[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [v9 00/19] QEMU:Xen stubdom vTPM for HVM virtual machin
From: |
Xu, Quan |
Subject: |
Re: [Qemu-devel] [v9 00/19] QEMU:Xen stubdom vTPM for HVM virtual machine(QEMU Part) |
Date: |
Wed, 13 Jul 2016 02:55:29 +0000 |
Emil, Thanks for your effort ( today I just come back to return my laptop).
btw, address@hidden may be the right email.
Stefan / Stefano, could you help us review these patches? Thanks in advance!!
Quan
On July 10, 2016 7:48 PM, Emil Condrea <address@hidden> wrote:
> *INTRODUCTION*
> The goal of virtual Trusted Platform Module (vTPM) is to provide a TPM
> functionality to virtual machines (Fedora, Ubuntu, Redhat, Windows .etc).
> This allows programs to interact with a TPM in a virtual machine the same way
> they interact with a TPM on the physical system. Each virtual machine gets its
> own unique, emulated, software TPM. Each major component of vTPM is
> implemented as a stubdom, providing secure separation guaranteed by the
> hypervisor.
>
> The vTPM stubdom is a Xen mini-OS domain that emulates a TPM for the
> virtual machine to use. It is a small wrapper around the Berlios TPM emulator.
> TPM commands are passed from mini-os TPM backend driver.
>
> *ARCHITECTURE*
> The architecture of stubdom vTPM for HVM virtual machine:
>
> +--------------------+
> | Windows/Linux DomU | ...
> | | ^ |
> | v | |
> | Qemu tpm1.2 Tis |
> | | ^ |
> | v | |
> | XenStubdoms backend|
> +--------------------+
> | ^
> v |
> +--------------------+
> | XenDevOps |
> +--------------------+
> | ^
> v |
> +--------------------+
> | mini-os/tpmback |
> | | ^ |
> | v | |
> | vtpm-stubdom | ...
> | | ^ |
> | v | |
> | mini-os/tpmfront |
> +--------------------+
> | ^
> v |
> +--------------------+
> | mini-os/tpmback |
> | | ^ |
> | v | |
> | vtpmmgr-stubdom |
> | | ^ |
> | v | |
> | mini-os/tpm_tis |
> +--------------------+
> | ^
> v |
> +--------------------+
> | Hardware TPM |
> +--------------------+
>
> * Windows/Linux DomU:
> The HVM based guest that wants to use a vTPM. There may be
> more than one of these.
>
> * Qemu tpm1.2 Tis:
> Implementation of the tpm1.2 Tis interface for HVM virtual
> machines. It is Qemu emulation device.
>
> * vTPM xenstubdoms driver:
> Qemu vTPM driver. This driver provides vtpm initialization
> and sending data and commends to a para-virtualized vtpm
> stubdom.
>
> * XenDevOps:
> Register Xen stubdom vTPM frontend driver, and transfer any
> request/repond between TPM xenstubdoms driver and Xen vTPM
> stubdom. Facilitate communications between Xen vTPM stubdom
> and vTPM xenstubdoms driver.
>
> * mini-os/tpmback:
> Mini-os TPM backend driver. The Linux frontend driver connects
> to this backend driver to facilitate communications between the
> Linux DomU and its vTPM. This driver is also used by vtpmmgr
> stubdom to communicate with vtpm-stubdom.
>
> * vtpm-stubdom:
> A mini-os stub domain that implements a vTPM. There is a
> one to one mapping between running vtpm-stubdom instances and
> logical vtpms on the system. The vTPM Platform Configuration
> Registers (PCRs) are all initialized to zero.
>
> * mini-os/tpmfront:
> Mini-os TPM frontend driver. The vTPM mini-os domain vtpm
> stubdom uses this driver to communicate with vtpmmgr-stubdom.
> This driver could also be used separately to implement a mini-os
> domain that wishes to use a vTPM of its own.
>
> * vtpmmgr-stubdom:
> A mini-os domain that implements the vTPM manager. There is only
> one vTPM manager and it should be running during the entire lifetime
> of the machine. vtpmmgr domain securely stores encryption keys for
> each of the vtpms and accesses to the hardware TPM to get the root of
> trust for the entire system.
>
> * mini-os/tpm_tis:
> Mini-os TPM version 1.2 TPM Interface Specification (TIS) driver.
> This driver used by vtpmmgr-stubdom to talk directly to the hardware
> TPM. Communication is facilitated by mapping hardware memory pages
> into vtpmmgr stubdom.
>
> * Hardware TPM: The physical TPM 1.2 that is soldered onto the
> motherboard.
