Hi Quan, thanks for the update: this version is much much better than the previous one.
I am not familiar enough with QAPI, HMP and TPM to review the first and the last patches though. Cheers, Stefano On Tue, 30 Dec 2014, Quan Xu wrote: > *INTRODUCTION* > The goal of virtual Trusted Platform Module (vTPM) is to provide a TPM > functionality to virtual machines (Fedora, Ubuntu, Redhat, Windows .etc). > This allows programs to interact with a TPM in a virtual machine the same way > they interact with a TPM on the physical system. Each virtual machine gets > its own unique, emulated, software TPM. Each major component of vTPM is > implemented as a stubdom, providing secure separation guaranteed by the > hypervisor. > > The vTPM stubdom is a Xen mini-OS domain that emulates a TPM for the virtual > machine to use. It is a small wrapper around the Berlios TPM emulator. TPM > commands are passed from mini-os TPM backend driver. > > *ARCHITECTURE* > The architecture of stubdom vTPM for HVM virtual machine: > > +--------------------+ > | Windows/Linux DomU | ... > | | ^ | > | v | | > | Qemu tpm1.2 Tis | > | | ^ | > | v | | > | XenStubdoms backend| > +--------------------+ > | ^ > v | > +--------------------+ > | XenDevOps | > +--------------------+ > | ^ > v | > +--------------------+ > | mini-os/tpmback | > | | ^ | > | v | | > | vtpm-stubdom | ... > | | ^ | > | v | | > | mini-os/tpmfront | > +--------------------+ > | ^ > v | > +--------------------+ > | mini-os/tpmback | > | | ^ | > | v | | > | vtpmmgr-stubdom | > | | ^ | > | v | | > | mini-os/tpm_tis | > +--------------------+ > | ^ > v | > +--------------------+ > | Hardware TPM | > +--------------------+ > > > > * Windows/Linux DomU: > The HVM based guest that wants to use a vTPM. There may be > more than one of these. > > * Qemu tpm1.2 Tis: > Implementation of the tpm1.2 Tis interface for HVM virtual > machines. It is Qemu emulation device. > > * vTPM xenstubdoms driver: > Qemu vTPM driver. This driver provides vtpm initialization > and sending data and commends to a para-virtualized vtpm > stubdom. > > * XenDevOps: > Register Xen stubdom vTPM frontend driver, and transfer any > request/repond between TPM xenstubdoms driver and Xen vTPM > stubdom. Facilitate communications between Xen vTPM stubdom > and vTPM xenstubdoms driver. > > * mini-os/tpmback: > Mini-os TPM backend driver. The Linux frontend driver connects > to this backend driver to facilitate communications between the > Linux DomU and its vTPM. This driver is also used by vtpmmgr > stubdom to communicate with vtpm-stubdom. > > * vtpm-stubdom: > A mini-os stub domain that implements a vTPM. There is a > one to one mapping between running vtpm-stubdom instances and > logical vtpms on the system. The vTPM Platform Configuration > Registers (PCRs) are all initialized to zero. > > * mini-os/tpmfront: > Mini-os TPM frontend driver. The vTPM mini-os domain vtpm > stubdom uses this driver to communicate with vtpmmgr-stubdom. > This driver could also be used separately to implement a mini-os > domain that wishes to use a vTPM of its own. > > * vtpmmgr-stubdom: > A mini-os domain that implements the vTPM manager. There is only > one vTPM manager and it should be running during the entire lifetime > of the machine. vtpmmgr domain securely stores encryption keys for > each of the vtpms and accesses to the hardware TPM to get the root of > trust for the entire system. > > * mini-os/tpm_tis: > Mini-os TPM version 1.2 TPM Interface Specification (TIS) driver. > This driver used by vtpmmgr-stubdom to talk directly to the hardware > TPM. Communication is facilitated by mapping hardware memory pages > into vtpmmgr stubdom. > > * Hardware TPM: The physical TPM 1.2 that is soldered onto the motherboard. > > --Changes in v3: > -New xen_frontend.c file > -Adjust the format of command line options > -Move xenbus_switch_state() to xen_frontend.c > -Move xen_stubdom_be() to xenstore_fe_read_be_str() > -Move *_stubdom_*() to *_fe_*() > -Move xen_stubdom_vtpm.c to xen_vtpm_frontend.c > -Read Xen vTPM status via XenStore > -Call vtpm_send() and vtpm_recv() directly. > > --Changes in v2: > -adding xen_fe_register() that handle any Xen PV frontend registration > -remove a private structure 'QEMUBH' > -change version number to 2.3 in qapi-schema.json > -move hw/xen/xen_stubdom_vtpm.c to hw/tpm/xen_stubdom_vtpm.c > > Quan Xu (5): > Qemu-Xen-vTPM: Support for Xen stubdom vTPM command line options > Qemu-Xen-vTPM: Xen frontend driver infrastructure > Qemu-Xen-vTPM: Register Xen stubdom vTPM frontend driver > Qemu-Xen-vTPM: Qemu vTPM xenstubdoms backen. > Qemu-Xen-vTPM: QEMU machine class is initialized before tpm_init() > > configure | 14 ++ > hmp.c | 7 + > hw/tpm/Makefile.objs | 1 + > hw/tpm/tpm_xenstubdoms.c | 245 ++++++++++++++++++++++++++++++++ > hw/tpm/xen_vtpm_frontend.c | 264 +++++++++++++++++++++++++++++++++++ > hw/xen/Makefile.objs | 2 +- > hw/xen/xen_backend.c | 45 +++++- > hw/xen/xen_frontend.c | 323 > +++++++++++++++++++++++++++++++++++++++++++ > include/hw/xen/xen_backend.h | 19 +++ > include/hw/xen/xen_common.h | 6 + > qapi-schema.json | 19 ++- > qemu-options.hx | 13 +- > tpm.c | 7 +- > vl.c | 16 ++- > xen-hvm.c | 16 +++ > 15 files changed, 983 insertions(+), 14 deletions(-) > create mode 100644 hw/tpm/tpm_xenstubdoms.c > create mode 100644 hw/tpm/xen_vtpm_frontend.c > create mode 100644 hw/xen/xen_frontend.c > > -- > 1.8.3.2 >