Re: [PATCH 0/6] vTPM: Xen stubdom vTPM for HVM virtual machine

From: "Xu, Quan" <quan.xu@intel.com>
To: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Cc: "keir@xen.org" <keir@xen.org>,
	"ian.campbell@citrix.com" <ian.campbell@citrix.com>,
	"tim@xen.org" <tim@xen.org>,
	"ian.jackson@eu.citrix.com" <ian.jackson@eu.citrix.com>,
	"xen-devel@lists.xen.org" <xen-devel@lists.xen.org>,
	"jbeulich@suse.com" <jbeulich@suse.com>,
	"wei.liu2@citrix.com" <wei.liu2@citrix.com>,
	Daniel De Graaf <dgdegra@tycho.nsa.gov>
Subject: Re: [PATCH 0/6] vTPM: Xen stubdom vTPM for HVM virtual machine
Date: Wed, 5 Nov 2014 09:18:46 +0000	[thread overview]
Message-ID: <945CA011AD5F084CBEA3E851C0AB28890E81FD36@SHSMSX101.ccr.corp.intel.com> (raw)
In-Reply-To: <alpine.DEB.2.02.1411031126170.22875@kaball.uk.xensource.com>

> -----Original Message-----
> From: Stefano Stabellini [mailto:stefano.stabellini@eu.citrix.com]
> Sent: Monday, November 03, 2014 7:30 PM
> To: Xu, Quan
> Cc: xen-devel@lists.xen.org; keir@xen.org; ian.campbell@citrix.com;
> tim@xen.org; ian.jackson@eu.citrix.com; jbeulich@suse.com
> Subject: Re: [Xen-devel] [PATCH 0/6] vTPM: Xen stubdom vTPM for HVM
> virtual machine
> 
> On Thu, 30 Oct 2014, Quan Xu wrote:
> >
> > Signed-off-by: Quan Xu <quan.xu@intel.com>
> >
> > This patch series are only the Xen part to enable stubdom vTPM for HVM
> virtual machine.
> > it will work w/ Qemu patch series and seaBios patch series. Change
> > QEMU_STUBDOM_VTPM compile option from 'n' to 'y', when the
> Qemu/SeaBios patch series are merged.
> 
> Please, could you add more detailed commit messages in your patches?
> Also spending a few more words here to explain why are you doing this and
> how would help.
> 
The goal of virtual Trusted Platform Module (vTPM) is to provide a TPM functionality
to virtual machines (Fedora, Ubuntu, Redhat, Windows .etc). This allows programs to
interact with a TPM in a virtual machine the same way they interact with a TPM on the
physical system. Each virtual machine gets its own unique, emulated, software TPM.
Each major component of vTPM is implemented as a stubdom, providing secure separation
guaranteed by the hypervisor.
The vTPM stubdom is a Xen mini-OS domain that emulates a TPM for the virtual machine
to use. It is a small wrapper around the Berlios TPM emulator. TPM commands are passed
from mini-os TPM backend driver.

This patch series are to enable Xen stubdom vTPM for HVM virtual machine. his allows 
programs to interact with a TPM in a HVM virtual machine(Fedora, Ubuntu, Redhat, Windows .etc)
the same way they interact with a TPM on the physical system.

> It looks like you are trying to introduce vTPM stubdomains. The QEMU
> changes have been posted against upstream QEMU, that is good, however as
> far as I know upstream QEMU doesn't build or work as a stubdomain yet.
> Where are the changes to make upstream QEMU based stubdoms work?
> I don't see them neither here nor in the QEMU series.
> 
It's Xen stubdom, not QEMU stubdom. Sorry for this confusion. 

> How are you testing this work?

The following steps are how to build and test it: 

1. SeaBios with my patch against upstream seabios is not submitted. I will submit seabios patch when I 
finish these questions from review. Now I archive my seabios patch against upstream seabios in 
Github: https://github.com/virt2x/seabios2 , try to build it for test. 

