~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

TOMOYO Linux Cross Reference
Linux/Documentation/security/tpm/xen-tpmfront.rst

Version: ~ [ linux-6.12-rc7 ] ~ [ linux-6.11.7 ] ~ [ linux-6.10.14 ] ~ [ linux-6.9.12 ] ~ [ linux-6.8.12 ] ~ [ linux-6.7.12 ] ~ [ linux-6.6.60 ] ~ [ linux-6.5.13 ] ~ [ linux-6.4.16 ] ~ [ linux-6.3.13 ] ~ [ linux-6.2.16 ] ~ [ linux-6.1.116 ] ~ [ linux-6.0.19 ] ~ [ linux-5.19.17 ] ~ [ linux-5.18.19 ] ~ [ linux-5.17.15 ] ~ [ linux-5.16.20 ] ~ [ linux-5.15.171 ] ~ [ linux-5.14.21 ] ~ [ linux-5.13.19 ] ~ [ linux-5.12.19 ] ~ [ linux-5.11.22 ] ~ [ linux-5.10.229 ] ~ [ linux-5.9.16 ] ~ [ linux-5.8.18 ] ~ [ linux-5.7.19 ] ~ [ linux-5.6.19 ] ~ [ linux-5.5.19 ] ~ [ linux-5.4.285 ] ~ [ linux-5.3.18 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.323 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.336 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.337 ] ~ [ linux-4.4.302 ] ~ [ linux-3.10.108 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.12 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

Diff markup

Differences between /Documentation/security/tpm/xen-tpmfront.rst (Version linux-6.12-rc7) and /Documentation/security/tpm/xen-tpmfront.rst (Version linux-4.11.12)


  1 =============================                     
  2 Virtual TPM interface for Xen                     
  3 =============================                     
  4                                                   
  5 Authors: Matthew Fioravante (JHUAPL), Daniel D    
  6                                                   
  7 This document describes the virtual Trusted Pl    
  8 Xen. The reader is assumed to have familiarity    
  9 Linux, and a basic understanding of the TPM an    
 10                                                   
 11 Introduction                                      
 12 ------------                                      
 13                                                   
 14 The goal of this work is to provide a TPM func    
 15 operating system (in Xen terms, a DomU).  This    
 16 a TPM in a virtual system the same way they in    
 17 system.  Each guest gets its own unique, emula    
 18 of the vTPM's secrets (Keys, NVRAM, etc) are m    
 19 which seals the secrets to the Physical TPM.      
 20 these domains (manager, vTPM, and guest) is tr    
 21 the chain of trust rooted in the hardware TPM     
 22 major component of vTPM is implemented as a se    
 23 separation guaranteed by the hypervisor. The v    
 24 mini-os to reduce memory and processor overhea    
 25                                                   
 26 This mini-os vTPM subsystem was built on top o    
 27 IBM and Intel corporation.                        
 28                                                   
 29                                                   
 30 Design Overview                                   
 31 ---------------                                   
 32                                                   
 33 The architecture of vTPM is described below::     
 34                                                   
 35   +------------------+                            
 36   |    Linux DomU    | ...                        
 37   |       |  ^       |                            
 38   |       v  |       |                            
 39   |   xen-tpmfront   |                            
 40   +------------------+                            
 41           |  ^                                    
 42           v  |                                    
 43   +------------------+                            
 44   | mini-os/tpmback  |                            
 45   |       |  ^       |                            
 46   |       v  |       |                            
 47   |  vtpm-stubdom    | ...                        
 48   |       |  ^       |                            
 49   |       v  |       |                            
 50   | mini-os/tpmfront |                            
 51   +------------------+                            
 52           |  ^                                    
 53           v  |                                    
 54   +------------------+                            
 55   | mini-os/tpmback  |                            
 56   |       |  ^       |                            
 57   |       v  |       |                            
 58   | vtpmmgr-stubdom  |                            
 59   |       |  ^       |                            
 60   |       v  |       |                            
 61   | mini-os/tpm_tis  |                            
 62   +------------------+                            
 63           |  ^                                    
 64           v  |                                    
 65   +------------------+                            
 66   |   Hardware TPM   |                            
 67   +------------------+                            
 68                                                   
 69 * Linux DomU:                                     
 70                The Linux based guest that want    
 71                more than one of these.            
 72                                                   
 73 * xen-tpmfront.ko:                                
 74                     Linux kernel virtual TPM f    
 75                     provides vTPM access to a     
 76                                                   
 77 * mini-os/tpmback:                                
 78                     Mini-os TPM backend driver    
 79                     connects to this backend d    
 80                     between the Linux DomU and    
 81                     used by vtpmmgr-stubdom to    
 82                                                   
 83 * vtpm-stubdom:                                   
 84                  A mini-os stub domain that im    
 85                  one to one mapping between ru    
 86                  logical vtpms on the system.     
 87                  Registers (PCRs) are normally    
 88                                                   
 89 * mini-os/tpmfront:                               
 90                      Mini-os TPM frontend driv    
 91                      vtpm-stubdom uses this dr    
 92                      vtpmmgr-stubdom. This dri    
 93                      domains such as pv-grub t    
 94                                                   
 95 * vtpmmgr-stubdom:                                
 96                     A mini-os domain that impl    
 97                     only one vTPM manager and     
 98                     entire lifetime of the mac    
 99                     access to the physical TPM    
100                     persistent state of each v    
101                                                   
102 * mini-os/tpm_tis:                                
103                     Mini-os TPM version 1.2 TP    
104                     driver. This driver used b    
105                     the hardware TPM. Communic    
106                     hardware memory pages into    
107                                                   
108 * Hardware TPM:                                   
109                 The physical TPM that is solde    
110                                                   
111                                                   
112 Integration With Xen                              
113 --------------------                              
114                                                   
115 Support for the vTPM driver was added in Xen u    
116 4.3.  See the Xen documentation (docs/misc/vtp    
117 the vTPM and vTPM Manager stub domains.  Once     
118 vTPM device is set up in the same manner as a     
119 domain's configuration file.                      
120                                                   
121 In order to use features such as IMA that requ    
122 the initrd, the xen-tpmfront driver must be co    
123 using such features, the driver can be compile    
124 as usual.                                         
                                                      

~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

kernel.org | git.kernel.org | LWN.net | Project Home | SVN repository | Mail admin

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

sflogo.php