|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [Xense-devel] Run vTPM in its own VM?
Stefan, Thanks for your answer. However, I think the multivm mode approach that Vinnie described in his last post is a much more secure design than running all vTPMs in domain 0. As I don't know details about your internal vTPM implementation, I can only refer to the public Xen implementation which runs the vTPMs as user processes in domain 0. This doesn't seem to be the most secure approach to me as it doesn't provide very good isolation for vTPMs. Furthermore the vTPM manager becomes a real bottleneck if you have many VMs running on one platform. Apart from that domain 0 already holds a lot of complexity of Xen and therefore it is a good thing to move components out as much as possible. Running vTPMs in their own VM will also protect domain 0 from malfunctioning TPM drivers. Anna ________________________________________ From: Stefan Berger [mailto:stefanb@xxxxxxxxxx] Sent: Donnerstag, 14. September 2006 17:36 To: Fischer, Anna Cc: Xense-devel@xxxxxxxxxxxxxxxxxxx Subject: Re: [Xense-devel] Run vTPM in its own VM? xense-devel-bounces@xxxxxxxxxxxxxxxxxxx wrote on 09/14/2006 05:00:56 AM: > The README of the current Xen unstable version says that setting > VTPM_MULTI_VM allows running each vTPM in its own VM. However, compiling > with this option doesn't work on my machine and the code doesn't seem to > be complete for this option. > > Did I miss to configure something or is the current implementation in > Xen not really ready for running a vTPM in a separate VM? I am not familiar with the option above since I am running a different implementation of a VTPM, but I can say that it should generally be possible to run a vTPM in a separate domain, but I haven't done this in a long time. There exists an option when defining the vtpm in the VM configuration file to have it's backend located in a different domain than domain-0. Typically such an entry looks like vtpm=['backend=0,instance=1'] to talk to a vTPM in domain-0 ( => backend=0 ). There's one catch, though, and that's that all the hotplug scripts that are typically doing the life-cycle management of the vTPM instances now also have to be installed in that domain along with hotplug daemon etc.. I myself haven't run the vTPM in any other domain than domain-0 in a long time. > > Can you explain to me how a communication will look like for the planned > implementation in Xen? Will all communication continue to go through the > vTPM manager and the vTPM manager talks to a kind of FE that transmits > TPM commands to a BE running in a separate domain? Or is it possible to > set up direct connections between a user domain TPM FE and the vTPM > running in an isolated VM? It is possible to connect them directly with the vm configuration option above. It should be possible to start a 2nd domain whose only purpose would be to run the vTPM - along with the hotplug stuff mentioned above running in that domain. That domain would have to be started from domain-0. However, you have a gap then if it's about taking integrity measurements of applications and a correct 'trust' chain. The proper way of doing this would be to have that vTPM-hosting domain started before domain 0 (including all the complications on how to access persistent storage etc.). Can you tell us a bit more about what you are planning on doing? Stefan > > Regards, > Anna > > _______________________________________________ > Xense-devel mailing list > Xense-devel@xxxxxxxxxxxxxxxxxxx > http://lists.xensource.com/xense-devel _______________________________________________ Xense-devel mailing list Xense-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xense-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |