Re: [Qemu-devel] Design of the blobstore

["Daniel P. Berrange" <berrange@redhat.com>]

On Wed, Sep 14, 2011 at 01:05:44PM -0400, Stefan Berger wrote:
> Hello!
> 
>   Over the last few days primarily Michael Tsirkin and I have
> discussed the design of the 'blobstore' via IRC (#virtualization).
> The intention of the blobstore is to provide storage to persist
> blobs that devices create. Along with these blobs possibly some
> metadata should be storable in this blobstore.
> 
>   An initial client for the blobstore would be the TPM emulation.
> The TPM's persistent state needs to be stored once it changes so it
> can be restored at any point in time later on, i.e., after a cold
> reboot of the VM. In effect the blobstore simulates the NVRAM of a
> device where it would typically store such persistent data onto.

While I can see the appeal of a general 'blobstore' for NVRAM
tunables related to device, wrt the TPM emulation, should we
be considering use of something like the PKCS#11 standard for
storing/retrieving crypto data for the TPM ?

  https://secure.wikimedia.org/wikipedia/en/wiki/PKCS11

This is a industry standard for interfacing to cryptographic
storage mechanisms, widely supported by all SSL libraries & more
or less all programming languages. IIUC it lets the application
avoid hardcoding a specification storage backend impl, so it can
be made to work with anything from local files, to smartcards,
to HSMs, to remote network services.

Regards,
Daniel
-- 
|: http://berrange.com      -o-    http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org              -o-             http://virt-manager.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org       -o-       http://live.gnome.org/gtk-vnc :|