Xen Community, Intel and IBM have been working together to provide TPM (Trusted Platform Module) virtualization for Xen. You can find out more about the architecture and ideas for TPM virtualization at http://summit.xensource.com/pdfs/XenSecurity_Intel_CRozas.pdf and http://www.research.ibm.com/secure_systems_department/projects/vtpm/. [Detailed description of TPM: https://www.trustedcomputinggroup.org/downloads/TCG_1_0_Architecture_Ove rview.pdf; overview: https://www.trustedcomputinggroup.org/downloads/tcg_presentations/TCG_Te chnicalOverview_ACSAC_20041207.zip] The patches that will be sent later today contain the changes and a readme that describes how to integrate and run this TPM virtualization. This is the first release of this functionality and we will continue to maintain and enhance it. TPM virtualization (vTPM) support will consist of the following patches (in two emails). The default behavior will be to build and install these components. 1. hypervisor: additions to include files 2. tools directory: for xend to be able to setup TPM front- and backend interfaces; allows it to parse VM configuration files with vtpm and tpmif entries in the configuration files 3. sparse directory: the TPM front- and backend drivers used by Linux on XEN; a PCI-independent implementation of the TPM driver including a plug-in for interfacing with the TPM front-end driver 4. tools directory: a virtual TPM manager in charge of managing vtpm instances and protecting their secrets while they are offline 5. tools directory: a virtual TPM which will be instantiated by the manager on a one-per-guest basis 6. tools directory: a TPM emulator to allow development and testing on machines which lack a physical TPM A developer-level summary of the functionality is: * The patches support TPM v1.1b. * Support is provided through a TPM block device that can be installed in any domain (dom0 doesn''t need one because the physical TPM driver resides there). * For systems that don''t have a physical TPM but would like to use the measurement functionality, there is a build option that will allow the use of a TPM emulator in dom0 in place of a physical TPM. Naturally, this will not have the security and trust properties of a physical TPM. * All components except the TPM FE driver reside in dom0 (the FEs go into each domU). * Migration (of domU TPM state) is not supported at this time, but it is being worked on. We hope that many of you will give this a try and look forward to your comments and feedback. Intel & IBM _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel