[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH 2/4] vtpm: passthru requests to manager

On Wed, 2014-03-12 at 14:41 -0400, Daniel De Graaf wrote:
> When sending commands to a vTPM, commands with the VTPM_TAG_REQ2 tag are
> passed directly to the TPM Manager since they are used in the management
> interface to the TPM Manager. The VTPM_TAG_REQ tag is translated to
> TPM_TAG_RQU_COMMAND to allow access to the physical TPM for certain
> ordinals (PCRRead, Extend, and GetRandom).

Is this translation sufficient to prevent other types of access getting
passed through? (I presume the intention is not to let the guest access
arbitrary pTPM functionality)

> 
> Signed-off-by: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>
> ---
>  stubdom/vtpm/vtpm.c | 40 +++++++++++++++++++++++++++++++++++++++-
>  1 file changed, 39 insertions(+), 1 deletion(-)
> 
> diff --git a/stubdom/vtpm/vtpm.c b/stubdom/vtpm/vtpm.c
> index f67de18..61982c2 100644
> --- a/stubdom/vtpm/vtpm.c
> +++ b/stubdom/vtpm/vtpm.c
> @@ -33,6 +33,7 @@
>  #include "vtpm_cmd.h"
>  #include "vtpm_pcrs.h"
>  #include "vtpmblk.h"
> +#include "vtpm_manager.h"
>  
>  #define TPM_LOG_INFO LOG_INFO
>  #define TPM_LOG_ERROR LOG_ERR
> @@ -117,6 +118,40 @@ int init_random(void) {
>     return 0;
>  }
>  
> +int check_passthru(tpmcmd_t* tpmcmd) {
> +   TPM_TAG tag;
> +   UINT32 len = 10;
> +   BYTE* ptr;
> +   size_t size;
> +
> +   if(tpmcmd->req_len < 10) {
> +      return false;
> +   }
> +
> +   ptr = tpmcmd->req;
> +   tpm_unmarshal_UINT16(&ptr, &len, &tag);
> +
> +   if (tag == VTPM_TAG_REQ2) {
> +      info("VTPM passthru: %d bytes", (int)tpmcmd->req_len);
> +      tpmfront_cmd(tpmfront_dev, tpmcmd->req, tpmcmd->req_len, 
> &tpmcmd->resp, &size);
> +      tpmcmd->resp_len = size;
> +      info("VTPM passthru return: %d bytes", (int)size);
> +      return true;
> +   }
> +
> +   if (tag == VTPM_TAG_REQ) {
> +      info("VTPM pTPM-cmd: %d bytes", (int)tpmcmd->req_len);
> +      ptr = tpmcmd->req;
> +      tpm_marshal_UINT16(&ptr, &len, TPM_TAG_RQU_COMMAND);
> +      tpmfront_cmd(tpmfront_dev, tpmcmd->req, tpmcmd->req_len, 
> &tpmcmd->resp, &size);
> +      tpmcmd->resp_len = size;
> +      info("VTPM pTPM-cmd return: %d bytes", (int)size);
> +      return true;
> +   }
> +
> +   return false;
> +}
> +
>  int check_ordinal(tpmcmd_t* tpmcmd) {
>     TPM_COMMAND_CODE ord;
>     UINT32 len = 4;
> @@ -209,6 +244,9 @@ static void main_loop(void) {
>              error("Invalid locality (%d) for client in tpm_handle_command", 
> tpmcmd->locality);
>              create_error_response(tpmcmd, TPM_FAIL);
>        }
> +         /* Check for TPM Manager passthrough command */
> +         else if(check_passthru(tpmcmd)) {
> +      }
>           /* Check for disabled ordinals */
>           else if(!check_ordinal(tpmcmd)) {
>              create_error_response(tpmcmd, TPM_BAD_ORDINAL);
> @@ -231,7 +269,7 @@ static void main_loop(void) {
>     }
>  
>  abort_postpcrs:
> -   info("VTPM Shutting down\n");
> +   info("VTPM Shutting down");
>  
>     tpm_emulator_shutdown();
>  }



_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.