use this method, provide an io memory 
region to the domain using the vtpm managers domain config file.
mmio = ['fed40',5]

2. Passthrough dom0: To use this method, use the paravirtualized tpm 
driver and set its backend to dom0.
vtpm = ['backend=0']
Since hardware access is the default, you will also have tell the 
manager to use the paravirtualized driver
extra = 'tpmdriver=tpmfront'
Install the vtpm connection daemon in dom0
$ cd /tools/vtpm_manager/vtpmconnd
# make install
Finally run the connection daemon before booting the domain. Make sure 
tpmbk and tpm_tis are loaded in dom0.
# vtpmconnd


Further and more complete documentation is forthcoming

Signed off by: Matthew Fioravante <matthew.fioravante@xxxxxxxxxx>

Attachment: 11-vtpmmgrdom.patch
Description: Text Data

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel