[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH 09/14] stubdom/vtpm: Add PCR pass-through to hardware TPM



On 12/10/2012 02:55 PM, Daniel De Graaf wrote:
> This allows the hardware TPM's PCRs to be accessed from a vTPM for
> debugging and as a simple alternative to a deep quote in situations
> where the integrity of the vTPM's own TCB is not in question.
> 
> Signed-off-by: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>
> ---
>  stubdom/Makefile                   |  1 +
>  stubdom/vtpm-pcr-passthrough.patch | 73 
> ++++++++++++++++++++++++++++++++++++++
>  stubdom/vtpm/vtpm_cmd.c            | 38 ++++++++++++++++++++
>  3 files changed, 112 insertions(+)
>  create mode 100644 stubdom/vtpm-pcr-passthrough.patch

This patch is incomplete, so don't apply it: seal operations can't use the
extra PCRs, and it's likely other operations such as nvram have the same
problem. It's not a dependency for any other patch, and an alternative
implementation should end up being more configurable anyway.

-- 
Daniel De Graaf
National Security Agency

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.