[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] [PATCH v3 00/14] vTPM new ABI, extensions

To: matthew.fioravante@xxxxxxxxxx
From: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>
Date: Mon, 10 Dec 2012 14:55:33 -0500
Cc: xen-devel@xxxxxxxxxxxxx
Delivery-date: Mon, 10 Dec 2012 19:56:32 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

This patch queue goes on top of Matthew Fioravante's [VTPM v7 0/8]
series.  The xenbus device name has changed to "vtpm2", and some
documentation has been added about PCRs (those extended by pv-grub and
those added in locality 5).  A new Linux patch is also needed, and will
be posted as a reply to this email; the layout of the shared page has
changed slightly (length field changed from uint16_t to uint32_t).

Patches have been reordered a bit in an attempt to have the series make
the most sense possible if partially applied.  Patch #8 still breaks
automatic vTPM domain shutdown, so only applying #1-6 would be useful if
we would like that feature to continue working while the libxl-based
shutdown request is not finished.

Patch 10-13 are new here; they allow localities to be restricted for
certain domains.  This is an important security feature if multiple
domains are accessing the same vTPM, and without this feature the
locality 5 PCRs introduced by #7 are no different from the lower 24
defined in the TPM specification.

Patch 14 is a build cleanup that fixes the third consecutive build
without an intervening "make clean" when NEWLIB_STAMPFILE is touched
after gmp is extracted.


New ABI patches:
    [PATCH 01/14] mini-os/tpm{back,front}: Change shared page ABI
    [PATCH 02/14] stubdom/vtpm: correct the buffer size returned by
    [PATCH 03/14] stubdom/vtpm: Support locality field

New vTPM features:
    [PATCH 04/14] stubdom/vtpm: Allow repoen of closed devices
    [PATCH 05/14] stubdom/vtpm: make state save operation atomic
    [PATCH 06/14] stubdom/grub: send kernel measurements to vTPM

Support for multiple client domains distinguished by locality:
    [PATCH 07/14] stubdom/vtpm: Add locality-5 PCRs
    [PATCH 08/14] stubdom/vtpm: support multiple backends
    [PATCH 09/14] stubdom/vtpm: Add PCR pass-through to hardware TPM
    [PATCH 10/14] mini-os/tpmback: set up callbacks before enumeration
    [PATCH 11/14] mini-os/tpmback: Replace UUID field with opaque
    [PATCH 12/14] mini-os/tpmback: add tpmback_get_peercontext
    [PATCH 13/14] stubdom/vtpm: constrain locality by XSM label

Other:
    [PATCH 14/14] stubdom/Makefile: Fix gmp extract rule

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

Follow-Ups:
- [Xen-devel] [PATCH] drivers/tpm-xen: Change vTPM shared page ABI
  - From: Daniel De Graaf
- [Xen-devel] [PATCH 07/14] stubdom/vtpm: Add locality-5 PCRs
  - From: Daniel De Graaf
- [Xen-devel] [PATCH 14/14] stubdom/Makefile: Fix gmp extract rule
  - From: Daniel De Graaf
- [Xen-devel] [PATCH 13/14] stubdom/vtpm: constrain locality by XSM label
  - From: Daniel De Graaf
- [Xen-devel] [PATCH 05/14] stubdom/vtpm: make state save operation atomic
  - From: Daniel De Graaf
- [Xen-devel] [PATCH 11/14] mini-os/tpmback: Replace UUID field with opaque pointer
  - From: Daniel De Graaf
- [Xen-devel] [PATCH 12/14] mini-os/tpmback: add tpmback_get_peercontext
  - From: Daniel De Graaf
- [Xen-devel] [PATCH 10/14] mini-os/tpmback: set up callbacks before enumeration
  - From: Daniel De Graaf
- [Xen-devel] [PATCH 06/14] stubdom/grub: send kernel measurements to vTPM
  - From: Daniel De Graaf
- [Xen-devel] [PATCH 03/14] stubdom/vtpm: Support locality field
  - From: Daniel De Graaf
- [Xen-devel] [PATCH 08/14] stubdom/vtpm: support multiple backends
  - From: Daniel De Graaf
- [Xen-devel] [PATCH 09/14] stubdom/vtpm: Add PCR pass-through to hardware TPM
  - From: Daniel De Graaf
- [Xen-devel] [PATCH 02/14] stubdom/vtpm: correct the buffer size returned by TPM_CAP_PROP_INPUT_BUFFER
  - From: Daniel De Graaf
- [Xen-devel] [PATCH 01/14] mini-os/tpm{back, front}: Change shared page ABI
  - From: Daniel De Graaf
- [Xen-devel] [PATCH 04/14] stubdom/vtpm: Allow repoen of closed devices
  - From: Daniel De Graaf

Prev by Date: [Xen-devel] [PATCH 04/14] stubdom/vtpm: Allow repoen of closed devices
Next by Date: [Xen-devel] [PATCH 01/14] mini-os/tpm{back, front}: Change shared page ABI
Previous by thread: [Xen-devel] [PATCH] Avoid race when guest switches between log dirty mode and dirty vram mode.
Next by thread: [Xen-devel] [PATCH 04/14] stubdom/vtpm: Allow repoen of closed devices
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.