From mboxrd@z Thu Jan 1 00:00:00 1970 From: Daniel De Graaf Subject: Re: [PATCH 09/14] stubdom/vtpm: Add PCR pass-through to hardware TPM Date: Fri, 14 Dec 2012 15:12:40 -0500 Message-ID: <50CB8838.1070009@tycho.nsa.gov> References: <1355169347-25917-1-git-send-email-dgdegra@tycho.nsa.gov> <1355169347-25917-10-git-send-email-dgdegra@tycho.nsa.gov> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: <1355169347-25917-10-git-send-email-dgdegra@tycho.nsa.gov> List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-devel-bounces@lists.xen.org Errors-To: xen-devel-bounces@lists.xen.org To: Daniel De Graaf Cc: matthew.fioravante@jhuapl.edu, xen-devel@lists.xen.org List-Id: xen-devel@lists.xenproject.org On 12/10/2012 02:55 PM, Daniel De Graaf wrote: > This allows the hardware TPM's PCRs to be accessed from a vTPM for > debugging and as a simple alternative to a deep quote in situations > where the integrity of the vTPM's own TCB is not in question. > > Signed-off-by: Daniel De Graaf > --- > stubdom/Makefile | 1 + > stubdom/vtpm-pcr-passthrough.patch | 73 ++++++++++++++++++++++++++++++++++++++ > stubdom/vtpm/vtpm_cmd.c | 38 ++++++++++++++++++++ > 3 files changed, 112 insertions(+) > create mode 100644 stubdom/vtpm-pcr-passthrough.patch This patch is incomplete, so don't apply it: seal operations can't use the extra PCRs, and it's likely other operations such as nvram have the same problem. It's not a dependency for any other patch, and an alternative implementation should end up being more configurable anyway. -- Daniel De Graaf National Security Agency