|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH 11/11] add vtpm support to libxl
On Tue, 2012-10-02 at 15:31 +0100, Matthew Fioravante wrote: > On 10/02/2012 09:44 AM, Ian Campbell wrote: > > On Mon, 2012-10-01 at 19:40 +0100, Matthew Fioravante wrote: > > > >> Actually thinking about it more, uuids have to be attached to the > >> driver. If 2 vtpms connect to the manager, one could send the uuid of > >> the other and get access to someone elses secrets. > >> > >> TL;DR version > >> > >> uuids must remain part of the driver. > > What stops the driver lying about the UUID in a similar way? > The tpm backend driver (in the manager) will read the uuid from > xenstore. So as long as we trust xenstore ( and the entities who created > the entry, named libxl in dom0), we can trust the uuid and thus the > identity of the vtpm connecting to us. OK, why does that same argument not apply when the toolstack passes the UUID to the manager domain instead? Ian. _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |