| 1 | |
|---|
| 2 | Directory Structure |
|---|
| 3 | =================== |
|---|
| 4 | tools/vtpm/tpm_emulator-0.2b.tar.gz -> TPM Emulator downloaded at build time that will |
|---|
| 5 | be patched and used for our vtpms |
|---|
| 6 | tools/vtpm/vtpm.patch -> patch applied to tpm_emulator to make vtpm |
|---|
| 7 | tools/vtpm/vtpm/ -> (created on build) tpm_emulator moved to ring 3, |
|---|
| 8 | listens on a pair of fifos for TPM commands, |
|---|
| 9 | persistent state is sent via named fifo to vtpm |
|---|
| 10 | manager, which encrypts it and protects it. |
|---|
| 11 | tools/vtpm/tpm_emulator.patch -> To allow for debugging and testing on non-TPM |
|---|
| 12 | platforms, this patches the emulator to allow |
|---|
| 13 | it to be inserted into the dom0 kernel |
|---|
| 14 | tools/vtpm/tpm_emulator-0.2 -> (created on build) directory containing patched emulator |
|---|
| 15 | |
|---|
| 16 | Compile Flags |
|---|
| 17 | =================== |
|---|
| 18 | VTPM_MULTI_VM -> Defined (not finished): VTPMs run in their own VMs |
|---|
| 19 | Not Defined (default): VTPMs are processes |
|---|
| 20 | |
|---|
| 21 | Requirements |
|---|
| 22 | ============ |
|---|
| 23 | - xen-unstable |
|---|
| 24 | - IBM frontend/backend vtpm driver patch |
|---|
| 25 | - vtpm_managerd |
|---|
| 26 | - GNU MP Big number library (GMP) |
|---|
| 27 | |
|---|
| 28 | vtpmd Flow (for vtpm_manager. vtpmd never run by default) |
|---|
| 29 | ============================ |
|---|
| 30 | - Launch the VTPM manager (vtpm_managerd) which which begins listening to the BE with one thread |
|---|
| 31 | and listens to a named fifo that is shared by the vtpms to commuincate with the manager. |
|---|
| 32 | - VTPM Manager listens to TPM BE. |
|---|
| 33 | - When xend launches a tpm frontend equipped VM it contacts the manager over the vtpm backend. |
|---|
| 34 | - When the manager receives the open message from the BE, it launches a vtpm |
|---|
| 35 | - Xend allows the VM to continue booting. |
|---|
| 36 | - When a TPM request is issued to the front end, the front end transmits the TPM request to the backend. |
|---|
| 37 | - The manager receives the TPM requests and uses a named fifo to forward the request to the vtpm. |
|---|
| 38 | - The fifo listener begins listening for the reply from vtpm for the request. |
|---|
| 39 | - Vtpm processes request and replies to manager over shared named fifo. |
|---|
| 40 | - If needed, the vtpm may send a request to the vtpm_manager at any time to save it's secrets to disk. |
|---|
| 41 | - Manager receives response from vtpm and passes it back to backend for forwarding to guest. |
|---|
| 42 | |
|---|
| 43 | tpm_emulator flow |
|---|
| 44 | ================== |
|---|
| 45 | Read documentation in tpm_emulator-0.2 directory |
|---|
