Hi, As I understand, there are no device drivers in the Xen hypervisor layer (they are in Dom0). Is it then possible for Xen to talk to a Trusted Platform Module (TPM) directly? -Brian --------------------------------- Get your own web address for just $1.99/1st yr. We''ll help. Yahoo! Small Business. _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel
________________________________ From: xen-devel-bounces@lists.xensource.com [mailto:xen-devel-bounces@lists.xensource.com] On Behalf Of Security Initiative Team Sent: 21 September 2006 22:35 To: xen-devel@lists.xensource.com Subject: [Xen-devel] Xen talk to TPM Hi, As I understand, there are no device drivers in the Xen hypervisor layer (they are in Dom0). Is it then possible for Xen to talk to a Trusted Platform Module (TPM) directly? I think it works like this at the moment: Dom0 has the ability to use TPM, and there is a vTPM interface that allows other domains to access the "virtual TPM". Xen (as in the actual hypervisor) isn''t able to access the TPM itself, nor should it. I also think the future holds a "split up" Dom0 so that some of the functions currently carried out by Dom0 are moved to another "more secure" domain (Dom-1, DomS0 or whatever you''d like to call it). But that''s not the current situation, and it''s probably going to be some time before this happens. If I''ve got this wrong, I''m sure someone will tell us... ;-) -- Mats -Brian ________________________________ Get your own web address for just $1.99/1st yr <http://us.rd.yahoo.com/evt=43290/*http://smallbusiness.yahoo.com/domain s> . We''ll help. Yahoo! Small Business <http://us.rd.yahoo.com/evt=41244/*http://smallbusiness.yahoo.com/> . _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel
xen-devel-bounces@lists.xensource.com wrote on 09/21/2006 05:34:36 PM:> Hi, > > As I understand, there are no device drivers in the Xen hypervisor > layer (they are in Dom0).None of the ''major'' device drivers at least.> > Is it then possible for Xen to talk to a Trusted Platform Module (TPM) > directly?If Xen had a device driver for the TPM, then it would be able to do that. Why do you want to push it into Xen, though? Stefan _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel
Hi Brian, As Stefan already explained there''s no TPM device driver in the hypervisor because it is designed to be as thin as possible for various (security) reasons. That''s why there''s no way right now for the hypervisor itself to talk to a TPM. Right now the TPM driver resides in Dom0, but there''re approaches to move it to another (lightweight, secure) domain, so that even Dom0 just has a vTPM. However, this is not implemented yet. I don''t see the point of placing a TPM driver into the hypervisor. What exactly do you want to achieve with that? Anna From: xen-devel-bounces@lists.xensource.com [mailto:xen-devel-bounces@lists.xensource.com] On Behalf Of Security Initiative Team Sent: 21 September 2006 22:35 To: xen-devel@lists.xensource.com Subject: [Xen-devel] Xen talk to TPM Hi, As I understand, there are no device drivers in the Xen hypervisor layer (they are in Dom0). Is it then possible for Xen to talk to a Trusted Platform Module (TPM) directly? I think it works like this at the moment: Dom0 has the ability to use TPM, and there is a vTPM interface that allows other domains to access the "virtual TPM". Xen (as in the actual hypervisor) isn''t able to access the TPM itself, nor should it. I also think the future holds a "split up" Dom0 so that some of the functions currently carried out by Dom0 are moved to another "more secure" domain (Dom-1, DomS0 or whatever you''d like to call it). But that''s not the current situation, and it''s probably going to be some time before this happens. If I''ve got this wrong, I''m sure someone will tell us... ;-) -- Mats _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel
Hi, To track the memory being used by an application running in DomU, is it better to make tweaks in Dom0 or the hypervisor layer? Is it possible to just put some hooks in the do_mmu_update hypercall? Also, how does one enable log-dirty shadow mode? Does this actually createa log file somewhere? -Craig --------------------------------- Get your email and more, right on the new Yahoo.com _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel