[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] vtpm-stubdom migration

On 03/27/2013 11:37 AM, steve_1991@xxxxxxxxxxxx wrote:
I have a question on migration of a VM having vtpm-stubdom. In xen-4.3 VM can 
have vtpm-stubdom. What happens if we migrate a VM having vtpm-stubdom? Does 
vtpom-stubdom also migrate or is this functionality is still not implemented?


This functionality is not yet implemented.

The plan is to have the vtpm stubdom (and, indirectly, the vtpmmgr
domain) involved in the migration so that the vtpm's state can be
securely moved to the destination of the migration. This process needs
to have a defined way to verify that the target of migration is
permissible (for example, one organization's policy might require that
the target also has a real TPM and a key signed by the organization's CA
that indicates the system is physically secure), and also ensure that
the vTPM cannot be cloned during the migration.

Daniel De Graaf
National Security Agency

Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.