subject:"\[Xen\-devel\] \[PATCH v2 1\/5\] vTPM\: event channel bind interdomain with para\/hvm virtual machine"

Re: [Xen-devel] [PATCH v2 1/5] vTPM: event channel bind interdomain with para/hvm virtual machine

2015-01-19 Thread Xu, Quan

Also CC Stefan Berger.

> >> This is my current understanding of the communications paths and
> >> support for vTPMs in Xen:
> >>
> >> Physical TPM (1.2; with new patches, may also be 2.0)
> >>   |
> >>[MMIO pass-through]
> >>   |
> >> vtpmmgr domain
> >>   |
> >>[minios tpmback/front] - ((other domains' vTPMs))
> >>   |
> >>  vTPM domain (currently always emulates a TPM v1.2)
> >>   |
> >>[minios tpmback]+[Linux tpmfront]-- PV Linux domain (fully working)
> >>   | \
> >>   |  +--[Linux tpmfront]-- HVM Linux with optional PV
> >> drivers
> >>   |   \
> >>[QEMU XenDevOps]  [minios or Linux tpmfront]
> >>   |  |
> >>QEMU dom0 process   QEMU stub-domain
> >>   |  |
> >>[MMIO emulation]   [MMIO emulation]
> >>   |  |
> >>  Any HVM guest  Any HVM guest
> >>
> >
> > Great, good architecture. The following part is not put into account in my
> previous design.
> >
> > [minios or Linux tpmfront]
> >  |
> >QEMU stub-domain
> >  |
> >   [MMIO emulation]
> >  |
> > Any HVM guest
> >
> > Thanks Graaf for sharing your design.
> >>
> >> The series you are sending will enable QEMU to talk to tpmback directly.
> >> This is the best solution when QEMU is running inside domain 0,
> >> because it is not currently a good idea to use Linux's tpmfront
> >> driver to talk to each guest's vTPM domain.
> >>
> >> When QEMU is run inside a stub domain, there are a few more things to
> >> consider:
> >>
> >>* This stub domain will not have domain 0; the vTPM must bind to
> >> another
> >>  domain ID.
> >>* It is possible to use the native TPM driver for the stub domain
> >> (which may
> >>  either run Linux or mini-os) because there is no conflict with a real 
> >> TPM
> >>  software stack running inside domain 0
> >>
> >> Supporting this feature requires more granularity in the TPM backend
> >> changes.
> >> The vTPM domain's backend must be able to handle:
> >>
> >>(1) guest domains which talk directly to the vTPM on their own behalf
> >>(2) QEMU processes in domain 0
> >>(3) QEMU domains which talk directly to the vTPM on behalf of a
> >> guest
> >>
> >> Cases (1) and (3) are already handled by the existing tpmback if the
> >> proper domain ID is used.
> >>
> >> Your patch set currently breaks case (1) and (3) for HVM guests while
> >> enabling case (2).  An alternate solution that does not break these
> >> cases while enabling case (2) is preferable.
> >>
> >> My thoughts on extending the xenstore interface via an example:
> >>
> >> Domain 0: runs QEMU for guest A
> >> Domain 1: vtpmmgr
> >> Domain 2: vTPM for guest A
> >> Domain 3: HVM guest A
> >>
> >> Domain 4: vTPM for guest B
> >> Domain 5: QEMU stubdom for guest B
> >> Domain 6: HVM guest B
> >>
> >> /local/domain/2/backend/vtpm/3/0/*: backend A-PV
> >> /local/domain/3/device/vtpm/0/*: frontend A-PV
> >>
> >> /local/domain/2/backend/vtpm/0/3/*: backend A-QEMU
> >> /local/domain/0/qemu-device/vtpm/3/*: frontend A-QEMU  (uses
> >> XenDevOps)
> >
> > I think '/local/domain/0/frontend/vtpm/3/0' is much better. Similar as
> > some backend in Qemu running in Domain-0, it always Stores as
> '/local/domain/0/backend/qdisk/1 .etc'. I will also modify QEMU code to make
> '/local/domain/0/frontend/DEVICE'
> > As a general design for general QEMU frontend running in Domain-0.
> >
> > For this example,
> > Domain 0: runs QEMU for guest A
> > Domain 1: vtpmmgr
> > Domain 2: vTPM for guest A
> > Domain 3: HVM guest A
> >
> > I will design XenStore as following:
> >
> > ## XenStore >> ###
> > local = ""
> >   domain = ""
> >0 = ""
> > frontend = ""
> >  vtpm = ""
> >   3 = ""
> >0 = ""
> >backend = "/local/domain/2/backend/vtpm/3/0"
> >backend-id = "2"
> >state = "*"
> >handle = "0"
> >ring-ref = "*"
> >event-channel = "*"
> >feature-protocol-v2 = "1"
> > backend = ""
> >  qdisk = ""
> >   [...]
> >  console = ""
> >  vif = ""
> >   [...]
> >2 = ""
> > [...]
> > backend = ""
> >  vtpm = ""
> >   3 = ""
> >0 = ""
> > frontend = "/local/domain/0/frontend/vtpm/3/0"
> > frontend-id = "0" ('0', frontend is running in Domain-0)
> > [...]
> >3 = ""
> > [...]
> > device = "" (frontend device, the backend is running in QEMU/.etc)
> >  vkbd = ""
> >   [...]
> >  vif = ""
> >   [...]
> > ## XenStore << ##
> >
> > Then, the source code can read xenStore to get frontend-id or frontend
> directly.
> > If you agree with it, I will modify source code to align with above XenStore
> design.
> 
> I like the /local/domain/0/frontend/* path better than my initial qemu
> suggestion, but I think the domain ID used should be the domain ID of the vTPM
> domain, si

Re: [Xen-devel] [PATCH v2 1/5] vTPM: event channel bind interdomain with para/hvm virtual machine

2015-01-12 Thread Xu, Quan



> -Original Message-
> From: xen-devel-boun...@lists.xen.org
> [mailto:xen-devel-boun...@lists.xen.org] On Behalf Of Xu, Quan
> Sent: Friday, January 09, 2015 9:25 AM
> To: Daniel De Graaf; xen-devel@lists.xen.org
> Cc: samuel.thiba...@ens-lyon.org; stefano.stabell...@eu.citrix.com
> Subject: Re: [Xen-devel] [PATCH v2 1/5] vTPM: event channel bind interdomain
> with para/hvm virtual machine
> 
> 
> 
> > -Original Message-
> > From: Daniel De Graaf [mailto:dgde...@tycho.nsa.gov]
> > Sent: Friday, January 09, 2015 1:48 AM
> > To: Xu, Quan; xen-devel@lists.xen.org
> > Cc: samuel.thiba...@ens-lyon.org; stefano.stabell...@eu.citrix.com
> > Subject: Re: [PATCH v2 1/5] vTPM: event channel bind interdomain with
> > para/hvm virtual machine
> >
> > On 01/08/2015 11:49 AM, Xu, Quan wrote:
> > >
> > >
> > >> -Original Message-
> > >> From: Daniel De Graaf [mailto:dgde...@tycho.nsa.gov]
> > >> Sent: Thursday, January 08, 2015 11:55 PM
> > >> To: Xu, Quan; xen-devel@lists.xen.org
> > >> Cc: samuel.thiba...@ens-lyon.org; stefano.stabell...@eu.citrix.com
> > >> Subject: Re: [PATCH v2 1/5] vTPM: event channel bind interdomain
> > >> with para/hvm virtual machine
> > >>
> > >> On 01/08/2015 03:20 AM, Xu, Quan wrote:
> > >>>
> > >>>
> > >>>> -Original Message-
> > >>>> From: Daniel De Graaf [mailto:dgde...@tycho.nsa.gov]
> > >>>> Sent: Wednesday, January 07, 2015 3:47 AM
> > >>>> To: Xu, Quan; xen-devel@lists.xen.org
> > >>>> Cc: samuel.thiba...@ens-lyon.org;
> > >>>> stefano.stabell...@eu.citrix.com
> > >>>> Subject: Re: [PATCH v2 1/5] vTPM: event channel bind interdomain
> > >>>> with para/hvm virtual machine
> > >>>>
> > >>>> On 01/06/2015 11:46 AM, Xu, Quan wrote:
> > >>>>>> -Original Message-
> > >>>>>> From: Daniel De Graaf [mailto:dgde...@tycho.nsa.gov] On
> > >>>>>> 12/30/2014
> > >>>>>> 11:44 PM, Quan Xu wrote:[...]
> > >>>>>>> diff --git a/extras/mini-os/tpmback.c
> > >>>>>>> b/extras/mini-os/tpmback.c
> > >>>>>> [...]
> > >>>>>>> +   domid = (domtype == T_DOMAIN_TYPE_HVM) ? 0 :
> tpmif->domid;
> > >>>>>>
> > >>>>>> Unless I'm missing something, this still assumes that the HVM
> > >>>>>> device model is located in domain 0, and so it will not work if
> > >>>>>> a stub domain is used for qemu.
> > >>>>>>
> > >>>>>
> > >>>>> QEMU is running in Dom0 as usual, so the domid is 0.
> > >>>>> as similar to Linux PV frontend driver, this frontend driver is
> > >>>>> enabled in
> > >>>> QEMU.
> > >>>>
> > >>>> This is a valid configuration of Xen and these patches do suffice
> > >>>> to make it work.  I am trying to ensure that an additional type
> > >>>> of guest setup will also work with these patches.
> > >>>>
> > >>>> A useful feature of Xen is the ability to execute the QEMU device
> > >>>> model in a domain instead of a process in dom0.  When combined
> > >>>> with driver domains for devices, this can significantly reduce
> > >>>> both the attack surface of and amount of trust required of domain 0.
> > >>>>
> > >>>>> Any doubt, feel free to contact. I will try my best to explain.
> > >>>>> I think your
> > >>>> suggestions are very helpful in previous email(Oct. 31th, 2014.
> > >>>>> ' Re: FW: [PATCH 1/6] vTPM: event channel bind interdomain with
> > >>>>> para/hvm virtual machine') Maybe this is still a vague
> > >>>>> description :(
> > >>>>
> > >>>> This is accurate but possibly incomplete.
> > >>>>
> > >>>> This is my current understanding of the communications paths and
> > >>>> support for vTPMs in Xen:
> > >>>>
> > >>>>  Physical TPM (1.2; with new patches, may also be 2.0)
> > >>>>|
> > >>>> [MMIO pass-through]
> > >>>>

Re: [Xen-devel] [PATCH v2 1/5] vTPM: event channel bind interdomain with para/hvm virtual machine

2015-01-08 Thread Xu, Quan



> -Original Message-
> From: Daniel De Graaf [mailto:dgde...@tycho.nsa.gov]
> Sent: Friday, January 09, 2015 1:48 AM
> To: Xu, Quan; xen-devel@lists.xen.org
> Cc: samuel.thiba...@ens-lyon.org; stefano.stabell...@eu.citrix.com
> Subject: Re: [PATCH v2 1/5] vTPM: event channel bind interdomain with
> para/hvm virtual machine
> 
> On 01/08/2015 11:49 AM, Xu, Quan wrote:
> >
> >
> >> -Original Message-
> >> From: Daniel De Graaf [mailto:dgde...@tycho.nsa.gov]
> >> Sent: Thursday, January 08, 2015 11:55 PM
> >> To: Xu, Quan; xen-devel@lists.xen.org
> >> Cc: samuel.thiba...@ens-lyon.org; stefano.stabell...@eu.citrix.com
> >> Subject: Re: [PATCH v2 1/5] vTPM: event channel bind interdomain with
> >> para/hvm virtual machine
> >>
> >> On 01/08/2015 03:20 AM, Xu, Quan wrote:
> >>>
> >>>
>  -Original Message-
>  From: Daniel De Graaf [mailto:dgde...@tycho.nsa.gov]
>  Sent: Wednesday, January 07, 2015 3:47 AM
>  To: Xu, Quan; xen-devel@lists.xen.org
>  Cc: samuel.thiba...@ens-lyon.org; stefano.stabell...@eu.citrix.com
>  Subject: Re: [PATCH v2 1/5] vTPM: event channel bind interdomain
>  with para/hvm virtual machine
> 
>  On 01/06/2015 11:46 AM, Xu, Quan wrote:
> >> -Original Message-
> >> From: Daniel De Graaf [mailto:dgde...@tycho.nsa.gov] On
> >> 12/30/2014
> >> 11:44 PM, Quan Xu wrote:[...]
> >>> diff --git a/extras/mini-os/tpmback.c b/extras/mini-os/tpmback.c
> >> [...]
> >>> +   domid = (domtype == T_DOMAIN_TYPE_HVM) ? 0 : tpmif->domid;
> >>
> >> Unless I'm missing something, this still assumes that the HVM
> >> device model is located in domain 0, and so it will not work if a
> >> stub domain is used for qemu.
> >>
> >
> > QEMU is running in Dom0 as usual, so the domid is 0.
> > as similar to Linux PV frontend driver, this frontend driver is
> > enabled in
>  QEMU.
> 
>  This is a valid configuration of Xen and these patches do suffice
>  to make it work.  I am trying to ensure that an additional type of
>  guest setup will also work with these patches.
> 
>  A useful feature of Xen is the ability to execute the QEMU device
>  model in a domain instead of a process in dom0.  When combined with
>  driver domains for devices, this can significantly reduce both the
>  attack surface of and amount of trust required of domain 0.
> 
> > Any doubt, feel free to contact. I will try my best to explain. I
> > think your
>  suggestions are very helpful in previous email(Oct. 31th, 2014.
> > ' Re: FW: [PATCH 1/6] vTPM: event channel bind interdomain with
> > para/hvm virtual machine') Maybe this is still a vague description
> > :(
> 
>  This is accurate but possibly incomplete.
> 
>  This is my current understanding of the communications paths and
>  support for vTPMs in Xen:
> 
>   Physical TPM (1.2; with new patches, may also be 2.0)
> |
>  [MMIO pass-through]
> |
>   vtpmmgr domain
> |
>  [minios tpmback/front] - ((other domains' vTPMs))
> |
>    vTPM domain (currently always emulates a TPM v1.2)
> |
>  [minios tpmback]+[Linux tpmfront]-- PV Linux domain (fully
> working)
> | \
> |  +--[Linux tpmfront]-- HVM Linux with optional
> PV
>  drivers
> |   \
>  [QEMU XenDevOps]  [minios or Linux tpmfront]
> |  |
>  QEMU dom0 process   QEMU stub-domain
> |  |
>  [MMIO emulation]   [MMIO emulation]
> |  |
>    Any HVM guest  Any HVM guest
> 
> >>>
> >>> Great, good architecture. The following part is not put into account
> >>> in my
> >> previous design.
> >>>
> >>> [minios or Linux tpmfront]
> >>>   |
> >>> QEMU stub-domain
> >>>   |
> >>>[MMIO emulation]
> >>>   |
> >>>  Any HVM guest
> >>>
> >>> Thanks Graaf for sharing your design.
> 
>  The series you are sending will enable QEMU to talk to tpmback directly.
>  This is the best solution when QEMU is running inside domain 0,
>  because it is not currently a good idea to use Linux's tpmfront
>  driver to talk to each guest's vTPM domain.
> 
>  When QEMU is run inside a stub domain, there are a few more things
>  to
>  consider:
> 
>  * This stub domain will not have domain 0; the vTPM must bind
>  to another
>    domain ID.
>  * It is possible to use the native TPM driver for the stub
>  domain (which may
>    either run Linux or mini-os) because there is no conflict
>  with a real
> >> TPM
>    software stack running inside domain 0
> 
>  Supporting this feature requires more

