[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] Architecture for dom0 integrity measurements.

  • To: xen-devel@xxxxxxxxxxxxx
  • From: "Dr. Greg Wettstein" <greg@xxxxxxxxxxxxxxxxx>
  • Date: Sat, 10 Jan 2015 08:59:24 -0600
  • Delivery-date: Sat, 10 Jan 2015 15:00:06 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xen.org>

Hi, I hope the weekend is going well for everyone.

We have been watching the discussions on the list over the holiday on
the refinement and enhancement of the TPM architecture for Xen,
including support for TPM 2.0.  We are active in measured platform
development and I wanted to pose what is perhaps a philosophical
question to everyone.

Our systems boot from a hardware root of trust via TXT and we heavily
leverage the Linux Integrity Measurement Architecture (IMA) for mutual
remote attestation.  I understand the motivation for running the TPM
hardware manager in an IO emulation domain but unless I miss something
in the current discussions, this architecture precludes the ability of
the dom0 kernel to physically access the TPM which in turn prevents
dom0 from implementing a hardware referenced measurement state via

Others may disagree but I wouldn't even contemplate delivering an
integrity certified platform without including all of the dom0
infrastructure into the platform measurement status.  We heavily
leverage the current 4.4.x vTPM implementation for testing and
development and the documentation states clearly to not integrate
TPM/TIS support into the dom0 OS.

The obvious model is to run a software TPM simulator in dom0 and have
the vTPM I/O domains link to that.  We are heavily invested in IBM's
software TPM simulator and have been tossing around the idea of
building up a proof of concept based on that.  I wanted to make sure
we were not misunderstanding anything with the current or proposed
architecture before we invest the resources.

We have also been considering whether or not to implement the multiple
TPM states in the context of the dom0 hardware virtualization
instance.  Once again not as 'technically secure' but it does cut out
a lot of complexity with the current model, with the added benefit of
that infrastructure being covered by a hardware rooted IMA state.

Also we are extremely interested in what hardware and motherboards
with TPM 2.0 support are being used for this development, obviously
with TXT being a requirement.  It wasn't too long ago we were advised
directly by Intel that physical hardware was not available, perhaps
that was a miscommunication.  Given the work being done, and the Intel
e-mail addresses on the patches, there is obviously access to 2.0
compliant hardware or is all this being done with simulators???

Thanks for any reflections the group may have.

Best wishes for a productive week.


As always,
Dr. G.W. Wettstein, Ph.D.   Enjellic Systems Development, LLC.
4206 N. 19th Ave.           Specializing in information infra-structure
Fargo, ND  58102            development.
PH: 701-281-1686
FAX: 701-281-3949           EMAIL: greg@xxxxxxxxxxxx
"Against stupidity the Gods themselves contend in vain."
                                -- Freidrich von Schiller

Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.