|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH v2 0/5] vTPM: Xen stubdom vTPM for HVM virtual machine
> -----Original Message----- > From: Ian Campbell [mailto:Ian.Campbell@xxxxxxxxxx] > Sent: Monday, January 05, 2015 9:21 PM > To: Xu, Quan > Cc: xen-devel@xxxxxxxxxxxxx; dgdegra@xxxxxxxxxxxxx; > samuel.thibault@xxxxxxxxxxxx; ian.jackson@xxxxxxxxxxxxx; > stefano.stabellini@xxxxxxxxxxxxx; wei.liu2@xxxxxxxxxx > Subject: Re: [PATCH v2 0/5] vTPM: Xen stubdom vTPM for HVM virtual > machine > > On Tue, 2014-12-30 at 23:44 -0500, Quan Xu wrote: > > Please can you arrange for you patch submissions to be correctly threaded i.e. > with all the mails containing a reference header either to the previous patch > or to the 0/N introductory patch. > > Take a look at the --chainreplyto and --thread options to git send-email. If > you > use --dry-run then you should see each mail has a suitable References: > header if you have got it right. > > Without this I end up with N+1 unrelated email in my INBOX which are very > hard to keep straight as a series once people start commenting on a subset. > > Thanks, > Ian. > Thanks. I tried for a lot of times, I will ask some opensource veteran to help me. I really didn't understand it before you tell me. Thanks Quan Xu > > This patch series are only the Xen part to enable stubdom vTPM for HVM > virtual machine. > > it will work w/ Qemu patch series and seaBios patch series. Change > > QEMU_STUBDOM_VTPM compile option from 'n' to 'y', when the > Qemu/SeaBios patch series are merged. > > > > ======================== > > *INTRODUCTION* > > ======================== > > The goal of virtual Trusted Platform Module (vTPM) is to provide a TPM > > functionality to virtual machines (Fedora, Ubuntu, Redhat, Windows > > .etc). This allows programs to interact with a TPM in a virtual > > machine the same way they interact with a TPM on the physical system. > > Each virtual machine gets its own unique, emulated, software TPM. Each > major component of vTPM is implemented as a stubdom, providing secure > separation guaranteed by the hypervisor. > > > > The vTPM stubdom is a Xen mini-OS domain that emulates a TPM for the > > virtual machine to use. It is a small wrapper around the Berlios TPM > > emulator. TPM commands are passed from mini-os TPM backend driver. > > > > ======================== > > *ARCHITECTURE* > > ======================== > > The architecture of stubdom vTPM for HVM virtual machine: > > > > +--------------------+ > > | Windows/Linux DomU | ... > > | | ^ | > > | v | | > > | Qemu tpm1.2 Tis | > > | | ^ | > > | v | | > > | XenStubdoms backend| > > +--------------------+ > > | ^ > > v | > > +--------------------+ > > | XenDevOps | > > +--------------------+ > > | ^ > > v | > > +--------------------+ > > | mini-os/tpmback | > > | | ^ | > > | v | | > > | vtpm-stubdom | ... > > | | ^ | > > | v | | > > | mini-os/tpmfront | > > +--------------------+ > > | ^ > > v | > > +--------------------+ > > | mini-os/tpmback | > > | | ^ | > > | v | | > > | vtpmmgr-stubdom | > > | | ^ | > > | v | | > > | mini-os/tpm_tis | > > +--------------------+ > > | ^ > > v | > > +--------------------+ > > | Hardware TPM | > > +--------------------+ > > > > > > > > * Windows/Linux DomU: > > The HVM based guest that wants to use a vTPM. There may be > > more than one of these. > > > > * Qemu tpm1.2 Tis: > > Implementation of the tpm1.2 Tis interface for HVM virtual > > machines. It is Qemu emulation device. > > > > * vTPM xenstubdoms driver: > > Qemu vTPM driver. This driver provides vtpm initialization > > and sending data and commends to a para-virtualized vtpm > > stubdom. > > > > * XenDevOps: > > Register Xen stubdom vTPM frontend driver, and transfer any > > request/repond between TPM xenstubdoms driver and Xen vTPM > > stubdom. Facilitate communications between Xen vTPM stubdom > > and vTPM xenstubdoms driver. > > > > * mini-os/tpmback: > > Mini-os TPM backend driver. The Linux frontend driver connects > > to this backend driver to facilitate communications between the > > Linux DomU and its vTPM. This driver is also used by vtpmmgr > > stubdom to communicate with vtpm-stubdom. > > > > * vtpm-stubdom: > > A mini-os stub domain that implements a vTPM. There is a > > one to one mapping between running vtpm-stubdom instances and > > logical vtpms on the system. The vTPM Platform Configuration > > Registers (PCRs) are all initialized to zero. > > > > * mini-os/tpmfront: > > Mini-os TPM frontend driver. The