Re: [Xen-devel] [PATCH v2 1/5] vTPM: event channel bind interdomain with para/hvm virtual machine

2015-01-08 Thread Daniel De Graaf

On 01/08/2015 11:49 AM, Xu, Quan wrote:

-Original Message-
From: Daniel De Graaf [mailto:dgde...@tycho.nsa.gov]
Sent: Thursday, January 08, 2015 11:55 PM
To: Xu, Quan; xen-devel@lists.xen.org
Cc: samuel.thiba...@ens-lyon.org; stefano.stabell...@eu.citrix.com
Subject: Re: [PATCH v2 1/5] vTPM: event channel bind interdomain with
para/hvm virtual machine

On 01/08/2015 03:20 AM, Xu, Quan wrote:

-Original Message-
From: Daniel De Graaf [mailto:dgde...@tycho.nsa.gov]
Sent: Wednesday, January 07, 2015 3:47 AM
To: Xu, Quan; xen-devel@lists.xen.org
Cc: samuel.thiba...@ens-lyon.org; stefano.stabell...@eu.citrix.com
Subject: Re: [PATCH v2 1/5] vTPM: event channel bind interdomain with
para/hvm virtual machine

On 01/06/2015 11:46 AM, Xu, Quan wrote:

-Original Message-
From: Daniel De Graaf [mailto:dgde...@tycho.nsa.gov] On 12/30/2014
11:44 PM, Quan Xu wrote:[...]

diff --git a/extras/mini-os/tpmback.c b/extras/mini-os/tpmback.c

[...]

+   domid = (domtype == T_DOMAIN_TYPE_HVM) ? 0 : tpmif->domid;

Unless I'm missing something, this still assumes that the HVM
device model is located in domain 0, and so it will not work if a
stub domain is used for qemu.

QEMU is running in Dom0 as usual, so the domid is 0.
as similar to Linux PV frontend driver, this frontend driver is
enabled in

QEMU.

This is a valid configuration of Xen and these patches do suffice to
make it work.  I am trying to ensure that an additional type of guest
setup will also work with these patches.

A useful feature of Xen is the ability to execute the QEMU device
model in a domain instead of a process in dom0.  When combined with
driver domains for devices, this can significantly reduce both the
attack surface of and amount of trust required of domain 0.

Any doubt, feel free to contact. I will try my best to explain. I
think your

suggestions are very helpful in previous email(Oct. 31th, 2014.

' Re: FW: [PATCH 1/6] vTPM: event channel bind interdomain with
para/hvm virtual machine') Maybe this is still a vague description
:(

This is accurate but possibly incomplete.

This is my current understanding of the communications paths and
support for vTPMs in Xen:

 Physical TPM (1.2; with new patches, may also be 2.0)
   |
[MMIO pass-through]
   |
 vtpmmgr domain
   |
[minios tpmback/front] - ((other domains' vTPMs))
   |
  vTPM domain (currently always emulates a TPM v1.2)
   |
[minios tpmback]+[Linux tpmfront]-- PV Linux domain (fully working)
   | \
   |  +--[Linux tpmfront]-- HVM Linux with optional PV
drivers
   |   \
[QEMU XenDevOps]  [minios or Linux tpmfront]
   |  |
QEMU dom0 process   QEMU stub-domain
   |  |
[MMIO emulation]   [MMIO emulation]
   |  |
  Any HVM guest  Any HVM guest

Great, good architecture. The following part is not put into account in my

previous design.

[minios or Linux tpmfront]
  |
QEMU stub-domain
  |
   [MMIO emulation]
  |
 Any HVM guest

Thanks Graaf for sharing your design.

The series you are sending will enable QEMU to talk to tpmback directly.
This is the best solution when QEMU is running inside domain 0,
because it is not currently a good idea to use Linux's tpmfront
driver to talk to each guest's vTPM domain.

When QEMU is run inside a stub domain, there are a few more things to
consider:

* This stub domain will not have domain 0; the vTPM must bind to
another
  domain ID.
* It is possible to use the native TPM driver for the stub domain
(which may
  either run Linux or mini-os) because there is no conflict with a real

TPM

  software stack running inside domain 0

Supporting this feature requires more granularity in the TPM backend
changes.
The vTPM domain's backend must be able to handle:

(1) guest domains which talk directly to the vTPM on their own behalf
(2) QEMU processes in domain 0
(3) QEMU domains which talk directly to the vTPM on behalf of a
guest

Cases (1) and (3) are already handled by the existing tpmback if the
proper domain ID is used.

Your patch set currently breaks case (1) and (3) for HVM guests while
enabling case (2).  An alternate solution that does not break these
cases while enabling case (2) is preferable.

