|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH v2 0/5] vTPM: Xen stubdom vTPM for HVM virtual machine
On Tue, 2014-12-30 at 23:44 -0500, Quan Xu wrote: Please can you arrange for you patch submissions to be correctly threaded i.e. with all the mails containing a reference header either to the previous patch or to the 0/N introductory patch. Take a look at the --chainreplyto and --thread options to git send-email. If you use --dry-run then you should see each mail has a suitable References: header if you have got it right. Without this I end up with N+1 unrelated email in my INBOX which are very hard to keep straight as a series once people start commenting on a subset. Thanks, Ian. > This patch series are only the Xen part to enable stubdom vTPM for HVM > virtual machine. > it will work w/ Qemu patch series and seaBios patch series. Change > QEMU_STUBDOM_VTPM compile > option from 'n' to 'y', when the Qemu/SeaBios patch series are merged. > > ======================== > *INTRODUCTION* > ======================== > The goal of virtual Trusted Platform Module (vTPM) is to provide a TPM > functionality to virtual > machines (Fedora, Ubuntu, Redhat, Windows .etc). This allows programs to > interact with a TPM in > a virtual machine the same way they interact with a TPM on the physical > system. Each virtual > machine gets its own unique, emulated, software TPM. Each major component of > vTPM is implemented > as a stubdom, providing secure separation guaranteed by the hypervisor. > > The vTPM stubdom is a Xen mini-OS domain that emulates a TPM for the virtual > machine to use. It > is a small wrapper around the Berlios TPM emulator. TPM commands are passed > from mini-os TPM > backend driver. > > ======================== > *ARCHITECTURE* > ======================== > The architecture of stubdom vTPM for HVM virtual machine: > > +--------------------+ > | Windows/Linux DomU | ... > | | ^ | > | v | | > | Qemu tpm1.2 Tis | > | | ^ | > | v | | > | XenStubdoms backend| > +--------------------+ > | ^ > v | > +--------------------+ > | XenDevOps | > +--------------------+ > | ^ > v | > +--------------------+ > | mini-os/tpmback | > | | ^ | > | v | | > | vtpm-stubdom | ... > | | ^ | > | v | | > | mini-os/tpmfront | > +--------------------+ > | ^ > v | > +--------------------+ > | mini-os/tpmback | > | | ^ | > | v | | > | vtpmmgr-stubdom | > | | ^ | > | v | | > | mini-os/tpm_tis | > +--------------------+ > | ^ > v | > +--------------------+ > | Hardware TPM | > +--------------------+ > > > > * Windows/Linux DomU: > The HVM based guest that wants to use a vTPM. There may be > more than one of these. > > * Qemu tpm1.2 Tis: > Implementation of the tpm1.2 Tis interface for HVM virtual > machines. It is Qemu emulation device. > > * vTPM xenstubdoms driver: > Qemu vTPM driver. This driver provides vtpm initialization > and sending data and commends to a para-virtualized vtpm > stubdom. > > * XenDevOps: > Register Xen stubdom vTPM frontend driver, and transfer any > request/repond between TPM xenstubdoms driver and Xen vTPM > stubdom. Facilitate communications between Xen vTPM stubdom > and vTPM xenstubdoms driver. > > * mini-os/tpmback: > Mini-os TPM backend driver. The Linux frontend driver connects > to this backend driver to facilitate communications between the > Linux DomU and its vTPM. This driver is also used by vtpmmgr > stubdom to communicate with vtpm-stubdom. > > * vtpm-stubdom: > A mini-os stub domain that implements a vTPM. There is a > one to one mapping between running vtpm-stubdom instances and > logical vtpms on the system. The vTPM Platform Configuration > Registers (PCRs) are all initialized to zero. > > * mini-os/tpmfront: > Mini-os TPM frontend driver. The vTPM mini-os domain vtpm > stubdom uses this driver to communicate with vtpmmgr-stubdom. > This driver could also be used separately to implement a mini-os > domain that wishes to use a vTPM of its own. > > * vtpmmgr-stubdom: > A mini-os domain that