Xen project Mailing List

Re: [Xense-devel] [Q] about vTPM

To: "Scarlata, Vincent R" <vincent.r.scarlata@xxxxxxxxx>

From: Martin Hermanowski <lists@xxxxxxxxxxxxxxxxxxxxxxx>

Date: Sun, 02 Jul 2006 15:53:54 +0200

Delivery-date: Sun, 02 Jul 2006 06:54:21 -0700

List-id: "A discussion list for those developing security enhancements for Xen." <xense-devel.lists.xensource.com>

Openpgp: id=98A3D1EC

Scarlata, Vincent R wrote: > > >> -----Original Message----- >> From: xense-devel-bounces@xxxxxxxxxxxxxxxxxxx >> [mailto:xense-devel-bounces@xxxxxxxxxxxxxxxxxxx] On Behalf Of >> Martin Hermanowski >> Sent: Saturday, July 01, 2006 6:43 AM >> To: Ronald Perez >> Cc: xense-devel@xxxxxxxxxxxxxxxxxxx >> Subject: Re: [Xense-devel] [Q] about vTPM >> >> One thing that surprised me after reading the report was, that the >> current vTPM implementation in xen-testing did not do any measurements >> to PCRs, and that it seems like the vTPM is created when the tpm-xen >> module is loaded in DomU, and not when the DomU is created. >> >> If I understood the vTPM architecture correctly, this is not >> implementation specific (this is only the vtpm_managerd part, right?), >> but a Xen issue. > > I think a couple of different issues are being combined here. > > 1) As an artifact of xen's FE/BE structure and the way we *were* > signaling the vtpm manager about new domains, a new VTPM instance wasn't > created until the FE driver executed and told the BE about it. When > Dom0/DomU merged into one kernel tree, the FE has become a module, which > is far to late to start the vTPM. This, however, has changed in the > unstable tree. The instance is now created during domain construction > before the domain starts executing. OK, I will have a look at -unstable. This behaviour is what I expected to find. > 2) The boot process and xen and the currently trusted dom 0 are not > measured into the TPM. This requires you to install a TPM enhanced GRUB > on your system. This is not included in xen, but is a standard part of > TPM enabling your linux-based system. Yes, I am aware of this. This does not differ from "normal" TPM secured systems. > 3) When the guest comes up, PCRRead indicates that all the PCRs are > empty. This has 2 causes. One is that standard linux does not have a TPM > measurement facility. If you want your OS measured, you will need to > install something like IBM's Integrity Measurement Agent (IMA). Second, > we are currently not preloading any of the low PCRs with appropriate > boot information. This is mostly because we haven't bottomed out on what > they should be, and TCG hasn't declared the correct behavior in the form > of a spec. There are legitimate arguments in several different > directions, depending on a variety of factors. I would be happy to break > out into a discussion about various was to represent a virtual > environment in VTPM, but I would want to take it off the list as it is > not a xen discussion. I understand that extending the PCR concept to support virtualization is still in discussion, and thus problematic to implement. While I think that the idea expressed in the RC23879 report (Measuring Dom0 to PCR 8 and marking it read-only in DomU) looks very nice, it might run into problems when HVM domains should be supported, which want to use PCR 8 for their own measurements... Is there a public list for this discussion? Thanks a lot for the clarifications! Regards, Martin -- Martin Hermanowski http://martin.hermanowski.name _______________________________________________ Xense-devel mailing list Xense-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xense-devel

References:

RE: [Xense-devel] [Q] about vTPM
- From: Scarlata, Vincent R

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.