Re: [PATCH v3 6/7] docs/zh_CN: Add tpm xen-tpmfront Chinese translation

linux-doc.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Yanteng Si <si.yanteng@linux.dev>
To: Shuo Zhao <zhaoshuo@cqsoftware.com.cn>, alexs@kernel.org, corbet@lwn.net
Cc: zhaoyuehui@cqsoftware.com.cn, zhangwei@cqsoftware.com.cn,
	maoyuxian@cqsoftware.com.cn, linux-doc@vger.kernel.org
Subject: Re: [PATCH v3 6/7] docs/zh_CN: Add tpm xen-tpmfront Chinese translation
Date: Fri, 24 Jan 2025 17:23:36 +0800	[thread overview]
Message-ID: <43863dec-89c7-4eb2-9cd3-8cf1f3b3e032@linux.dev> (raw)
In-Reply-To: <570a7a7c6f55996c02dd2e474a4e8cbfa8f9ccc3.1737603330.git.zhaoshuo@cqsoftware.com.cn>




在 2025/1/23 13:17, Shuo Zhao 写道:
> Translate .../security/tpm/xen-tpmfront.rst into Chinese.
>
> Update the translation through commit 9e255e2b9afe
> ("Documentation: drop optional BOMs")
>
> Reviewed-by: Alex Shi <alexs@kernel.org>
> Signed-off-by: Shuo Zhao <zhaoshuo@cqsoftware.com.cn>
Reviewed-by: Yanteng Si <si.yanteng@linux.dev>

Thanks,
Yanteng
> ---
>   .../translations/zh_CN/security/tpm/index.rst |   2 +-
>   .../zh_CN/security/tpm/xen-tpmfront.rst       | 114 ++++++++++++++++++
>   2 files changed, 115 insertions(+), 1 deletion(-)
>   create mode 100644 Documentation/translations/zh_CN/security/tpm/xen-tpmfront.rst
>
> diff --git a/Documentation/translations/zh_CN/security/tpm/index.rst b/Documentation/translations/zh_CN/security/tpm/index.rst
> index dd80816f8af8..bf95200ca586 100644
> --- a/Documentation/translations/zh_CN/security/tpm/index.rst
> +++ b/Documentation/translations/zh_CN/security/tpm/index.rst
> @@ -16,7 +16,7 @@
>      tpm-security
>      tpm_tis
>      tpm_vtpm_proxy
> +   xen-tpmfront
>   
>   TODOLIST:
> -*   xen-tpmfront
>   *   tpm_ftpm_tee
> diff --git a/Documentation/translations/zh_CN/security/tpm/xen-tpmfront.rst b/Documentation/translations/zh_CN/security/tpm/xen-tpmfront.rst
> new file mode 100644
> index 000000000000..fa085d98a99b
> --- /dev/null
> +++ b/Documentation/translations/zh_CN/security/tpm/xen-tpmfront.rst
> @@ -0,0 +1,114 @@
> +.. SPDX-License-Identifier: GPL-2.0
> +.. include:: ../../disclaimer-zh_CN.rst
> +
> +:Original: Documentation/security/tpm/xen-tpmfront.rst
> +
> +:翻译:
> + 赵硕 Shuo Zhao <zhaoshuo@cqsoftware.com.cn>
> +
> +================
> +Xen的虚拟TPM接口
> +================
> +
> +作者：Matthew Fioravante (JHUAPL), Daniel De Graaf (NSA)
> +
> +本文档描述了用于Xen的虚拟可信平台模块（vTPM）子系统。假定读者熟悉
> +Xen和Linux的构建和安装，并对TPM和vTPM概念有基本的理解。
> +
> +介绍
> +----
> +
> +这项工作的目标是为虚拟客户操作系统（在Xen中称为DomU）提供TPM功能。这使得
> +程序能够像与物理系统上的TPM交互一样，与虚拟系统中的TPM进行交互。每个客户
> +操作系统都会获得一个唯一的、模拟的软件TPM。然而，vTPM的所有秘密（如密钥、
> +NVRAM 等）由vTPM管理域进行管理，该域将这些秘密封存到物理TPM中。如果创建这
> +些域（管理域、vTPM域和客户域）的过程是可信的，vTPM子系统就能将根植于硬件
> +TPM的信任链扩展到Xen中的虚拟机。vTPM的每个主要组件都作为一个独立的域实现，
> +从而通过虚拟机监控程序（hypervisor）提供安全隔离。
> +
> +这个mini-os vTPM 子系统是建立在IBM和Intel公司之前的vTPM工作基础上的。
> +
> +
> +设计概述
> +--------
> +
> +vTPM的架构描述如下::
> +
> +  +------------------+
> +  |    Linux DomU    | ...
> +  |       |  ^       |
> +  |       v  |       |
> +  |   xen-tpmfront   |
> +  +------------------+
> +          |  ^
> +          v  |
> +  +------------------+
> +  | mini-os/tpmback  |
> +  |       |  ^       |
> +  |       v  |       |
> +  |  vtpm-stubdom    | ...
> +  |       |  ^       |
> +  |       v  |       |
> +  | mini-os/tpmfront |
> +  +------------------+
> +          |  ^
> +          v  |
> +  +------------------+
> +  | mini-os/tpmback  |
> +  |       |  ^       |
> +  |       v  |       |
> +  | vtpmmgr-stubdom  |
> +  |       |  ^       |
> +  |       v  |       |
> +  | mini-os/tpm_tis  |
> +  +------------------+
> +          |  ^
> +          v  |
> +  +------------------+
> +  |   Hardware TPM   |
> +  +------------------+
> +
> +* Linux DomU:
> +               希望使用vTPM的基于Linux的客户机。可能有多个这样的实例。
> +
> +* xen-tpmfront.ko:
> +               Linux内核虚拟TPM前端驱动程序。该驱动程序为基于Linux的DomU提供
> +               vTPM访问。
> +
> +* mini-os/tpmback:
> +               Mini-os TPM后端驱动程序。Linux前端驱动程序通过该后端驱动程序连
> +               接，以便在Linux DomU和其vTPM之间进行通信。该驱动程序还被
> +               vtpmmgr-stubdom用于与vtpm-stubdom通信。
> +
> +* vtpm-stubdom:
> +               一个实现vTPM的mini-os存根域。每个正在运行的vtpm-stubdom实例与系统
> +               上的逻辑vTPM之间有一一对应的关系。vTPM平台配置寄存器（PCRs）通常都
> +               初始化为零。
> +
> +* mini-os/tpmfront:
> +               Mini-os TPM前端驱动程序。vTPM mini-os域vtpm-stubdom使用该驱动程序
> +               与vtpmmgr-stubdom通信。此驱动程序还用于与vTPM域通信的mini-os域，例
> +               如 pv-grub。
> +
> +* vtpmmgr-stubdom:
> +               一个实现vTPM管理器的mini-os域。系统中只有一个vTPM管理器，并且在整个
> +               机器生命周期内应一直运行。此域调节对系统中物理TPM的访问，并确保每个
> +               vTPM的持久状态。
> +
> +* mini-os/tpm_tis:
> +               Mini-osTPM1.2版本TPM 接口规范（TIS）驱动程序。该驱动程序由vtpmmgr-stubdom
> +               用于直接与硬件TPM通信。通信通过将硬件内存页映射到vtpmmgr-stubdom来实现。
> +
> +* 硬件TPM:
> +               固定在主板上的物理 TPM。
> +
> +与Xen的集成
> +-----------
> +
> +vTPM驱动程序的支持已在Xen4.3中通过libxl工具堆栈添加。有关设置vTPM和vTPM
> +管理器存根域的详细信息，请参见Xen文档（docs/misc/vtpm.txt）。一旦存根域
> +运行，与磁盘或网络设备相同，vTPM设备将在域的配置文件中进行设置
> +
> +为了使用诸如IMA（完整性测量架构）等需要在initrd之前加载TPM的功能，必须将
> +xen-tpmfront驱动程序编译到内核中。如果不使用这些功能，驱动程序可以作为
> +模块编译，并像往常一样加载。

