mirror of
https://github.com/AuxXxilium/linux_dsm_epyc7002.git
synced 2025-01-13 03:46:32 +07:00
114 lines
4.3 KiB
Plaintext
114 lines
4.3 KiB
Plaintext
|
Virtual TPM interface for Xen
|
||
|
|
||
|
Authors: Matthew Fioravante (JHUAPL), Daniel De Graaf (NSA)
|
||
|
|
||
|
This document describes the virtual Trusted Platform Module (vTPM) subsystem for
|
||
|
Xen. The reader is assumed to have familiarity with building and installing Xen,
|
||
|
Linux, and a basic understanding of the TPM and vTPM concepts.
|
||
|
|
||
|
INTRODUCTION
|
||
|
|
||
|
The goal of this work is to provide a TPM functionality to a virtual guest
|
||
|
operating system (in Xen terms, a DomU). This allows programs to interact with
|
||
|
a TPM in a virtual system the same way they interact with a TPM on the physical
|
||
|
system. Each guest gets its own unique, emulated, software TPM. However, each
|
||
|
of the vTPM's secrets (Keys, NVRAM, etc) are managed by a vTPM Manager domain,
|
||
|
which seals the secrets to the Physical TPM. If the process of creating each of
|
||
|
these domains (manager, vTPM, and guest) is trusted, the vTPM subsystem extends
|
||
|
the chain of trust rooted in the hardware TPM to virtual machines in Xen. Each
|
||
|
major component of vTPM is implemented as a separate domain, providing secure
|
||
|
separation guaranteed by the hypervisor. The vTPM domains are implemented in
|
||
|
mini-os to reduce memory and processor overhead.
|
||
|
|
||
|
This mini-os vTPM subsystem was built on top of the previous vTPM work done by
|
||
|
IBM and Intel corporation.
|
||
|
|
||
|
|
||
|
DESIGN OVERVIEW
|
||
|
---------------
|
||
|
|
||
|
The architecture of vTPM is described below:
|
||
|
|
||
|
+------------------+
|
||
|
| Linux DomU | ...
|
||
|
| | ^ |
|
||
|
| v | |
|
||
|
| xen-tpmfront |
|
||
|
+------------------+
|
||
|
| ^
|
||
|
v |
|
||
|
+------------------+
|
||
|
| mini-os/tpmback |
|
||
|
| | ^ |
|
||
|
| v | |
|
||
|
| vtpm-stubdom | ...
|
||
|
| | ^ |
|
||
|
| v | |
|
||
|
| mini-os/tpmfront |
|
||
|
+------------------+
|
||
|
| ^
|
||
|
v |
|
||
|
+------------------+
|
||
|
| mini-os/tpmback |
|
||
|
| | ^ |
|
||
|
| v | |
|
||
|
| vtpmmgr-stubdom |
|
||
|
| | ^ |
|
||
|
| v | |
|
||
|
| mini-os/tpm_tis |
|
||
|
+------------------+
|
||
|
| ^
|
||
|
v |
|
||
|
+------------------+
|
||
|
| Hardware TPM |
|
||
|
+------------------+
|
||
|
|
||
|
* Linux DomU: The Linux based guest that wants to use a vTPM. There may be
|
||
|
more than one of these.
|
||
|
|
||
|
* xen-tpmfront.ko: Linux kernel virtual TPM frontend driver. This driver
|
||
|
provides vTPM access to a Linux-based DomU.
|
||
|
|
||
|
* mini-os/tpmback: Mini-os TPM backend driver. The Linux frontend driver
|
||
|
connects to this backend driver to facilitate communications
|
||
|
between the Linux DomU and its vTPM. This driver is also
|
||
|
used by vtpmmgr-stubdom to communicate with vtpm-stubdom.
|
||
|
|
||
|
* vtpm-stubdom: A mini-os stub domain that implements a vTPM. There is a
|
||
|
one to one mapping between running vtpm-stubdom instances and
|
||
|
logical vtpms on the system. The vTPM Platform Configuration
|
||
|
Registers (PCRs) are normally all initialized to zero.
|
||
|
|
||
|
* mini-os/tpmfront: Mini-os TPM frontend driver. The vTPM mini-os domain
|
||
|
vtpm-stubdom uses this driver to communicate with
|
||
|
vtpmmgr-stubdom. This driver is also used in mini-os
|
||
|
domains such as pv-grub that talk to the vTPM domain.
|
||
|
|
||
|
* vtpmmgr-stubdom: A mini-os domain that implements the vTPM manager. There is
|
||
|
only one vTPM manager and it should be running during the
|
||
|
entire lifetime of the machine. This domain regulates
|
||
|
access to the physical TPM on the system and secures the
|
||
|
persistent state of each vTPM.
|
||
|
|
||
|
* mini-os/tpm_tis: Mini-os TPM version 1.2 TPM Interface Specification (TIS)
|
||
|
driver. This driver used by vtpmmgr-stubdom to talk directly to
|
||
|
the hardware TPM. Communication is facilitated by mapping
|
||
|
hardware memory pages into vtpmmgr-stubdom.
|
||
|
|
||
|
* Hardware TPM: The physical TPM that is soldered onto the motherboard.
|
||
|
|
||
|
|
||
|
INTEGRATION WITH XEN
|
||
|
--------------------
|
||
|
|
||
|
Support for the vTPM driver was added in Xen using the libxl toolstack in Xen
|
||
|
4.3. See the Xen documentation (docs/misc/vtpm.txt) for details on setting up
|
||
|
the vTPM and vTPM Manager stub domains. Once the stub domains are running, a
|
||
|
vTPM device is set up in the same manner as a disk or network device in the
|
||
|
domain's configuration file.
|
||
|
|
||
|
In order to use features such as IMA that require a TPM to be loaded prior to
|
||
|
the initrd, the xen-tpmfront driver must be compiled in to the kernel. If not
|
||
|
using such features, the driver can be compiled as a module and will be loaded
|
||
|
as usual.
|