The isolation of the VTPM architecture
comes from the domain isolation that Xen provides. In the optional compile
mode, further isolation between VTPM instances is also provided by Xen’s
domain isolation. The shared memory driver is simply referring to the fact that
the TPM FE/BE driver uses a shared page (as most FE/BE pairs do) in order to
transmit the TPM command from the guest to the domain with the VTPM manager.
I think there is a little bit of confusion
on the GVTPM. Generalized VTPM is the VTPM framework, but it realizes that the
architecture doesn’t need to be limited to TPM functionality. It can be
generalized to create virtual secure coprocessors for nearly any function.
However in the context of TCG or current Xen implementation we are talking
strictly about VTPMs and no other use of the framework.
TCG’s opinion about VTPMs is that there
are a couple of condoned proposals for ways to provide trustworthy VTPMs, and
TCG members are not discounting virtual environments in their work. IBM and
Intel both are working in TCG to make sure that our industry efforts and TCG work
are complimentary and not opposing.
Unfortunately, we do not have any public
documentation on VTPM at this time beyond presentations; however, I can answer
any questions you have over email directly.
-Vinnie Scarlata
Trusted Platform Lab
System Technology Lab, CTG
Intel Corporation
From:
xense-devel-bounces@xxxxxxxxxxxxxxxxxxx
[mailto:xense-devel-bounces@xxxxxxxxxxxxxxxxxxx] On Behalf Of jackyhuangq@xxxxxxxx
Sent: Tuesday, April 25, 2006 7:41
AM
To:
xense-devel@xxxxxxxxxxxxxxxxxxx
Subject: [Xense-devel] questions
about isolation model and GVTPM
Hi
guys,
I am interesting in
vitrualization and tcpa.I want to do some research on Xen platform to present a
more trusted VMM. I think the key points are isolation and integrity.
With isoliation, I
want to use uninterference policy to confine the communication between xen and
domains with device channel.That is to say, map the formal model to xen. I
think now the MAC mechanism also does some isolation, the channel-control
analyse with formal model is another way, especially used for confine the TCB
where access control can do nothing.By the way,I think critical application
also is a part of TCB.
And from Reiner, I
see Xen is not a isolation VMM,or separation VMM.But I think formal analyze can
benefit confinement of Xen's I/O device.
With integrity, I
want to examine the GVTPM architecture and do something based on it.
My questions are:
does the isolation provided by Xen for domains is strong enough from your
developer's view? Is there anybody can help me to learn more about GVTPM except
for a .ppt document? Something like what the function of "shared memory
TPM driver" in the code? is it a backend driver? Or what is the opinion of
TCG about GVTPM?
I am already much
inspired by your help in the mail list.Hope I can do something to the
community. Thanks!
Yours Huang
