[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH v2 0/5] vTPM: Xen stubdom vTPM for HVM virtual machine




> -----Original Message-----
> From: Ian Campbell [mailto:Ian.Campbell@xxxxxxxxxx]
> Sent: Monday, January 05, 2015 9:21 PM
> To: Xu, Quan
> Cc: xen-devel@xxxxxxxxxxxxx; dgdegra@xxxxxxxxxxxxx;
> samuel.thibault@xxxxxxxxxxxx; ian.jackson@xxxxxxxxxxxxx;
> stefano.stabellini@xxxxxxxxxxxxx; wei.liu2@xxxxxxxxxx
> Subject: Re: [PATCH v2 0/5] vTPM: Xen stubdom vTPM for HVM virtual
> machine
> 
> On Tue, 2014-12-30 at 23:44 -0500, Quan Xu wrote:
> 
> Please can you arrange for you patch submissions to be correctly threaded i.e.
> with all the mails containing a reference header either to the previous patch
> or to the 0/N introductory patch.
> 
> Take a look at the --chainreplyto and --thread options to git send-email. If 
> you
> use --dry-run then you should see each mail has a suitable References:
> header if you have got it right.
> 
> Without this I end up with N+1 unrelated email in my INBOX which are very
> hard to keep straight as a series once people start commenting on a subset.
> 
> Thanks,
> Ian.
> 


Thanks. I tried for a lot of times, I will ask some opensource veteran to help 
me.
I really didn't understand it before you tell me.