My thoughts on extending the xenstore interface via an example:

Domain 0: runs QEMU for guest A
Domain 1: vtpmmgr
Domain 2: vTPM for guest A
Domain 3: HVM guest A

Domain 4: vTPM for guest B
Domain 5: QEMU stubdom for guest B
Domain 6: HVM guest B

/local/domain/2/backend/vtpm/3/0/*: backend A-PV
/local/domain/3/device/vtpm/0/*: frontend A-PV

/local/domain/2/backend/vtpm/0/3/*: backend A-QEMU
/local/domain/0/qemu-device/vtpm/3/*: frontend A-QEMU  (uses
XenDevOps)

I think '/local/domain/0/frontend/vtpm/3/0' is much better. Similar as
some backend in Qemu runni

Re: [Xen-devel] [PATCH v2 1/5] vTPM: event channel bind interdomain with para/hvm virtual machine

2015-01-08 Thread Xu, Quan



> -Original Message-
> From: Daniel De Graaf [mailto:dgde...@tycho.nsa.gov]
> Sent: Thursday, January 08, 2015 11:55 PM
> To: Xu, Quan; xen-devel@lists.xen.org
> Cc: samuel.thiba...@ens-lyon.org; stefano.stabell...@eu.citrix.com
> Subject: Re: [PATCH v2 1/5] vTPM: event channel bind interdomain with
> para/hvm virtual machine
> 
> On 01/08/2015 03:20 AM, Xu, Quan wrote:
> >
> >
> >> -Original Message-
> >> From: Daniel De Graaf [mailto:dgde...@tycho.nsa.gov]
> >> Sent: Wednesday, January 07, 2015 3:47 AM
> >> To: Xu, Quan; xen-devel@lists.xen.org
> >> Cc: samuel.thiba...@ens-lyon.org; stefano.stabell...@eu.citrix.com
> >> Subject: Re: [PATCH v2 1/5] vTPM: event channel bind interdomain with
> >> para/hvm virtual machine
> >>
> >> On 01/06/2015 11:46 AM, Xu, Quan wrote:
>  -Original Message-
>  From: Daniel De Graaf [mailto:dgde...@tycho.nsa.gov] On 12/30/2014
>  11:44 PM, Quan Xu wrote:[...]
> > diff --git a/extras/mini-os/tpmback.c b/extras/mini-os/tpmback.c
>  [...]
> > +   domid = (domtype == T_DOMAIN_TYPE_HVM) ? 0 : tpmif->domid;
> 
>  Unless I'm missing something, this still assumes that the HVM
>  device model is located in domain 0, and so it will not work if a
>  stub domain is used for qemu.
> 
> >>>
> >>> QEMU is running in Dom0 as usual, so the domid is 0.
> >>> as similar to Linux PV frontend driver, this frontend driver is
> >>> enabled in
> >> QEMU.
> >>
> >> This is a valid configuration of Xen and these patches do suffice to
> >> make it work.  I am trying to ensure that an additional type of guest
> >> setup will also work with these patches.
> >>
> >> A useful feature of Xen is the ability to execute the QEMU device
> >> model in a domain instead of a process in dom0.  When combined with
> >> driver domains for devices, this can significantly reduce both the
> >> attack surface of and amount of trust required of domain 0.
> >>
> >>> Any doubt, feel free to contact. I will try my best to explain. I
> >>> think your
> >> suggestions are very helpful in previous email(Oct. 31th, 2014.
> >>> ' Re: FW: [PATCH 1/6] vTPM: event channel bind interdomain with
> >>> para/hvm virtual machine') Maybe this is still a vague description
> >>> :(
> >>
> >> This is accurate but possibly incomplete.
> >>
> >> This is my current understanding of the communications paths and
> >> support for vTPMs in Xen:
> >>
> >> Physical TPM (1.2; with new patches, may also be 2.0)
> >>   |
> >>[MMIO pass-through]
> >>   |
> >> vtpmmgr domain
> >>   |
> >>[minios tpmback/front] - ((other domains' vTPMs))
> >>   |
> >>  vTPM domain (currently always emulates a TPM v1.2)
> >>   |
> >>[minios tpmback]+[Linux tpmfront]-- PV Linux domain (fully working)
> >>   | \
> >>   |  +--[Linux tpmfront]-- HVM Linux with optional PV
> >> drivers
> >>   |   \
> >>[QEMU XenDevOps]  [minios or Linux tpmfront]
> >>   |  |
> >>QEMU dom0 process   QEMU stub-domain
> >>   |  |
> >>[MMIO emulation]   [MMIO emulation]
> >>   |  |
> >>  Any HVM guest  Any HVM guest
> >>
> >
> > Great, good architecture. The following part is not put into account in my
> previous design.
> >
> > [minios or Linux tpmfront]
> >  |
> >QEMU stub-domain
> >  |
> >   [MMIO emulation]
> >  |
> > Any HVM guest
> >
> > Thanks Graaf for sharing your design.
> >>
> >> The series you are sending will enable QEMU to talk to tpmback directly.
> >> This is the best solution when QEMU is running inside domain 0,
> >> because it is not currently a good idea to use Linux's tpmfront
> >> driver to talk to each guest's vTPM domain.
> >>
> >> When QEMU is run inside a stub domain, there are a few more things to
> >> consider:
> >>
> >>* This stub domain will not have domain 0; the vTPM must bind to
> >> another
> >>  domain ID.
> >>* It is possible to use the native TPM driver for the stub domain
> >> (which may
> >>  either run Linux or mini-os) because there is no conflict with a real
> TPM
> >>  software stack running inside domain 0
> >>
> >> Supporting this feature requires more granularity in the TPM backend
> >> changes.
> >> The vTPM domain's backend must be able to handle:
> >>
> >>(1) guest domains which talk directly to the vTPM on their own behalf
> >>(2) QEMU processes in domain 0
> >>(3) QEMU domains which talk directly to the vTPM on behalf of a
> >> guest
> >>
> >> Cases (1) and (3) are already handled by the existing tpmback if the
> >> proper domain ID is used.
> >>
> >> Your patch set currently breaks case (1) and (3) for HVM guests while
> >> enabling case (2).  An alternate solution that does not break these
> >> cases while enabling case (2) is preferable.
> >>
> >> My thoughts on extending the xenstore interface via an exam

Re: [Xen-devel] [PATCH v2 1/5] vTPM: event channel bind interdomain with para/hvm virtual machine

2015-01-08 Thread Daniel De Graaf

On 01/08/2015 03:20 AM, Xu, Quan wrote:

-Original Message-
From: Daniel De Graaf [mailto:dgde...@tycho.nsa.gov]
Sent: Wednesday, January 07, 2015 3:47 AM
To: Xu, Quan; xen-devel@lists.xen.org
Cc: samuel.thiba...@ens-lyon.org; stefano.stabell...@eu.citrix.com
Subject: Re: [PATCH v2 1/5] vTPM: event channel bind interdomain with
para/hvm virtual machine

On 01/06/2015 11:46 AM, Xu, Quan wrote:

-Original Message-
From: Daniel De Graaf [mailto:dgde...@tycho.nsa.gov] On 12/30/2014
11:44 PM, Quan Xu wrote:[...]

diff --git a/extras/mini-os/tpmback.c b/extras/mini-os/tpmback.c

[...]

+   domid = (domtype == T_DOMAIN_TYPE_HVM) ? 0 : tpmif->domid;

Unless I'm missing something, this still assumes that the HVM device
model is located in domain 0, and so it will not work if a stub
domain is used for qemu.

QEMU is running in Dom0 as usual, so the domid is 0.
as similar to Linux PV frontend driver, this frontend driver is enabled in

QEMU.

This is a valid configuration of Xen and these patches do suffice to make it
work.  I am trying to ensure that an additional type of guest setup will also
work with these patches.

A useful feature of Xen is the ability to execute the QEMU device model in a
domain instead of a process in dom0.  When combined with driver domains
for devices, this can significantly reduce both the attack surface of and
amount of trust required of domain 0.

Any doubt, feel free to contact. I will try my best to explain. I think your

suggestions are very helpful in previous email(Oct. 31th, 2014.

' Re: FW: [PATCH 1/6] vTPM: event channel bind interdomain with
para/hvm virtual machine') Maybe this is still a vague description :(

This is accurate but possibly incomplete.

This is my current understanding of the communications paths and support
for vTPMs in Xen:

Physical TPM (1.2; with new patches, may also be 2.0)
  |
   [MMIO pass-through]
  |
vtpmmgr domain
  |
   [minios tpmback/front] - ((other domains' vTPMs))
  |
 vTPM domain (currently always emulates a TPM v1.2)
  |
   [minios tpmback]+[Linux tpmfront]-- PV Linux domain (fully working)
  | \
  |  +--[Linux tpmfront]-- HVM Linux with optional PV
drivers
  |   \
   [QEMU XenDevOps]  [minios or Linux tpmfront]
  |  |
   QEMU dom0 process   QEMU stub-domain
  |  |
   [MMIO emulation]   [MMIO emulation]
  |  |
 Any HVM guest  Any HVM guest

Great, good architecture. The following part is not put into account in my 
previous design.

[minios or Linux tpmfront]
 |
   QEMU stub-domain
 |
  [MMIO emulation]
 |
Any HVM guest

Thanks Graaf for sharing your design.

The series you are sending will enable QEMU to talk to tpmback directly.
This is the best solution when QEMU is running inside domain 0, because it is
not currently a good idea to use Linux's tpmfront driver to talk to each
guest's vTPM domain.

When QEMU is run inside a stub domain, there are a few more things to
consider:

   * This stub domain will not have domain 0; the vTPM must bind to
another
 domain ID.
   * It is possible to use the native TPM driver for the stub domain (which
may
 either run Linux or mini-os) because there is no conflict with a real TPM
 software stack running inside domain 0

Supporting this feature requires more granularity in the TPM backend
changes.
The vTPM domain's backend must be able to handle:

   (1) guest domains which talk directly to the vTPM on their own behalf
   (2) QEMU processes in domain 0
   (3) QEMU domains which talk directly to the vTPM on behalf of a guest

Cases (1) and (3) are already handled by the existing tpmback if the proper
domain ID is used.

Your patch set currently breaks case (1) and (3) for HVM guests while
enabling case (2).  An alternate solution that does not break these cases
while enabling case (2) is preferable.

My thoughts on extending the xenstore interface via an example:

Domain 0: runs QEMU for guest A
Domain 1: vtpmmgr
Domain 2: vTPM for guest A
Domain 3: HVM guest A

Domain 4: vTPM for guest B
Domain 5: QEMU stubdom for guest B
Domain 6: HVM guest B

/local/domain/2/backend/vtpm/3/0/*: backend A-PV
/local/domain/3/device/vtpm/0/*: frontend A-PV

/local/domain/2/backend/vtpm/0/3/*: backend A-QEMU
/local/domain/0/qemu-device/vtpm/3/*: frontend A-QEMU  (uses
XenDevOps)

I think '/local/domain/0/frontend/vtpm/3/0' is much better. Similar as some 
backend in Qemu running in Domain-0, it always
Stores as '/local/domain/0/backend/qdisk/1 .etc'. I will also modify QEMU code 
to make '/local/domain/0/frontend/DEVICE'
As a general design for general QEMU frontend running in Domain-0.

For this example,
Domain 0: runs QEMU for guest A
Domain 1: vtpmmgr
Domain 2: vTPM for guest A
Domain 3: HVM guest A

I will design XenStore as following:

## XenStore >> ###
local = ""

Re: [Xen-devel] [PATCH v2 1/5] vTPM: event channel bind interdomain with para/hvm virtual machine

2015-01-08 Thread Xu, Quan



> -Original Message-
> From: Daniel De Graaf [mailto:dgde...@tycho.nsa.gov]
> Sent: Wednesday, January 07, 2015 3:47 AM
> To: Xu, Quan; xen-devel@lists.xen.org
> Cc: samuel.thiba...@ens-lyon.org; stefano.stabell...@eu.citrix.com
> Subject: Re: [PATCH v2 1/5] vTPM: event channel bind interdomain with
> para/hvm virtual machine
> 
> On 01/06/2015 11:46 AM, Xu, Quan wrote:
> >> -Original Message-
> >> From: Daniel De Graaf [mailto:dgde...@tycho.nsa.gov] On 12/30/2014
> >> 11:44 PM, Quan Xu wrote:[...]
> >>> diff --git a/extras/mini-os/tpmback.c b/extras/mini-os/tpmback.c
> >> [...]
> >>> +   domid = (domtype == T_DOMAIN_TYPE_HVM) ? 0 : tpmif->domid;
> >>
> >> Unless I'm missing something, this still assumes that the HVM device
> >> model is located in domain 0, and so it will not work if a stub
> >> domain is used for qemu.
> >>
> >
> > QEMU is running in Dom0 as usual, so the domid is 0.
> > as similar to Linux PV frontend driver, this frontend driver is enabled in
> QEMU.
> 
> This is a valid configuration of Xen and these patches do suffice to make it
> work.  I am trying to ensure that an additional type of guest setup will also
> work with these patches.
> 
> A useful feature of Xen is the ability to execute the QEMU device model in a
> domain instead of a process in dom0.  When combined with driver domains
> for devices, this can significantly reduce both the attack surface of and
> amount of trust required of domain 0.
> 
> > Any doubt, feel free to contact. I will try my best to explain. I think your
> suggestions are very helpful in previous email(Oct. 31th, 2014.
> > ' Re: FW: [PATCH 1/6] vTPM: event channel bind interdomain with
> > para/hvm virtual machine') Maybe this is still a vague description :(
> 
> This is accurate but possibly incomplete.
> 
> This is my current understanding of the communications paths and support
> for vTPMs in Xen:
> 
>Physical TPM (1.2; with new patches, may also be 2.0)
>  |
>   [MMIO pass-through]
>  |
>vtpmmgr domain
>  |
>   [minios tpmback/front] - ((other domains' vTPMs))
>  |
> vTPM domain (currently always emulates a TPM v1.2)
>  |
>   [minios tpmback]+[Linux tpmfront]-- PV Linux domain (fully working)
>  | \
>  |  +--[Linux tpmfront]-- HVM Linux with optional PV
> drivers
>  |   \
>   [QEMU XenDevOps]  [minios or Linux tpmfront]
>  |  |
>   QEMU dom0 process   QEMU stub-domain
>  |  |
>   [MMIO emulation]   [MMIO emulation]
>  |  |
> Any HVM guest  Any HVM guest
> 

Great, good architecture. The following part is not put into account in my 
previous design. 

[minios or Linux tpmfront]
|
  QEMU stub-domain
|
 [MMIO emulation]
|
   Any HVM guest

Thanks Graaf for sharing your design.
> 
> The series you are sending will enable QEMU to talk to tpmback directly.
> This is the best solution when QEMU is running inside domain 0, because it is
> not currently a good idea to use Linux's tpmfront driver to talk to each
> guest's vTPM domain.
> 
> When QEMU is run inside a stub domain, there are a few more things to
> consider:
> 
>   * This stub domain will not have domain 0; the vTPM must bind to
> another
> domain ID.
>   * It is possible to use the native TPM driver for the stub domain (which
> may
> either run Linux or mini-os) because there is no conflict with a real TPM
> software stack running inside domain 0
> 
> Supporting this feature requires more granularity in the TPM backend
> changes.
> The vTPM domain's backend must be able to handle:
> 
>   (1) guest domains which talk directly to the vTPM on their own behalf
>   (2) QEMU processes in domain 0
>   (3) QEMU domains which talk directly to the vTPM on behalf of a guest
> 
> Cases (1) and (3) are already handled by the existing tpmback if the proper
> domain ID is used.
> 
> Your patch set currently breaks case (1) and (3) for HVM guests while
> enabling case (2).  An alternate solution that does not break these cases
> while enabling case (2) is preferable.
> 
> My thoughts on extending the xenstore interface via an example:
> 
> Domain 0: runs QEMU for guest A
> Domain 1: vtpmmgr
> Domain 2: vTPM for guest A
> Domain 3: HVM guest A
> 
> Domain 4: vTPM for guest B
> Domain 5: QEMU stubdom for guest B
> Domain 6: HVM guest B
> 
> /local/domain/2/backend/vtpm/3/0/*: backend A-PV
> /local/domain/3/device/vtpm/0/*: frontend A-PV
> 
> /local/domain/2/backend/vtpm/0/3/*: backend A-QEMU
> /local/domain/0/qemu-device/vtpm/3/*: frontend A-QEMU  (uses
> XenDevOps)

I think '/local/domain/0/frontend/vtpm/3/0' is much better. Similar as some 
backend in Qemu running in Domain-0, it always 
Stores as '/local/domain/0/backend/qdisk/1 .etc'. I will also modify QEMU code 
to make '/local/domain/0/frontend/DEVICE' 
As a general design for general QEMU frontend running in Domain-0.

Re: [Xen-devel] [PATCH v2 1/5] vTPM: event channel bind interdomain with para/hvm virtual machine

2015-01-06 Thread Xu, Quan



> -Original Message-
> From: xen-devel-boun...@lists.xen.org
> [mailto:xen-devel-boun...@lists.xen.org] On Behalf Of Xu, Quan
> Sent: Wednesday, January 07, 2015 9:45 AM
> To: Samuel Thibault
> Cc: Daniel De Graaf; xen-devel@lists.xen.org; stefano.stabell...@eu.citrix.com
> Subject: Re: [Xen-devel] [PATCH v2 1/5] vTPM: event channel bind
> interdomain with para/hvm virtual machine
> 
> 
> 
> > -Original Message-
> > From: xen-devel-boun...@lists.xen.org
> > [mailto:xen-devel-boun...@lists.xen.org] On Behalf Of Samuel Thibault
> > Sent: Wednesday, January 07, 2015 12:57 AM
> > To: Xu, Quan
> > Cc: Daniel De Graaf; stefano.stabell...@eu.citrix.com;
> > xen-devel@lists.xen.org
> > Subject: Re: [Xen-devel] [PATCH v2 1/5] vTPM: event channel bind
> > interdomain with para/hvm virtual machine
> >
> > Xu, Quan, le Tue 06 Jan 2015 16:46:58 +, a écrit :
> > > QEMU is running in Dom0 as usual, so the domid is 0.
> >
> > One can also run the HVM QEMU inside a stubdomain.
> 
> A good case, thanks Samuel.
> Once running the HVM QEMU inside a stubdomain, the domain type is
> para-virtualization(T_DOMAIN_TYPE_PV)
> 
> #define T_DOMAIN_TYPE_HVM 1
> #define T_DOMAIN_TYPE_PV  2
> 

I missed this case, described by Graaf. I have not tried it.

###

[...]
[minios or Linux tpmfront]
|
  QEMU stub-domain
|
 [MMIO emulation]
|
   Any HVM guest
###




Thanks 
Quan

> Thanks
> Quan
> >
> > Samuel
> >
> > ___
> > Xen-devel mailing list
> > Xen-devel@lists.xen.org
> > http://lists.xen.org/xen-devel
> 
> ___
> Xen-devel mailing list
> Xen-devel@lists.xen.org
> http://lists.xen.org/xen-devel

___
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel

Re: [Xen-devel] [PATCH v2 1/5] vTPM: event channel bind interdomain with para/hvm virtual machine

2015-01-06 Thread Xu, Quan



> -Original Message-
> From: xen-devel-boun...@lists.xen.org
> [mailto:xen-devel-boun...@lists.xen.org] On Behalf Of Samuel Thibault
> Sent: Wednesday, January 07, 2015 12:57 AM
> To: Xu, Quan
> Cc: Daniel De Graaf; stefano.stabell...@eu.citrix.com; xen-devel@lists.xen.org
> Subject: Re: [Xen-devel] [PATCH v2 1/5] vTPM: event channel bind
> interdomain with para/hvm virtual machine
> 
> Xu, Quan, le Tue 06 Jan 2015 16:46:58 +, a écrit :
> > QEMU is running in Dom0 as usual, so the domid is 0.
> 
> One can also run the HVM QEMU inside a stubdomain.

A good case, thanks Samuel.
Once running the HVM QEMU inside a stubdomain, the domain type is 
para-virtualization(T_DOMAIN_TYPE_PV)

#define T_DOMAIN_TYPE_HVM 1
#define T_DOMAIN_TYPE_PV  2

Thanks 
Quan 
> 
> Samuel
> 
> ___
> Xen-devel mailing list
> Xen-devel@lists.xen.org
> http://lists.xen.org/xen-devel

___
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel

Re: [Xen-devel] [PATCH v2 1/5] vTPM: event channel bind interdomain with para/hvm virtual machine

2015-01-06 Thread Daniel De Graaf


On 01/06/2015 11:46 AM, Xu, Quan wrote:

-Original Message-
From: Daniel De Graaf [mailto:dgde...@tycho.nsa.gov]
On 12/30/2014 11:44 PM, Quan Xu wrote:[...]

diff --git a/extras/mini-os/tpmback.c b/extras/mini-os/tpmback.c

[...]

+   domid = (domtype == T_DOMAIN_TYPE_HVM) ? 0 : tpmif->domid;


Unless I'm missing something, this still assumes that the HVM device model
is located in domain 0, and so it will not work if a stub domain is used for
qemu.



QEMU is running in Dom0 as usual, so the domid is 0.
as similar to Linux PV frontend driver, this frontend driver is enabled in QEMU.


This is a valid configuration of Xen and these patches do suffice to
make it work.  I am trying to ensure that an additional type of guest
setup will also work with these patches.

A useful feature of Xen is the ability to execute the QEMU device model
in a domain instead of a process in dom0.  When combined with driver
domains for devices, this can significantly reduce both the attack
surface of and amount of trust required of domain 0.


Any doubt, feel free to contact. I will try my best to explain. I think your 
suggestions are very helpful in previous email(Oct. 31th, 2014.
' Re: FW: [PATCH 1/6] vTPM: event channel bind interdomain with para/hvm 
virtual machine')
Maybe this is still a vague description :(


This is accurate but possibly incomplete.

This is my current understanding of the communications paths and support
for vTPMs in Xen:

  Physical TPM (1.2; with new patches, may also be 2.0)
|
 [MMIO pass-through]
|
  vtpmmgr domain
|
 [minios tpmback/front] - ((other domains' vTPMs))
|
   vTPM domain (currently always emulates a TPM v1.2)
|
 [minios tpmback]+[Linux tpmfront]-- PV Linux domain (fully working)
| \
|  +--[Linux tpmfront]-- HVM Linux with optional PV drivers
|   \
 [QEMU XenDevOps]  [minios or Linux tpmfront]
|  |
 QEMU dom0 process   QEMU stub-domain
|  |
 [MMIO emulation]   [MMIO emulation]
|  |
   Any HVM guest  Any HVM guest


The series you are sending will enable QEMU to talk to tpmback directly.
This is the best solution when QEMU is running inside domain 0, because
it is not currently a good idea to use Linux's tpmfront driver to talk to
each guest's vTPM domain.

When QEMU is run inside a stub domain, there are a few more things to consider:

 * This stub domain will not have domain 0; the vTPM must bind to another
   domain ID.
 * It is possible to use the native TPM driver for the stub domain (which may
   either run Linux or mini-os) because there is no conflict with a real TPM
   software stack running inside domain 0

Supporting this feature requires more granularity in the TPM backend changes.
The vTPM domain's backend must be able to handle:

 (1) guest domains which talk directly to the vTPM on their own behalf
 (2) QEMU processes in domain 0
 (3) QEMU domains which talk directly to the vTPM on behalf of a guest

Cases (1) and (3) are already handled by the existing tpmback if the proper
domain ID is used.

Your patch set currently breaks case (1) and (3) for HVM guests while
enabling case (2).  An alternate solution that does not break these cases
while enabling case (2) is preferable.

My thoughts on extending the xenstore interface via an example:

Domain 0: runs QEMU for guest A
Domain 1: vtpmmgr
Domain 2: vTPM for guest A
Domain 3: HVM guest A

Domain 4: vTPM for guest B
Domain 5: QEMU stubdom for guest B
Domain 6: HVM guest B

/local/domain/2/backend/vtpm/3/0/*: backend A-PV
/local/domain/3/device/vtpm/0/*: frontend A-PV

/local/domain/2/backend/vtpm/0/3/*: backend A-QEMU
/local/domain/0/qemu-device/vtpm/3/*: frontend A-QEMU  (uses XenDevOps)

/local/domain/4/backend/vtpm/5/0/*: backend B-QEMU
/local/domain/5/device/vtpm/0/*: frontend B-QEMU

/local/domain/4/backend/vtpm/6/0/*: backend B-PV
/local/domain/6/device/vtpm/0/*: frontend B-PV

Connections A-PV, B-PV, and B-QEMU would be created in the same manner as
the existing "xl vtpm-attach" command does now.  If the HVM guest is not
running Linux with the Xen tpmfront.ko loaded, the A-PV and B-PV devices
will remain unconnected; this is fine.

Connection A-QEMU has a modified frontend state path to prevent Linux from
attaching its own TPM driver to the guest's TPM.  This requires a few changes:
libxl must support changing the frontend path; this is similar to how disk
backend supports both qdisk and vbd (and others), but instead changes the path
for the frontend.  The minios backend also needs to change the sscanf in
parse_eventstr to something like "/local/domain/%u/%*[^/]/vtpm/%u/%40s".

In any case, the vTPM does not need to know if the guest is PV, HVM, or PVH.


BTW, professor J. Wang(Wuhan University, China) and I have enabled TPM 2.0 
simulator for Linux, Maybe we will try to integrate with vtpm domain to provide
TPM 2.0 vtpm function for virtual

Re: [Xen-devel] [PATCH v2 1/5] vTPM: event channel bind interdomain with para/hvm virtual machine

2015-01-06 Thread Samuel Thibault

Xu, Quan, le Tue 06 Jan 2015 16:46:58 +, a écrit :
> QEMU is running in Dom0 as usual, so the domid is 0.

One can also run the HVM QEMU inside a stubdomain.

Samuel

___
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel

Re: [Xen-devel] [PATCH v2 1/5] vTPM: event channel bind interdomain with para/hvm virtual machine

2015-01-06 Thread Xu, Quan

> -Original Message-
> From: Daniel De Graaf [mailto:dgde...@tycho.nsa.gov]
> Sent: Tuesday, January 06, 2015 12:06 AM
> To: Xu, Quan; xen-devel@lists.xen.org
> Cc: samuel.thiba...@ens-lyon.org; stefano.stabell...@eu.citrix.com
> Subject: Re: [PATCH v2 1/5] vTPM: event channel bind interdomain with
> para/hvm virtual machine
> 
> On 12/30/2014 11:44 PM, Quan Xu wrote:[...]
> > diff --git a/extras/mini-os/tpmback.c b/extras/mini-os/tpmback.c
> [...]
> > +   domid = (domtype == T_DOMAIN_TYPE_HVM) ? 0 : tpmif->domid;
> 
> Unless I'm missing something, this still assumes that the HVM device model
> is located in domain 0, and so it will not work if a stub domain is used for
> qemu.
> 

QEMU is running in Dom0 as usual, so the domid is 0.
as similar to Linux PV frontend driver, this frontend driver is enabled in QEMU.

