Scarlata, Vincent R wrote:
>
>
>> -----Original Message-----
>> From: xense-devel-bounces@xxxxxxxxxxxxxxxxxxx
>> [mailto:xense-devel-bounces@xxxxxxxxxxxxxxxxxxx] On Behalf Of
>> Martin Hermanowski
>> Sent: Saturday, July 01, 2006 6:43 AM
>> To: Ronald Perez
>> Cc: xense-devel@xxxxxxxxxxxxxxxxxxx
>> Subject: Re: [Xense-devel] [Q] about vTPM
>>
>> One thing that surprised me after reading the report was, that the
>> current vTPM implementation in xen-testing did not do any measurements
>> to PCRs, and that it seems like the vTPM is created when the tpm-xen
>> module is loaded in DomU, and not when the DomU is created.
>>
>> If I understood the vTPM architecture correctly, this is not
>> implementation specific (this is only the vtpm_managerd part, right?),
>> but a Xen issue.
>
> I think a couple of different issues are being combined here.
>
> 1) As an artifact of xen's FE/BE structure and the way we *were*
> signaling the vtpm manager about new domains, a new VTPM instance wasn't
> created until the FE driver executed and told the BE about it. When
> Dom0/DomU merged into one kernel tree, the FE has become a module, which
> is far to late to start the vTPM. This, however, has changed in the
> unstable tree. The instance is now created during domain construction
> before the domain starts executing.
OK, I will have a look at -unstable. This behaviour is what I expected
to find.
> 2) The boot process and xen and the currently trusted dom 0 are not
> measured into the TPM. This requires you to install a TPM enhanced GRUB
> on your system. This is not included in xen, but is a standard part of
> TPM enabling your linux-based system.
Yes, I am aware of this. This does not differ from "normal" TPM secured
systems.
> 3) When the guest comes up, PCRRead indicates that all the PCRs are
> empty. This has 2 causes. One is that standard linux does not have a TPM
> measurement facility. If you want your OS measured, you will need to
> install something like IBM's Integrity Measurement Agent (IMA). Second,
> we are currently not preloading any of the low PCRs with appropriate
> boot information. This is mostly because we haven't bottomed out on what
> they should be, and TCG hasn't declared the correct behavior in the form
> of a spec. There are legitimate arguments in several different
> directions, depending on a variety of factors. I would be happy to break
> out into a discussion about various was to represent a virtual
> environment in VTPM, but I would want to take it off the list as it is
> not a xen discussion.
I understand that extending the PCR concept to support virtualization is
still in discussion, and thus problematic to implement. While I think
that the idea expressed in the RC23879 report (Measuring Dom0 to PCR 8
and marking it read-only in DomU) looks very nice, it might run into
problems when HVM domains should be supported, which want to use PCR 8
for their own measurements...
Is there a public list for this discussion?
Thanks a lot for the clarifications!
Regards,
Martin
--
Martin Hermanowski
http://martin.hermanowski.name
_______________________________________________
Xense-devel mailing list
Xense-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xense-devel
|
Home
xen.org, 