Thanks 
Quan Xu

> > This patch series are only the Xen part to enable stubdom vTPM for HVM
> virtual machine.
> > it will work w/ Qemu patch series and seaBios patch series. Change
> > QEMU_STUBDOM_VTPM compile option from 'n' to 'y', when the
> Qemu/SeaBios patch series are merged.
> >
> > ========================
> >     *INTRODUCTION*
> > ========================
> > The goal of virtual Trusted Platform Module (vTPM) is to provide a TPM
> > functionality to virtual machines (Fedora, Ubuntu, Redhat, Windows
> > .etc). This allows programs to interact with a TPM in a virtual
> > machine the same way they interact with a TPM on the physical system.
> > Each virtual machine gets its own unique, emulated, software TPM. Each
> major component of vTPM is implemented as a stubdom, providing secure
> separation guaranteed by the hypervisor.
> >
> > The vTPM stubdom is a Xen mini-OS domain that emulates a TPM for the
> > virtual machine to use. It is a small wrapper around the Berlios TPM
> > emulator. TPM commands are passed from mini-os TPM backend driver.
> >
> > ========================
> >      *ARCHITECTURE*
> > ========================
> > The architecture of stubdom vTPM for HVM virtual machine:
> >
> >             +--------------------+
> >             | Windows/Linux DomU | ...
> >             |        |  ^        |
> >             |        v  |        |
> >             |  Qemu tpm1.2 Tis   |
> >             |        |  ^        |
> >             |        v  |        |
> >             | XenStubdoms backend|
> >             +--------------------+
> >                      |  ^
> >                      v  |
> >             +--------------------+
> >             |      XenDevOps     |
> >             +--------------------+
> >                      |  ^
> >                      v  |
> >             +--------------------+
> >             |  mini-os/tpmback   |
> >             |        |  ^        |
> >             |        v  |        |
> >             |   vtpm-stubdom     | ...
> >             |        |  ^        |
> >             |        v  |        |
> >             |  mini-os/tpmfront  |
> >             +--------------------+
> >                      |  ^
> >                      v  |
> >             +--------------------+
> >             |  mini-os/tpmback   |
> >             |        |  ^        |
> >             |        v  |        |
> >             |  vtpmmgr-stubdom   |
> >             |        |  ^        |
> >             |        v  |        |
> >             |  mini-os/tpm_tis   |
> >             +--------------------+
> >                      |  ^
> >                      v  |
> >             +--------------------+
> >             |    Hardware TPM    |
> >             +--------------------+
> >
> >
> >
> >  * Windows/Linux DomU:
> >     The HVM based guest that wants to use a vTPM. There may be
> >     more than one of these.
> >
> >  * Qemu tpm1.2 Tis:
> >     Implementation of the tpm1.2 Tis interface for HVM virtual
> >     machines. It is Qemu emulation device.
> >
> >  * vTPM xenstubdoms driver:
> >     Qemu vTPM driver. This driver provides vtpm initialization
> >     and sending data and commends to a para-virtualized vtpm
> >     stubdom.
> >
> >  * XenDevOps:
> >     Register Xen stubdom vTPM frontend driver, and transfer any
> >     request/repond between TPM xenstubdoms driver and Xen vTPM
> >     stubdom. Facilitate communications between Xen vTPM stubdom
> >     and vTPM xenstubdoms driver.
> >
> >  * mini-os/tpmback:
> >     Mini-os TPM backend driver. The Linux frontend driver connects
> >     to this backend driver to facilitate communications between the
> >     Linux DomU and its vTPM. This driver is also used by vtpmmgr
> >     stubdom to communicate with vtpm-stubdom.
> >
> >  * vtpm-stubdom:
> >     A mini-os stub domain that implements a vTPM. There is a
> >     one to one mapping between running vtpm-stubdom instances and
> >     logical vtpms on the system. The vTPM Platform Configuration
> >     Registers (PCRs) are all initialized to zero.
> >
> >  * mini-os/tpmfront:
> >     Mini-os TPM frontend driver. The vTPM mini-os domain vtpm
> >     stubdom uses this driver to communicate with vtpmmgr-stubdom.
> >     This driver could also be used separately to implement a mini-os
> >     domain that wishes to use a vTPM of its own.
> >
> >  * vtpmmgr-stubdom:
> >     A mini-os domain that implements the vTPM manager. There is only
> >     one vTPM manager and it should be running during the entire lifetime
> >     of the machine. vtpmmgr domain securely stores encryption keys for
> >     each of the vtpms and accesses to the hardware TPM to get the root
> of
> >     trust for the entire system.
> >
> >  * mini-os/tpm_tis:
> >     Mini-os TPM version 1.2 TPM Interface Specification (TIS) driver.
> >     This driver used by vtpmmgr-stubdom to talk directly to the hardware
> >     TPM. Communication is facilitated by mapping hardware memory
> pages
> >     into vtpmmgr stubdom.
> >
> >  * Hardware TPM: The physical TPM 1.2 that is soldered onto the
> motherboard.
> >
> > ========================
> >     *BUILD & TEST*
> > ========================
> > The following steps are how to build and test it:
> >
> > 1. SeaBios with my patch against upstream seabios is not submitted. I
> > will submit seabios patch later. Now I archive my seabios patch
> > against upstream seabios in Github: https://github.com/virt2x/seabios2
> > , try to build it for test.
> >
> > Configure it with Xen,
> > --- <Xen> Config.mk
> >     -SEABIOS_UPSTREAM_URL ?= git://xenbits.xen.org/seabios.git
> >     +SEABIOS_UPSTREAM_URL ?= https://github.com/virt2x/seabios2
> >     [...]
> >     -SEABIOS_UPSTREAM_REVISION ?= rel-1.7.5
> >     +SEABIOS_UPSTREAM_REVISION ?=
> > ea94c083cc15875f46f0bf288b6531154b866f5a
> >
> > 2. QEMU with my patch against upstream QEMU is
> >     '[PATCH v3 0/5] QEMU:Xen stubdom vTPM for HVM virtual machine'.
> > I archive my QEMU patch series again Upstream QEMU in github:
> >     https://github.com/virt2x/qemu-xen-unstable2
> >
> > Configure it with Xen,
> > --- <Xen> Config.mk
> >
> >     -QEMU_UPSTREAM_URL ?=
> git://xenbits.xen.org/qemu-upstream-unstable.git
> >     +QEMU_UPSTREAM_URL ?=
> https://github.com/virt2x/qemu-xen-unstable2
> >     -QEMU_UPSTREAM_REVISION ?= qemu-xen-4.5.0-rc1
> >     +QEMU_UPSTREAM_REVISION ?=
> > 25694232b64104fd4fa2b8086f790b156a970e1e
> >
> > 3. build/install Xen
> > Change QEMU_STUBDOM_VTPM option from 'n' to 'y'
> >     QEMU_STUBDOM_VTPM ?= y
> >
> > ./configure --prefix=/usr
> > make dist
> > make install
> >
> > 4. try to launch vtpmmgr / vtpm domain via
> <Xen>/docs/misc/vtpm-platforms.txt.
> > The reader is assumed to have familiarity with building and installing
> > Xen, Linux, and a basic understanding of the TPM and vTPM concepts.
> >
> > The Linux / Windows HVM guest configuration file needs to be modified
> > to include the following line:
> >
> >     [..]
> >     vtpm=["backend=domu-vtpm"]
> >     device_model_version = 'qemu-xen'
> >     acpi = 1
> >     [..]
> >
> > #(domu-vtpm is the name vtpm domain, A mini-os stub domain that
> > implements a vTPM)
> >
> > 5. enable native TPM 1.2 drvier in HVM virtual machine. for example
> > enable tpm_tis.ko in Linux HVM virtual machine.
> > If you have trousers and tpm_tools installed on the guest, the
> > tpm_version command should return the following:
> >
> > The version command should return the following:
> >   TPM 1.2 Version Info:
> >   Chip Version:        1.2.0.7
> >   Spec Level:          2
> >   Errata Revision:     1
> >   TPM Vendor ID:       ETHZ
> >   TPM Version:         01010000
> >   Manufacturer Info:   4554485a
> >
> > Or check it with sysfs, /sys/class/misc/tpm0
> >
> >
> > --Changes in v2:
> >   -Delete HVM_PARAM_STUBDOM_VTPM parameter, QEMU Reads Xen
> vTPM status via XenStore.
> >
> >
> >
> > Quan Xu (5):
> >   vTPM: event channel bind interdomain with para/hvm virtual machine
> >   vTPM: limit libxl__add_vtpms() function to para virtual machine
> >   vTPM: add TPM TCPA and SSDT for HVM virtual machine when vTPM is
> added
> >   vTPM: add vTPM device for HVM virtual machine
> >   vTPM: add QEMU_STUBDOM_VTPM compile option
> >
> >  Config.mk                             |  4 +++
> >  extras/mini-os/include/tpmback.h      |  3 ++
> >  extras/mini-os/tpmback.c              | 20 +++++++++--
> >  tools/Makefile                        |  7 ++++
> >  tools/firmware/hvmloader/acpi/build.c |  5 +--
> >  tools/libxl/libxl.c                   | 62
> +++++++++++++++++++++++++++++++++++
> >  tools/libxl/libxl_create.c            | 16 +++++++--
> >  tools/libxl/libxl_dm.c                | 16 +++++++++
> >  tools/libxl/libxl_internal.h          |  3 ++
> >  tools/libxl/libxl_types.idl           |  1 +
> >  tools/libxl/xl_cmdimpl.c              |  2 ++
> >  11 files changed, 131 insertions(+), 8 deletions(-)
> >
> 

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.