Configure it with Xen,
--- <Xen> Config.mk
-SEABIOS_UPSTREAM_URL ?= git://xenbits.xen.org/seabios.git
+SEABIOS_UPSTREAM_URL ?= https://github.com/virt2x/seabios2
[...]
-SEABIOS_UPSTREAM_REVISION ?= rel-1.7.5
+SEABIOS_UPSTREAM_REVISION ?= ea94c083cc15875f46f0bf288b6531154b866f5a

2. qemu with my patch against upstream QEMU is not merged. now I archive my 
qemu patch series again Upstream QEMU in github: https://github.com/virt2x/qemu-xen-unstable2 

Configure it with Xen, 
--- <Xen> Config.mk

-QEMU_UPSTREAM_URL ?= git://xenbits.xen.org/qemu-upstream-unstable.git
+QEMU_UPSTREAM_URL ?= https://github.com/virt2x/qemu-xen-unstable2
-QEMU_UPSTREAM_REVISION ?= qemu-xen-4.5.0-rc1
+QEMU_UPSTREAM_REVISION ?= e867e6cf86c8412ca516cf2d0ccad57130e3388c

3. build/install Xen
Change QEMU_STUBDOM_VTPM option from 'n' to 'y'
   QEMU_STUBDOM_VTPM ?= y
./configure --prefix=/usr
make dist
make install 

4. try to launch vtpmmgr / vtpm domain via <Xen>/docs/misc/vtpm-platforms.txt.
The reader is assumed to have familiarity with building and installing Xen, Linux, and a basic 
understanding of the TPM and vTPM concepts.

The Linux / Windows HVM guest configuration file needs to be modified to include the following line:
[..]
vtpm=["backend=domu-vtpm"]
device_model_version = 'qemu-xen'
acpi = 1
[..]

## domu-vtpm is the name vtpm domain, A mini-os stub domain that implements a vTPM. 

5. enable native TPM 1.2 drvier in HVM virtual machine. for example enable tpm_tis.ko in Linux 
HVM virtual machine. 
If you have trousers and tpm_tools installed on the guest, the tpm_version
command should return the following:

The version command should return the following:
  TPM 1.2 Version Info:
  Chip Version:        1.2.0.7
  Spec Level:          2
  Errata Revision:     1
  TPM Vendor ID:       ETHZ
  TPM Version:         01010000
  Manufacturer Info:   4554485a

Or check it with sysfs, /sys/class/misc/tpm0

BTW, Some local ISV are trying to integrate this feature into their cloud service for trusted services, 
Such as trusted virtual desktop infrastructure(HVM fedora/ubuntu/redhat/windows virtual machine).

> 
> 
> >  Config.mk                             |  4 ++++
> >  extras/mini-os/include/tpmback.h      |  3 +++
> >  extras/mini-os/tpmback.c              | 20 +++++++++++++++++---
> >  tools/Makefile                        |  7 +++++++
> >  tools/firmware/hvmloader/acpi/build.c |  5 +++--
> >  tools/libxl/libxl.c                   | 62
> +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
> +++
> >  tools/libxl/libxl_create.c            | 16 +++++++++++++---
> >  tools/libxl/libxl_dm.c                | 16 ++++++++++++++++
> >  tools/libxl/libxl_dom.c               |  2 ++
> >  tools/libxl/libxl_internal.h          |  3 +++
> >  tools/libxl/libxl_types.idl           |  1 +
> >  tools/libxl/xl_cmdimpl.c              |  2 ++
> >  xen/arch/x86/hvm/hvm.c                |  3 +++
> >  xen/include/public/hvm/params.h       |  1 +
> >
> > I've tried to break it down to smaller patches:
> >
> >  *(Patch 1/6)*  event channel bind interdomain with para/hvm virtual
> > machine
> >
> >  *(Patch 2/6)*  add HVM_PARAM_STUBDOM_VTPM parameter for HVM
> virtual
> > machine
> >
> >  *(Patch 3/6)*  limit libxl__add_vtpms() function to para virtual
> > machine
> >
> >  *(Patch 4/6)*  add TPM TCPA and SSDT for HVM virtual machine when
> > vTPM is added
> >
> >  *(Patch 5/6)*  add vTPM device for HVM virtual machine
> >
> >  *(Patch 6/6)*  add QEMU_STUBDOM_VTPM compile option
> >
> >
> > _______________________________________________
> > Xen-devel mailing list
> > Xen-devel@lists.xen.org
> > http://lists.xen.org/xen-devel
> >