Re: [Xen-devel] [v9 00/19] QEMU:Xen stubdom vTPM for HVM virtual machine(QEMU Part)

2016-07-14 Thread Stefano Stabellini 
Hi Quan,

thanks for CC'ing me. sstabell...@kernel.org is the right address to
reach me now.

I am also CC'ing Anthony Perard who is Xen co-maintainer in QEMU.

Cheers,

Stefano

On Wed, 13 Jul 2016, Xu, Quan wrote:
> Emil, Thanks for your  effort ( today I just come back to return my laptop).
> 
> btw, sstabell...@kernel.org may be the right email.
>  Stefan / Stefano,  could you help us review these patches? Thanks in 
> advance!!
> 
> Quan 
> 
>  
> On July 10, 2016 7:48 PM, Emil Condrea  wrote:
> > *INTRODUCTION*
> > The goal of virtual Trusted Platform Module (vTPM) is to provide a TPM
> > functionality to virtual machines (Fedora, Ubuntu, Redhat, Windows .etc).
> > This allows programs to interact with a TPM in a virtual machine the same 
> > way
> > they interact with a TPM on the physical system. Each virtual machine gets 
> > its
> > own unique, emulated, software TPM. Each major component of vTPM is
> > implemented as a stubdom, providing secure separation guaranteed by the
> > hypervisor.
> > 
> > The vTPM stubdom is a Xen mini-OS domain that emulates a TPM for the
> > virtual machine to use. It is a small wrapper around the Berlios TPM 
> > emulator.
> > TPM commands are passed from mini-os TPM backend driver.
> > 
> > *ARCHITECTURE*
> > The architecture of stubdom vTPM for HVM virtual machine:
> > 
> > ++
> > | Windows/Linux DomU | ...
> > ||  ^|
> > |v  ||
> > |  Qemu tpm1.2 Tis   |
> > ||  ^|
> > |v  ||
> > | XenStubdoms backend|
> > ++
> >  |  ^
> >  v  |
> > ++
> > |  XenDevOps |
> > ++
> >  |  ^
> >  v  |
> > ++
> > |  mini-os/tpmback   |
> > ||  ^|
> > |v  ||
> > |   vtpm-stubdom | ...
> > ||  ^|
> > |v  ||
> > |  mini-os/tpmfront  |
> > ++
> >  |  ^
> >  v  |
> > ++
> > |  mini-os/tpmback   |
> > ||  ^|
> > |v  ||
> > |  vtpmmgr-stubdom   |
> > ||  ^|
> > |v  ||
> > |  mini-os/tpm_tis   |
> > ++
> >  |  ^
> >  v  |
> > ++
> > |Hardware TPM|
> > ++
> > 
> >  * Windows/Linux DomU:
> > The HVM based guest that wants to use a vTPM. There may be
> > more than one of these.
> > 
> >  * Qemu tpm1.2 Tis:
> > Implementation of the tpm1.2 Tis interface for HVM virtual
> > machines. It is Qemu emulation device.
> > 
> >  * vTPM xenstubdoms driver:
> > Qemu vTPM driver. This driver provides vtpm initialization
> > and sending data and commends to a para-virtualized vtpm
> > stubdom.
> > 
> >  * XenDevOps:
> > Register Xen stubdom vTPM frontend driver, and transfer any
> > request/repond between TPM xenstubdoms driver and Xen vTPM
> > stubdom. Facilitate communications between Xen vTPM stubdom
> > and vTPM xenstubdoms driver.
> > 
> >  * mini-os/tpmback:
> > Mini-os TPM backend driver. The Linux frontend driver connects
> > to this backend driver to facilitate communications between the
> > Linux DomU and its vTPM. This driver is also used by vtpmmgr
> > stubdom to communicate with vtpm-stubdom.
> > 
> >  * vtpm-stubdom:
> > A mini-os stub domain that implements a vTPM. There is a
> > one to one mapping between running vtpm-stubdom instances and
> > logical vtpms on the system. The vTPM Platform Configuration
> > Registers (PCRs) are all initialized to zero.
> > 
> >  * mini-os/tpmfront:
> > Mini-os TPM frontend driver. The vTPM mini-os domain vtpm
> > stubdom uses this driver to communicate with vtpmmgr-stubdom.
> > This driver could also be used separately to implement a mini-os
> > domain that wishes to use a vTPM of its own.
> > 
> >  * vtpmmgr-stubdom:
> > A mini-os domain that implements the vTPM manager. There is only
> > one vTPM manager and it should be running during the entire lifetime
> > of the machine. vtpmmgr domain securely stores encryption keys for
> > each of the vtpms and accesses to the hardware TPM to get the root of
> > trust for the entire system.
> > 
> >  * mini-os/tpm_tis:
> > Mini-os TPM version 1.2 TPM Interface Specification (TIS) driver.
> > This driver used by vtpmmgr-stubdom

Re: [Xen-devel] [v9 00/19] QEMU:Xen stubdom vTPM for HVM virtual machine(QEMU Part)

2016-07-12 Thread Xu, Quan 
Emil, Thanks for your  effort ( today I just come back to return my laptop).

btw, sstabell...@kernel.org may be the right email.
 Stefan / Stefano,  could you help us review these patches? Thanks in advance!!

