From: Daniel De Graaf <dgdegra@tycho.nsa.gov>
To: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Cc: matthew.fioravante@jhuapl.edu, xen-devel@lists.xen.org
Subject: Re: [PATCH 09/14] stubdom/vtpm: Add PCR pass-through to hardware TPM
Date: Fri, 14 Dec 2012 15:12:40 -0500 [thread overview]
Message-ID: <50CB8838.1070009@tycho.nsa.gov> (raw)
In-Reply-To: <1355169347-25917-10-git-send-email-dgdegra@tycho.nsa.gov>
On 12/10/2012 02:55 PM, Daniel De Graaf wrote:
> This allows the hardware TPM's PCRs to be accessed from a vTPM for
> debugging and as a simple alternative to a deep quote in situations
> where the integrity of the vTPM's own TCB is not in question.
>
> Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
> ---
> stubdom/Makefile | 1 +
> stubdom/vtpm-pcr-passthrough.patch | 73 ++++++++++++++++++++++++++++++++++++++
> stubdom/vtpm/vtpm_cmd.c | 38 ++++++++++++++++++++
> 3 files changed, 112 insertions(+)
> create mode 100644 stubdom/vtpm-pcr-passthrough.patch
This patch is incomplete, so don't apply it: seal operations can't use the
extra PCRs, and it's likely other operations such as nvram have the same
problem. It's not a dependency for any other patch, and an alternative
implementation should end up being more configurable anyway.
--
Daniel De Graaf
National Security Agency
next prev parent reply other threads:[~2012-12-14 20:12 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-12-10 19:55 [PATCH v3 00/14] vTPM new ABI, extensions Daniel De Graaf
2012-12-10 19:55 ` [PATCH 01/14] mini-os/tpm{back, front}: Change shared page ABI Daniel De Graaf
2012-12-14 20:16 ` [PATCH v3.2] " Daniel De Graaf
2012-12-10 19:55 ` [PATCH 02/14] stubdom/vtpm: correct the buffer size returned by TPM_CAP_PROP_INPUT_BUFFER Daniel De Graaf
2012-12-10 19:55 ` [PATCH 03/14] stubdom/vtpm: Support locality field Daniel De Graaf
2012-12-10 19:55 ` [PATCH 04/14] stubdom/vtpm: Allow repoen of closed devices Daniel De Graaf
2012-12-10 19:55 ` [PATCH 05/14] stubdom/vtpm: make state save operation atomic Daniel De Graaf
2012-12-10 19:55 ` [PATCH 06/14] stubdom/grub: send kernel measurements to vTPM Daniel De Graaf
2012-12-10 19:55 ` [PATCH 07/14] stubdom/vtpm: Add locality-5 PCRs Daniel De Graaf
2012-12-10 19:55 ` [PATCH 08/14] stubdom/vtpm: support multiple backends Daniel De Graaf
2012-12-10 19:55 ` [PATCH 09/14] stubdom/vtpm: Add PCR pass-through to hardware TPM Daniel De Graaf
2012-12-14 20:12 ` Daniel De Graaf [this message]
2012-12-10 19:55 ` [PATCH 10/14] mini-os/tpmback: set up callbacks before enumeration Daniel De Graaf
2012-12-10 19:55 ` [PATCH 11/14] mini-os/tpmback: Replace UUID field with opaque pointer Daniel De Graaf
2012-12-10 19:55 ` [PATCH 12/14] mini-os/tpmback: add tpmback_get_peercontext Daniel De Graaf
2012-12-10 21:20 ` Samuel Thibault
2012-12-10 21:22 ` Daniel De Graaf
2012-12-10 21:25 ` Samuel Thibault
2012-12-10 19:55 ` [PATCH 13/14] stubdom/vtpm: constrain locality by XSM label Daniel De Graaf
2012-12-10 19:55 ` [PATCH 14/14] stubdom/Makefile: Fix gmp extract rule Daniel De Graaf
2012-12-10 21:24 ` Samuel Thibault
2012-12-10 21:28 ` Daniel De Graaf
2012-12-10 21:33 ` Samuel Thibault
2012-12-10 20:00 ` [PATCH] drivers/tpm-xen: Change vTPM shared page ABI Daniel De Graaf
2012-12-11 11:52 ` Jan Beulich
2012-12-11 14:55 ` Daniel De Graaf
2013-01-18 15:12 ` [PATCH v3 00/14] vTPM new ABI, extensions Ian Campbell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=50CB8838.1070009@tycho.nsa.gov \
--to=dgdegra@tycho.nsa.gov \
--cc=matthew.fioravante@jhuapl.edu \
--cc=xen-devel@lists.xen.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).