>
> ---
> Changes in v9
> High level changes: (each patch has a detailed history versioning)
> * rebase on upstream qemu
> * refactor qemu xendevs, xenstore functions in order to be shared with both
> backend and frontends
> * convert tpm stubdoms to new qapi layout
> * use libxengnttab, libxenevtchn stable API instead of xc_* calls
> * added reset_tpm_established_flag and get_tpm_version for TPMDriverOps
> * instead of xen_frontend.c global variable xenstore_dev, use vtpm specific
> xenstore_vtpm_dev (since it will be needed just for tpm_xenstubdoms qemu
> driver)
>
>
> Emil Condrea (19):
> xen: Create a new file xen_pvdev.c
> xen: Create a new file xen_frontend.c
> xen: Move xenstore_update to xen_pvdev.c
> xen: Move evtchn functions to xen_pvdev.c
> xen: Prepare xendev qtail to be shared with frontends
> xen: Rename xen_be_printf to xen_pv_printf
> xen: Rename xen_be_unbind_evtchn
> xen: Rename xen_be_send_notify
> xen: Rename xen_be_evtchn_event
> xen: Rename xen_be_find_xendev
> xen: Rename xen_be_del_xendev
> xen: Rename xen_be_frontend_changed
> xen: Distinguish between frontend and backend devops
> Qemu-Xen-vTPM: Support for Xen stubdom vTPM command line options
> Qemu-Xen-vTPM: Xen frontend driver infrastructure
> Qemu-Xen-vTPM: Register Xen stubdom vTPM frontend driver
> Qemu-Xen-vTPM: Move tpm_passthrough_is_selftest() into tpm_util.c
> Qemu-Xen-vTPM: Qemu vTPM xenstubdoms backend
> Qemu-Xen-vTPM: QEMU machine class is initialized before tpm_init()
>
> backends/tpm.c | 11 ++
> configure | 14 ++
> hmp.c | 2 +
> hw/block/xen_disk.c | 59 +++---
> hw/char/xen_console.c | 16 +-
> hw/display/xenfb.c | 57 +++---
> hw/net/xen_nic.c | 29 +--
> hw/tpm/Makefile.objs | 3 +-
> hw/tpm/tpm_passthrough.c | 13 +-
> hw/tpm/tpm_util.c | 11 ++
> hw/tpm/tpm_util.h | 1 +
> hw/tpm/tpm_xenstubdoms.c | 284 ++++++++++++++++++++++++++
> hw/tpm/xen_vtpm_frontend.c | 303 ++++++++++++++++++++++++++++
> hw/tpm/xen_vtpm_frontend.h | 10 +
> hw/usb/xen-usb.c | 38 ++--
> hw/xen/Makefile.objs | 2 +-
> hw/xen/xen_backend.c | 378 ++++-------------------------------
> hw/xen/xen_devconfig.c | 4 +-
> hw/xen/xen_frontend.c | 416
> +++++++++++++++++++++++++++++++++++++++
> hw/xen/xen_pvdev.c | 298 ++++++++++++++++++++++++++++
> include/hw/xen/xen_backend.h | 71 +------
> include/hw/xen/xen_frontend.h | 20 ++
> include/hw/xen/xen_pvdev.h | 83 ++++++++
> include/sysemu/tpm_backend_int.h | 2 +
> qapi-schema.json | 16 +-
> qemu-options.hx | 13 +-
> tpm.c | 7 +-
> vl.c | 17 +-
> xen-common.c | 4 +-
> xen-hvm.c | 6 +
> 30 files changed, 1649 insertions(+), 539 deletions(-) create mode 100644
> hw/tpm/tpm_xenstubdoms.c create mode 100644
> hw/tpm/xen_vtpm_frontend.c create mode 100644
> hw/tpm/xen_vtpm_frontend.h create mode 100644 hw/xen/xen_frontend.c
> create mode 100644 hw/xen/xen_pvdev.c create mode 100644
> include/hw/xen/xen_frontend.h create mode 100644
> include/hw/xen/xen_pvdev.h
>
> --
> 1.9.1
- [Qemu-devel] [PATCH 13/19] xen: Distinguish between frontend and backend devops, (continued)
- [Qemu-devel] [PATCH 13/19] xen: Distinguish between frontend and backend devops, Emil Condrea, 2016/07/10
- [Qemu-devel] [PATCH 12/19] xen: Rename xen_be_frontend_changed, Emil Condrea, 2016/07/10
- [Qemu-devel] [PATCH 11/19] xen: Rename xen_be_del_xendev, Emil Condrea, 2016/07/10
- [Qemu-devel] [PATCH 14/19] Qemu-Xen-vTPM: Support for Xen stubdom vTPM command line options, Emil Condrea, 2016/07/10
- [Qemu-devel] [PATCH 15/19] Qemu-Xen-vTPM: Xen frontend driver infrastructure, Emil Condrea, 2016/07/10
- [Qemu-devel] [PATCH 19/19] Qemu-Xen-vTPM: QEMU machine class is initialized before tpm_init(), Emil Condrea, 2016/07/10
- [Qemu-devel] [PATCH 17/19] Qemu-Xen-vTPM: Move tpm_passthrough_is_selftest() into tpm_util.c, Emil Condrea, 2016/07/10
- [Qemu-devel] [PATCH 16/19] Qemu-Xen-vTPM: Register Xen stubdom vTPM frontend driver, Emil Condrea, 2016/07/10
- [Qemu-devel] [PATCH 18/19] Qemu-Xen-vTPM: Qemu vTPM xenstubdoms backend, Emil Condrea, 2016/07/10
- Re: [Qemu-devel] [v9 00/19] QEMU:Xen stubdom vTPM for HVM virtual machine(QEMU Part),
Xu, Quan <=
- Re: [Qemu-devel] [v9 00/19] QEMU:Xen stubdom vTPM for HVM virtual machine(QEMU Part), Anthony PERARD, 2016/07/25