Quan 

 
On July 10, 2016 7:48 PM, Emil Condrea  wrote:
> *INTRODUCTION*
> The goal of virtual Trusted Platform Module (vTPM) is to provide a TPM
> functionality to virtual machines (Fedora, Ubuntu, Redhat, Windows .etc).
> This allows programs to interact with a TPM in a virtual machine the same way
> they interact with a TPM on the physical system. Each virtual machine gets its
> own unique, emulated, software TPM. Each major component of vTPM is
> implemented as a stubdom, providing secure separation guaranteed by the
> hypervisor.
> 
> The vTPM stubdom is a Xen mini-OS domain that emulates a TPM for the
> virtual machine to use. It is a small wrapper around the Berlios TPM emulator.
> TPM commands are passed from mini-os TPM backend driver.
> 
> *ARCHITECTURE*
> The architecture of stubdom vTPM for HVM virtual machine:
> 
> ++
> | Windows/Linux DomU | ...
> ||  ^|
> |v  ||
> |  Qemu tpm1.2 Tis   |
> ||  ^|
> |v  ||
> | XenStubdoms backend|
> ++
>  |  ^
>  v  |
> ++
> |  XenDevOps |
> ++
>  |  ^
>  v  |
> ++
> |  mini-os/tpmback   |
> ||  ^|
> |v  ||
> |   vtpm-stubdom | ...
> ||  ^|
> |v  ||
> |  mini-os/tpmfront  |
> ++
>  |  ^
>  v  |
> ++
> |  mini-os/tpmback   |
> ||  ^|
> |v  ||
> |  vtpmmgr-stubdom   |
> ||  ^|
> |v  ||
> |  mini-os/tpm_tis   |
> ++
>  |  ^
>  v  |
> ++
> |Hardware TPM|
> ++
> 
>  * Windows/Linux DomU:
> The HVM based guest that wants to use a vTPM. There may be
> more than one of these.
> 
>  * Qemu tpm1.2 Tis:
> Implementation of the tpm1.2 Tis interface for HVM virtual
> machines. It is Qemu emulation device.
> 
>  * vTPM xenstubdoms driver:
> Qemu vTPM driver. This driver provides vtpm initialization
> and sending data and commends to a para-virtualized vtpm
> stubdom.
> 
>  * XenDevOps:
> Register Xen stubdom vTPM frontend driver, and transfer any
> request/repond between TPM xenstubdoms driver and Xen vTPM
> stubdom. Facilitate communications between Xen vTPM stubdom
> and vTPM xenstubdoms driver.
> 
>  * mini-os/tpmback:
> Mini-os TPM backend driver. The Linux frontend driver connects
> to this backend driver to facilitate communications between the
> Linux DomU and its vTPM. This driver is also used by vtpmmgr
> stubdom to communicate with vtpm-stubdom.
> 
>  * vtpm-stubdom:
> A mini-os stub domain that implements a vTPM. There is a
> one to one mapping between running vtpm-stubdom instances and
> logical vtpms on the system. The vTPM Platform Configuration
> Registers (PCRs) are all initialized to zero.
> 
>  * mini-os/tpmfront:
> Mini-os TPM frontend driver. The vTPM mini-os domain vtpm
> stubdom uses this driver to communicate with vtpmmgr-stubdom.
> This driver could also be used separately to implement a mini-os
> domain that wishes to use a vTPM of its own.
> 
>  * vtpmmgr-stubdom:
> A mini-os domain that implements the vTPM manager. There is only
> one vTPM manager and it should be running during the entire lifetime
> of the machine. vtpmmgr domain securely stores encryption keys for
> each of the vtpms and accesses to the hardware TPM to get the root of
> trust for the entire system.
> 
>  * mini-os/tpm_tis:
> Mini-os TPM version 1.2 TPM Interface Specification (TIS) driver.
> This driver used by vtpmmgr-stubdom to talk directly to the hardware
> TPM. Communication is facilitated by mapping hardware memory pages
> into vtpmmgr stubdom.
> 
>  * Hardware TPM: The physical TPM 1.2 that is soldered onto the
> motherboard.
> 
> ---
> Changes in v9
> High level changes: (each patch has a detailed history versioning)
>  * rebase on upstream qemu
>  * refactor qemu xendevs, xenstore functions in order to be shared with both
> backend and frontends
>  * convert tpm