vTPM mini-os domain vtpm > > stubdom uses this driver to communicate with vtpmmgr-stubdom. > > This driver could also be used separately to implement a mini-os > > domain that wishes to use a vTPM of its own. > > > > * vtpmmgr-stubdom: > > A mini-os domain that implements the vTPM manager. There is only > > one vTPM manager and it should be running during the entire lifetime > > of the machine. vtpmmgr domain securely stores encryption keys for > > each of the vtpms and accesses to the hardware TPM to get the root > of > > trust for the entire system. > > > > * mini-os/tpm_tis: > > Mini-os TPM version 1.2 TPM Interface Specification (TIS) driver. > > This driver used by vtpmmgr-stubdom to talk directly to the hardware > > TPM. Communication is facilitated by mapping hardware memory > pages > > into vtpmmgr stubdom. > > > > * Hardware TPM: The physical TPM 1.2 that is soldered onto the > motherboard. > > > > ======================== > > *BUILD & TEST* > > ======================== > > The following steps are how to build and test it: > > > > 1. SeaBios with my patch against upstream seabios is not submitted. I > > will submit seabios patch later. Now I archive my seabios patch > > against upstream seabios in Github: https://github.com/virt2x/seabios2 > > , try to build it for test. > > > > Configure it with Xen, > > --- <Xen> Config.mk > > -SEABIOS_UPSTREAM_URL ?= git://xenbits.xen.org/seabios.git > > +SEABIOS_UPSTREAM_URL ?= https://github.com/virt2x/seabios2 > > [...] > > -SEABIOS_UPSTREAM_REVISION ?= rel-1.7.5 > > +SEABIOS_UPSTREAM_REVISION ?= > > ea94c083cc15875f46f0bf288b6531154b866f5a > > > > 2. QEMU with my patch against upstream QEMU is > > '[PATCH v3 0/5] QEMU:Xen stubdom vTPM for HVM virtual machine'. > > I archive my QEMU patch series again Upstream QEMU in github: > > https://github.com/virt2x/qemu-xen-unstable2 > > > > Configure it with Xen, > > --- <Xen> Config.mk > > > > -QEMU_UPSTREAM_URL ?= > git://xenbits.xen.org/qemu-upstream-unstable.git > > +QEMU_UPSTREAM_URL ?= > https://github.com/virt2x/qemu-xen-unstable2 > > -QEMU_UPSTREAM_REVISION ?= qemu-xen-4.5.0-rc1 > > +QEMU_UPSTREAM_REVISION ?= > > 25694232b64104fd4fa2b8086f790b156a970e1e > > > > 3. build/install Xen > > Change QEMU_STUBDOM_VTPM option from 'n' to 'y' > > QEMU_STUBDOM_VTPM ?= y > > > > ./configure --prefix=/usr > > make dist > > make install > > > > 4. try to launch vtpmmgr / vtpm domain via > <Xen>/docs/misc/vtpm-platforms.txt. > > The reader is assumed to have familiarity with building and installing > > Xen, Linux, and a basic understanding of the TPM and vTPM concepts. > > > > The Linux / Windows HVM guest configuration file needs to be modified > > to include the following line: > > > > [..] > > vtpm=["backend=domu-vtpm"] > > device_model_version = 'qemu-xen' > > acpi = 1 > > [..] > > > > #(domu-vtpm is the name vtpm domain, A mini-os stub domain that > > implements a vTPM) > > > > 5. enable native TPM 1.2 drvier in HVM virtual machine. for example > > enable tpm_tis.ko in Linux HVM virtual machine. > > If you have trousers and tpm_tools installed on the guest, the > > tpm_version command should return the following: > > > > The version command should return the following: > > TPM 1.2 Version Info: > > Chip Version: 1.2.0.7 > > Spec Level: 2 > > Errata Revision: 1 > > TPM Vendor ID: ETHZ > > TPM Version: 01010000 > > Manufacturer Info: 4554485a > > > > Or check it with sysfs, /sys/class/misc/tpm0 > > > > > > --Changes in v2: > > -Delete HVM_PARAM_STUBDOM_VTPM parameter, QEMU Reads Xen > vTPM status via XenStore. > > > > > > > > Quan Xu (5): > > vTPM: event channel bind interdomain with para/hvm virtual machine > > vTPM: limit libxl__add_vtpms() function to para virtual machine > > vTPM: add TPM TCPA and SSDT for HVM virtual machine when vTPM is > added > > vTPM: add vTPM device for HVM virtual machine > > vTPM: add QEMU_STUBDOM_VTPM compile option > > > > Config.mk | 4 +++ > > extras/mini-os/include/tpmback.h | 3 ++ > > extras/mini-os/tpmback.c | 20 +++++++++-- > > tools/Makefile | 7 ++++ > > tools/firmware/hvmloader/acpi/build.c | 5 +-- > > tools/libxl/libxl.c | 62 > +++++++++++++++++++++++++++++++++++ > > tools/libxl/libxl_create.c | 16 +++++++-- > > tools/libxl/libxl_dm.c | 16 +++++++++ > > tools/libxl/libxl_internal.h | 3 ++ > > tools/libxl/libxl_types.idl | 1 + > > tools/libxl/xl_cmdimpl.c | 2 ++ > > 11 files changed, 131 insertions(+), 8 deletions(-) > > > _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |