From: "Daniel P. Berrange" <berrange@redhat.com>
To: Stefan Berger <stefanb@linux.vnet.ibm.com>
Cc: Markus Armbruster <armbru@redhat.com>,
Anthony Liguori <aliguori@us.ibm.com>,
QEMU Developers <qemu-devel@nongnu.org>,
"Michael S. Tsirkin" <mst@redhat.com>
Subject: Re: [Qemu-devel] Design of the blobstore
Date: Thu, 15 Sep 2011 14:27:11 +0100 [thread overview]
Message-ID: <20110915132710.GR29309@redhat.com> (raw)
In-Reply-To: <4E71F9F5.9060005@linux.vnet.ibm.com>
On Thu, Sep 15, 2011 at 09:13:25AM -0400, Stefan Berger wrote:
> On 09/15/2011 09:05 AM, Daniel P. Berrange wrote:
> >On Wed, Sep 14, 2011 at 01:05:44PM -0400, Stefan Berger wrote:
> >>Hello!
> >>
> >> Over the last few days primarily Michael Tsirkin and I have
> >>discussed the design of the 'blobstore' via IRC (#virtualization).
> >>The intention of the blobstore is to provide storage to persist
> >>blobs that devices create. Along with these blobs possibly some
> >>metadata should be storable in this blobstore.
> >>
> >> An initial client for the blobstore would be the TPM emulation.
> >>The TPM's persistent state needs to be stored once it changes so it
> >>can be restored at any point in time later on, i.e., after a cold
> >>reboot of the VM. In effect the blobstore simulates the NVRAM of a
> >>device where it would typically store such persistent data onto.
> >While I can see the appeal of a general 'blobstore' for NVRAM
> >tunables related to device, wrt the TPM emulation, should we
> >be considering use of something like the PKCS#11 standard for
> >storing/retrieving crypto data for the TPM ?
> >
> > https://secure.wikimedia.org/wikipedia/en/wiki/PKCS11
> We should regard the blobs the TPM produces as crypto data as a
> whole, allowing for encryption of each one. QCoW2 encryption is good
> for that since it uses per-sector encryption but we loose all that
> in case of RAW image being use for NVRAM storage.
>
> FYI: The TPM writes its data in a custom format and produces a blob
> that should be stored without knowing the organization of its
> content. This blob doesn't only contain keys but many other data in
> the 3 different types of blobs that the TPM can produce under
> certain cirumstances : values of counters, values of the PCRs (20
> byte long registers), keys, owner and SRK (storage root key)
> password, TPM's NVRAM areas, flags etc.
Is this description of storage inherant in the impl of TPMs in general,
or just the way you've chosen to implement the QEMU vTPM ?
IIUC, you are describing a layering like
+----------------+
| Guest App |
+----------------+
^ ^ ^ ^ ^ ^ ^
| | | | | | | Data slots
V V V V V V V
+----------------+
| QEMU vTPM Dev |
+----------------+
^
| Data blob
V
+----------------+
| Storage device | (File/block dev)
+----------------+
I was thinking about whether we could delegate the encoding
of data slots -> blobs, to outside the vTPM device emulation
by using PKCS ?
+----------------+
| Guest App |
+----------------+
^ ^ ^ ^ ^ ^ ^
| | | | | | | Data slots
V V V V V V V
+----------------+
| QEMU vTPM Dev |
+----------------+
^ ^ ^ ^ ^ ^ ^
| | | | | | | Data slots
V V V V V V V
+----------------+
| PKCS#11 Driver |
+----------------+
^
| Data blob
V
+----------------+
| Storage device | (File/blockdev/HSM/Smartcard)
+----------------+
Regards,
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
next prev parent reply other threads:[~2011-09-15 13:27 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-09-14 17:05 [Qemu-devel] Design of the blobstore Stefan Berger
2011-09-14 17:40 ` Michael S. Tsirkin
2011-09-14 17:49 ` Stefan Berger
2011-09-14 17:56 ` Michael S. Tsirkin
2011-09-14 21:12 ` Stefan Berger
2011-09-15 6:57 ` Michael S. Tsirkin
2011-09-15 10:22 ` Stefan Berger
2011-09-15 10:51 ` Michael S. Tsirkin
2011-09-15 10:55 ` Stefan Berger
2011-09-15 5:47 ` Gleb Natapov
2011-09-15 10:18 ` Stefan Berger
2011-09-15 10:20 ` Gleb Natapov
2011-09-15 11:17 ` Stefan Hajnoczi
2011-09-15 11:35 ` Daniel P. Berrange
2011-09-15 11:40 ` Kevin Wolf
2011-09-15 11:58 ` Stefan Hajnoczi
2011-09-15 12:31 ` Michael S. Tsirkin
2011-09-16 8:46 ` Kevin Wolf
2011-09-15 14:19 ` Stefan Berger
2011-09-16 8:12 ` Kevin Wolf
2011-09-15 12:34 ` [Qemu-devel] Design of the blobstore [API of the NVRAM] Stefan Berger
2011-09-16 10:35 ` Stefan Hajnoczi
2011-09-16 11:36 ` Stefan Berger
2011-09-15 13:05 ` [Qemu-devel] Design of the blobstore Daniel P. Berrange
2011-09-15 13:13 ` Stefan Berger
2011-09-15 13:27 ` Daniel P. Berrange [this message]
2011-09-15 14:00 ` Stefan Berger
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20110915132710.GR29309@redhat.com \
--to=berrange@redhat.com \
--cc=aliguori@us.ibm.com \
--cc=armbru@redhat.com \
--cc=mst@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=stefanb@linux.vnet.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.