*ARCHITECTURE*
The architecture of stubdom vTPM for HVM virtual machine:

++
| Windows/Linux DomU | ... (tpm_tis.ko)
||  ^|
|v  ||
|  Qemu tpm1.2 Tis   |   (Seabios patch will enable this TPM 1.2 
TIS, including  ACPI for 0xfed4 -- / register enables)
||  ^|   (Seabios, I did not send out, maybe this 
is the missed.)
|v  ||
| XenStubdoms backend|
++
 |  ^ (XenStubdoms backend/ XenDevOps are QEMU 
parts provide the glue for the TPM_TIS(Qemu frontend) to Xen
   stubdom vTPM domain)
 v  |
++
|  XenDevOps |
++
 |  ^
 v  |
++
|  mini-os/tpmback   |

Any doubt, feel free to contact. I will try my best to explain. I think your 
suggestions are very helpful in previous email(Oct. 31th, 2014. 
' Re: FW: [PATCH 1/6] vTPM: event channel bind interdomain with para/hvm 
virtual machine')
Maybe this is still a vague description :(

BTW, professor J. Wang(Wuhan University, China) and I have enabled TPM 2.0 
simulator for Linux, Maybe we will try to integrate with vtpm domain to provide
TPM 2.0 vtpm function for virtual machine in Q2 or later. 

Thanks 
Quan Xu

> --
> Daniel De Graaf
> National Security Agency

___
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel

Re: [Xen-devel] [PATCH v2 1/5] vTPM: event channel bind interdomain with para/hvm virtual machine

2015-01-05 Thread Daniel De Graaf


On 12/30/2014 11:44 PM, Quan Xu wrote:[...]

diff --git a/extras/mini-os/tpmback.c b/extras/mini-os/tpmback.c

[...]

+   domid = (domtype == T_DOMAIN_TYPE_HVM) ? 0 : tpmif->domid;


Unless I'm missing something, this still assumes that the HVM device
model is located in domain 0, and so it will not work if a stub domain
is used for qemu.

--
Daniel De Graaf
National Security Agency

___
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel

[Xen-devel] [PATCH v2 1/5] vTPM: event channel bind interdomain with para/hvm virtual machine

2014-12-31 Thread Quan Xu

Signed-off-by: Quan Xu 
---
 extras/mini-os/include/tpmback.h |  3 +++
 extras/mini-os/tpmback.c | 20 +---
 2 files changed, 20 insertions(+), 3 deletions(-)

diff --git a/extras/mini-os/include/tpmback.h b/extras/mini-os/include/tpmback.h
index 4408986..2618098 100644
--- a/extras/mini-os/include/tpmback.h
+++ b/extras/mini-os/include/tpmback.h
@@ -41,6 +41,9 @@
 #ifndef TPMBACK_H
 #define TPMBACK_H
 
+#define T_DOMAIN_TYPE_HVM 1
+#define T_DOMAIN_TYPE_PV  2
+
 struct tpmcmd {
domid_t domid;  /* Domid of the frontend */
uint8_t locality;/* Locality requested by the frontend */
diff --git a/extras/mini-os/tpmback.c b/extras/mini-os/tpmback.c
index 00b66e8..d76e05e 100644
--- a/extras/mini-os/tpmback.c
+++ b/extras/mini-os/tpmback.c
@@ -555,7 +555,7 @@ int connect_fe(tpmif_t* tpmif)
 {
char path[512];
char* err, *value;
-   uint32_t domid;
+   uint32_t domid, domtype;
grant_ref_t ringref;
evtchn_port_t evtchn;
 
@@ -608,14 +608,28 @@ int connect_fe(tpmif_t* tpmif)
}
free(value);
 
-   domid = tpmif->domid;
+   /* get the domain type*/
+   snprintf(path, 512, "%s/domain-type", tpmif->fe_path);
+   if ((err = xenbus_read(XBT_NIL, path, &value))) {
+   TPMBACK_ERR("xenbus_read(%s) Error = %s", path, err);
+   free(err);
+   return -1;
+   }
+   if (sscanf(value, "%d", &domtype) != 1) {
+   TPMBACK_ERR("Non integer value (%s) \n", value);
+   free(value);
+   return -1;
+   }
+
+   printk("domtype = %d \n",domtype);
+   domid = (domtype == T_DOMAIN_TYPE_HVM) ? 0 : tpmif->domid;
if((tpmif->page = gntmap_map_grant_refs(>pmdev.map, 1, &domid, 0, 
&ringref, PROT_READ | PROT_WRITE)) == NULL) {
   TPMBACK_ERR("Failed to map grant reference %u/%u\n", (unsigned int) 
tpmif->domid, tpmif->handle);
   return -1;
}
 
/*Bind the event channel */
-   if((evtchn_bind_interdomain(tpmif->domid, evtchn, tpmback_handler, tpmif, 
&tpmif->evtchn)))
+   if((evtchn_bind_interdomain(domid, evtchn, tpmback_handler, tpmif, 
&tpmif->evtchn)))
{
   TPMBACK_ERR("%u/%u Unable to bind to interdomain event channel!\n", 
(unsigned int) tpmif->domid, tpmif->handle);
   goto error_post_map;
-- 
1.8.3.2


___
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel

Re: [Xen-devel] [PATCH v2 1/5] vTPM: event channel bind interdomain with para/hvm virtual machine

Re: [Xen-devel] [PATCH v2 1/5] vTPM: event channel bind interdomain with para/hvm virtual machine

Re: [Xen-devel] [PATCH v2 1/5] vTPM: event channel bind interdomain with para/hvm virtual machine

Re: [Xen-devel] [PATCH v2 1/5] vTPM: event channel bind interdomain with para/hvm virtual machine

Re: [Xen-devel] [PATCH v2 1/5] vTPM: event channel bind interdomain with para/hvm virtual machine

Re: [Xen-devel] [PATCH v2 1/5] vTPM: event channel bind interdomain with para/hvm virtual machine

Re: [Xen-devel] [PATCH v2 1/5] vTPM: event channel bind interdomain with para/hvm virtual machine

Re: [Xen-devel] [PATCH v2 1/5] vTPM: event channel bind interdomain with para/hvm virtual machine

Re: [Xen-devel] [PATCH v2 1/5] vTPM: event channel bind interdomain with para/hvm virtual machine

Re: [Xen-devel] [PATCH v2 1/5] vTPM: event channel bind interdomain with para/hvm virtual machine

Re: [Xen-devel] [PATCH v2 1/5] vTPM: event channel bind interdomain with para/hvm virtual machine

Re: [Xen-devel] [PATCH v2 1/5] vTPM: event channel bind interdomain with para/hvm virtual machine

Re: [Xen-devel] [PATCH v2 1/5] vTPM: event channel bind interdomain with para/hvm virtual machine

[Xen-devel] [PATCH v2 1/5] vTPM: event channel bind interdomain with para/hvm virtual machine

14 matches

Site Navigation

Mail list logo

Footer information