source: trunk/packages/xen-common/xen-common/tools/vtpm_manager/README @ 95

Last change on this file since 95 was 34, checked in by hartmans, 17 years ago

Add xen and xen-common

  • Property svn:mime-type set to text/cpp
File size: 4.5 KB
Line 
1// ===================================================================
2//
3// Copyright (c) 2005, Intel Corp.
4// All rights reserved.
5//
6// Redistribution and use in source and binary forms, with or without
7// modification, are permitted provided that the following conditions
8// are met:
9//
10//   * Redistributions of source code must retain the above copyright
11//     notice, this list of conditions and the following disclaimer.
12//   * Redistributions in binary form must reproduce the above
13//     copyright notice, this list of conditions and the following
14//     disclaimer in the documentation and/or other materials provided
15//     with the distribution.
16//   * Neither the name of Intel Corporation nor the names of its
17//     contributors may be used to endorse or promote products derived
18//     from this software without specific prior written permission.
19//
20// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
21// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
22// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
23// FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
24// COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
25// INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
26// (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
27// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28// HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
29// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
30// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
31// OF THE POSSIBILITY OF SUCH DAMAGE.
32// ===================================================================
33
34Directory Structure
35===================
36tools/vtpm_manager/crypto    -> crypto files
37tools/vtpm_manager/TCS       -> TCS implementation
38tools/vtpm_manager/util      -> Utility Library. Include disk-io and buffers.
39tools/vtpm_manager/manager   -> VTPM Manager
40
41Compile Flags
42===================
43LOGGING_MODULES              -> How extensive logging happens
44                                see util/log.h for more info
45
46VTPM_MULTI_VM                -> Defined: VTPMs run in their own VMs
47                                Not Defined (default): VTPMs are processes
48
49# Debugging flags that may disappear without notice in the future
50
51DUMMY_BACKEND                -> vtpm_manager listens on /tmp/in.fifo and
52                                /tmp/out.fifo rather than backend
53
54MANUAL_DM_LAUNCH             -> Must manually launch & kill VTPMs
55
56WELL_KNOWN_OWNER_AUTH        -> Rather than randomly generating the password for the owner,
57                                use a well known value. This is useful for debugging and for
58                                poor bios which do not support clearing TPM if OwnerAuth is
59                                lost. However this has no protection from malicious app
60                                issuing a TPM_OwnerClear to wipe the TPM
61
62Requirements
63============
64- xen-unstable
65- vtpm frontend/backend driver patch
66- OpenSSL Library
67
68Single-VM Flow
69============================
70- Launch the VTPM manager (vtpm_managerd) which which begins listening to the BE with one thread
71  and listens to a named fifo that is shared by the vtpms to commuincate with the manager.
72- VTPM Manager listens to TPM BE.
73- When xend launches a tpm frontend equipped VM it contacts the manager over the vtpm backend.
74- When the manager receives the open message from the BE, it launches a vtpm
75- Xend allows the VM to continue booting.
76- When a TPM request is issued to the front end, the front end transmits the TPM request to the backend.
77- The manager receives the TPM requests and uses a named fifo to forward the request to the vtpm.
78- The fifo listener begins listening for the reply from vtpm for the request.
79- Vtpm processes request and replies to manager over shared named fifo.
80- If needed, the vtpm may send a request to the vtpm_manager at any time to save it's secrets to disk.
81- Manager receives response from vtpm and passes it back to backend for forwarding to guest.
82
83NOTES:
84* SaveService SHOULD seal it's table before saving it to disk. However,
85  the current Xen infrastructure does not provide a mechanism for this to be
86  unsealed later. Specifically, the auth and wrapped key must be available ONLY
87  to the service, or it's not even worth encrypting
88
89  In the future the vtpm manager will be protected by an early boot mechanism
90  that will allow for better protection of it's data.
91
92TODO:
93- Timeout on crashed vtpms
94- create lock for shared fifo for talking to vtpms.
Note: See TracBrowser for help on using the repository browser.