next prev parent reply	other threads:[~2025-01-24  9:23 UTC|newest]

Thread overview: 16+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2025-01-23  5:17 [PATCH v3 0/7] Add all Chinese translations in the tpm directory Shuo Zhao
2025-01-23  5:17 ` [PATCH v3 1/7] docs/zh_CN: Add tpm index Chinese translation Shuo Zhao
2025-01-24  6:58   ` Yanteng Si
2025-01-23  5:17 ` [PATCH v3 2/7] docs/zh_CN: Add tpm tpm_event_log " Shuo Zhao
2025-01-24  7:01   ` Yanteng Si
2025-01-23  5:17 ` [PATCH v3 3/7] docs/zh_CN: Add tpm tpm-security " Shuo Zhao
2025-01-24  9:19   ` Yanteng Si
2025-01-23  5:17 ` [PATCH v3 4/7] docs/zh_CN: Add tpm tpm_tis " Shuo Zhao
2025-01-24  9:20   ` Yanteng Si
2025-01-23  5:17 ` [PATCH v3 5/7] docs/zh_CN: Add tpm tpm_vtpm_proxy " Shuo Zhao
2025-01-24  9:21   ` Yanteng Si
2025-01-23  5:17 ` [PATCH v3 6/7] docs/zh_CN: Add tpm xen-tpmfront " Shuo Zhao
2025-01-24  9:23   ` Yanteng Si [this message]
2025-01-23  5:17 ` [PATCH v3 7/7] docs/zh_CN: Add tpm tpm_ftpm_tee " Shuo Zhao
2025-01-24  9:24   ` Yanteng Si
2025-02-04 16:54 ` [PATCH v3 0/7] Add all Chinese translations in the tpm directory Jonathan Corbet

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=43863dec-89c7-4eb2-9cd3-8cf1f3b3e032@linux.dev \
    --to=si.yanteng@linux.dev \
    --cc=alexs@kernel.org \
    --cc=corbet@lwn.net \
    --cc=linux-doc@vger.kernel.org \
    --cc=maoyuxian@cqsoftware.com.cn \
    --cc=zhangwei@cqsoftware.com.cn \
    --cc=zhaoshuo@cqsoftware.com.cn \
    --cc=zhaoyuehui@cqsoftware.com.cn \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).