implements the vTPM manager. There is only > one vTPM manager and it should be running during the entire lifetime > of the machine. vtpmmgr domain securely stores encryption keys for > each of the vtpms and accesses to the hardware TPM to get the root of > trust for the entire system. > > * mini-os/tpm_tis: > Mini-os TPM version 1.2 TPM Interface Specification (TIS) driver. > This driver used by vtpmmgr-stubdom to talk directly to the hardware > TPM. Communication is facilitated by mapping hardware memory pages > into vtpmmgr stubdom. > > * Hardware TPM: The physical TPM 1.2 that is soldered onto the motherboard. > > ======================== > *BUILD & TEST* > ======================== > The following steps are how to build and test it: > > 1. SeaBios with my patch against upstream seabios is not submitted. I will > submit seabios patch later. Now I archive my seabios patch against upstream > seabios in Github: https://github.com/virt2x/seabios2 , try to build it for > test. > > Configure it with Xen, > --- <Xen> Config.mk > -SEABIOS_UPSTREAM_URL ?= git://xenbits.xen.org/seabios.git > +SEABIOS_UPSTREAM_URL ?= https://github.com/virt2x/seabios2 > [...] > -SEABIOS_UPSTREAM_REVISION ?= rel-1.7.5 > +SEABIOS_UPSTREAM_REVISION ?= ea94c083cc15875f46f0bf288b6531154b866f5a > > 2. QEMU with my patch against upstream QEMU is > '[PATCH v3 0/5] QEMU:Xen stubdom vTPM for HVM virtual machine'. > I archive my QEMU patch series again Upstream QEMU in github: > https://github.com/virt2x/qemu-xen-unstable2 > > Configure it with Xen, > --- <Xen> Config.mk > > -QEMU_UPSTREAM_URL ?= git://xenbits.xen.org/qemu-upstream-unstable.git > +QEMU_UPSTREAM_URL ?= https://github.com/virt2x/qemu-xen-unstable2 > -QEMU_UPSTREAM_REVISION ?= qemu-xen-4.5.0-rc1 > +QEMU_UPSTREAM_REVISION ?= 25694232b64104fd4fa2b8086f790b156a970e1e > > 3. build/install Xen > Change QEMU_STUBDOM_VTPM option from 'n' to 'y' > QEMU_STUBDOM_VTPM ?= y > > ./configure --prefix=/usr > make dist > make install > > 4. try to launch vtpmmgr / vtpm domain via <Xen>/docs/misc/vtpm-platforms.txt. > The reader is assumed to have familiarity with building and installing Xen, > Linux, > and a basic understanding of the TPM and vTPM concepts. > > The Linux / Windows HVM guest configuration file needs to be modified to > include the > following line: > > [..] > vtpm=["backend=domu-vtpm"] > device_model_version = 'qemu-xen' > acpi = 1 > [..] > > #(domu-vtpm is the name vtpm domain, A mini-os stub domain that implements a > vTPM) > > 5. enable native TPM 1.2 drvier in HVM virtual machine. for example enable > tpm_tis.ko > in Linux HVM virtual machine. > If you have trousers and tpm_tools installed on the guest, the tpm_version > command should > return the following: > > The version command should return the following: > TPM 1.2 Version Info: > Chip Version: 1.2.0.7 > Spec Level: 2 > Errata Revision: 1 > TPM Vendor ID: ETHZ > TPM Version: 01010000 > Manufacturer Info: 4554485a > > Or check it with sysfs, /sys/class/misc/tpm0 > > > --Changes in v2: > -Delete HVM_PARAM_STUBDOM_VTPM parameter, QEMU Reads Xen vTPM status via > XenStore. > > > > Quan Xu (5): > vTPM: event channel bind interdomain with para/hvm virtual machine > vTPM: limit libxl__add_vtpms() function to para virtual machine > vTPM: add TPM TCPA and SSDT for HVM virtual machine when vTPM is added > vTPM: add vTPM device for HVM virtual machine > vTPM: add QEMU_STUBDOM_VTPM compile option > > Config.mk | 4 +++ > extras/mini-os/include/tpmback.h | 3 ++ > extras/mini-os/tpmback.c | 20 +++++++++-- > tools/Makefile | 7 ++++ > tools/firmware/hvmloader/acpi/build.c | 5 +-- > tools/libxl/libxl.c | 62 > +++++++++++++++++++++++++++++++++++ > tools/libxl/libxl_create.c | 16 +++++++-- > tools/libxl/libxl_dm.c | 16 +++++++++ > tools/libxl/libxl_internal.h | 3 ++ > tools/libxl/libxl_types.idl | 1 + > tools/libxl/xl_cmdimpl.c | 2 ++ > 11 files changed, 131 insertions(+), 8 deletions(-) > _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |