From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:55833) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bNAKq-0005uy-0U for qemu-devel@nongnu.org; Tue, 12 Jul 2016 22:55:41 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1bNAKl-0007lX-Py for qemu-devel@nongnu.org; Tue, 12 Jul 2016 22:55:38 -0400 Received: from mga02.intel.com ([134.134.136.20]:18328) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bNAKl-0007kE-3m for qemu-devel@nongnu.org; Tue, 12 Jul 2016 22:55:35 -0400 From: "Xu, Quan" Date: Wed, 13 Jul 2016 02:55:29 +0000 Message-ID: <945CA011AD5F084CBEA3E851C0AB28894B8FD7C8@SHSMSX101.ccr.corp.intel.com> References: <1468151270-12984-1-git-send-email-emilcondrea@gmail.com> In-Reply-To: <1468151270-12984-1-git-send-email-emilcondrea@gmail.com> Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Subject: Re: [Qemu-devel] [v9 00/19] QEMU:Xen stubdom vTPM for HVM virtual machine(QEMU Part) List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Emil Condrea , "qemu-devel@nongnu.org" , Stefano Stabellini , "stefanb@linux.vnet.ibm.com" Cc: "xen-devel@lists.xen.org" , "dgdegra@tycho.nsa.gov" , "stefano.stabellini@eu.citrix.com" , "wei.liu2@citrix.com" , "eblake@redhat.com" , "quan.xu2@aliyun.com" Emil, Thanks for your effort ( today I just come back to return my laptop)= . btw, sstabellini@kernel.org may be the right email. Stefan / Stefano, could you help us review these patches? Thanks in advan= ce!! Quan=20 =20 On July 10, 2016 7:48 PM, Emil Condrea wrote: > *INTRODUCTION* > The goal of virtual Trusted Platform Module (vTPM) is to provide a TPM > functionality to virtual machines (Fedora, Ubuntu, Redhat, Windows .etc). > This allows programs to interact with a TPM in a virtual machine the same= way > they interact with a TPM on the physical system. Each virtual machine get= s its > own unique, emulated, software TPM. Each major component of vTPM is > implemented as a stubdom, providing secure separation guaranteed by the > hypervisor. >=20 > The vTPM stubdom is a Xen mini-OS domain that emulates a TPM for the > virtual machine to use. It is a small wrapper around the Berlios TPM emul= ator. > TPM commands are passed from mini-os TPM backend driver. >=20 > *ARCHITECTURE* > The architecture of stubdom vTPM for HVM virtual machine: >=20 > +--------------------+ > | Windows/Linux DomU | ... > | | ^ | > | v | | > | Qemu tpm1.2 Tis | > | | ^ | > | v | | > | XenStubdoms backend| > +--------------------+ > | ^ > v | > +--------------------+ > | XenDevOps | > +--------------------+ > | ^ > v | > +--------------------+ > | mini-os/tpmback | > | | ^ | > | v | | > | vtpm-stubdom | ... > | | ^ | > | v | | > | mini-os/tpmfront | > +--------------------+ > | ^ > v | > +--------------------+ > | mini-os/tpmback | > | | ^ | > | v | | > | vtpmmgr-stubdom | > | | ^ | > | v | | > | mini-os/tpm_tis | > +--------------------+ > | ^ > v | > +--------------------+ > | Hardware TPM | > +--------------------+ >=20 > * Windows/Linux DomU: > The HVM based guest that wants to use a vTPM. There may be > more than one of these. >=20 > * Qemu tpm1.2 Tis: > Implementation of the tpm1.2 Tis interface for HVM virtual > machines. It is Qemu emulation device. >=20 > * vTPM xenstubdoms driver: > Qemu vTPM driver. This driver provides vtpm initialization > and sending data and commends to a para-virtualized vtpm > stubdom. >=20 > * XenDevOps: > Register Xen stubdom vTPM frontend driver, and transfer any > request/repond between TPM xenstubdoms driver and Xen vTPM > stubdom. Facilitate communications between Xen vTPM stubdom > and vTPM xenstubdoms driver. >=20 > * mini-os/tpmback: > Mini-os TPM backend driver. The Linux frontend driver connects > to this backend driver to facilitate communications between the > Linux DomU and its vTPM. This driver is also used by vtpmmgr > stubdom to communicate with vtpm-stubdom. >=20 > * vtpm-stubdom: > A mini-os stub domain that implements a vTPM. There is a > one to one mapping between running vtpm-stubdom instances and > logical vtpms on the system. The vTPM Platform Configuration > Registers (PCRs) are all initialized to zero. >=20 > * mini-os/tpmfront: > Mini-os TPM frontend driver. The vTPM mini-os domain vtpm > stubdom uses this driver to communicate with vtpmmgr-stubdom. > This driver could also be used separately to implement a mini-os > domain that wishes to use a vTPM of its own. >=20 > * vtpmmgr-stubdom: > A mini-os domain that implements the vTPM manager. There is only > one vTPM manager and it should be running during the entire lifetime > of the machine. vtpmmgr domain securely stores encryption keys for > each of the vtpms and accesses to the hardware TPM to get the root of > trust for the entire system. >=20 > * mini-os/tpm_tis: > Mini-os TPM version 1.2 TPM Interface Specification (TIS) driver. > This driver used by vtpmmgr-stubdom to talk directly to the hardware > TPM. Communication is facilitated by mapping hardware memory pages > into vtpmmgr stubdom. >=20 > * Hardware TPM: The physical TPM 1.2 that is soldered onto the > motherboard. >=20 > --- > Changes in v9 > High level changes: (each patch has a detailed history versioning) > * rebase on upstream qemu > * refactor qemu xendevs, xenstore functions in order to be shared with b= oth > backend and frontends > * convert tpm stubdoms to new qapi layout > * use libxengnttab, libxenevtchn stable API instead of xc_* calls > * added reset_tpm_established_flag and get_tpm_version for TPMDriverOps > * instead of xen_frontend.c global variable xenstore_dev, use vtpm speci= fic > xenstore_vtpm_dev (since it will be needed just for tpm_xenstubdoms qemu > driver) >=20 >=20 > Emil Condrea (19): > xen: Create a new file xen_pvdev.c > xen: Create a new file xen_frontend.c > xen: Move xenstore_update to xen_pvdev.c > xen: Move evtchn functions to xen_pvdev.c > xen: Prepare xendev qtail to be shared with frontends > xen: Rename xen_be_printf to xen_pv_printf > xen: Rename xen_be_unbind_evtchn > xen: Rename xen_be_send_notify > xen: Rename xen_be_evtchn_event > xen: Rename xen_be_find_xendev > xen: Rename xen_be_del_xendev > xen: Rename xen_be_frontend_changed > xen: Distinguish between frontend and backend devops > Qemu-Xen-vTPM: Support for Xen stubdom vTPM command line options > Qemu-Xen-vTPM: Xen frontend driver infrastructure > Qemu-Xen-vTPM: Register Xen stubdom vTPM frontend driver > Qemu-Xen-vTPM: Move tpm_passthrough_is_selftest() into tpm_util.c > Qemu-Xen-vTPM: Qemu vTPM xenstubdoms backend > Qemu-Xen-vTPM: QEMU machine class is initialized before tpm_init() >=20 > backends/tpm.c | 11 ++ > configure | 14 ++ > hmp.c | 2 + > hw/block/xen_disk.c | 59 +++--- > hw/char/xen_console.c | 16 +- > hw/display/xenfb.c | 57 +++--- > hw/net/xen_nic.c | 29 +-- > hw/tpm/Makefile.objs | 3 +- > hw/tpm/tpm_passthrough.c | 13 +- > hw/tpm/tpm_util.c | 11 ++ > hw/tpm/tpm_util.h | 1 + > hw/tpm/tpm_xenstubdoms.c | 284 ++++++++++++++++++++++++++ > hw/tpm/xen_vtpm_frontend.c | 303 ++++++++++++++++++++++++++++ > hw/tpm/xen_vtpm_frontend.h | 10 + > hw/usb/xen-usb.c | 38 ++-- > hw/xen/Makefile.objs | 2 +- > hw/xen/xen_backend.c | 378 ++++-----------------------------= -- > hw/xen/xen_devconfig.c | 4 +- > hw/xen/xen_frontend.c | 416 > +++++++++++++++++++++++++++++++++++++++ > hw/xen/xen_pvdev.c | 298 ++++++++++++++++++++++++++++ > include/hw/xen/xen_backend.h | 71 +------ > include/hw/xen/xen_frontend.h | 20 ++ > include/hw/xen/xen_pvdev.h | 83 ++++++++ > include/sysemu/tpm_backend_int.h | 2 + > qapi-schema.json | 16 +- > qemu-options.hx | 13 +- > tpm.c | 7 +- > vl.c | 17 +- > xen-common.c | 4 +- > xen-hvm.c | 6 + > 30 files changed, 1649 insertions(+), 539 deletions(-) create mode 1006= 44 > hw/tpm/tpm_xenstubdoms.c create mode 100644 > hw/tpm/xen_vtpm_frontend.c create mode 100644 > hw/tpm/xen_vtpm_frontend.h create mode 100644 hw/xen/xen_frontend.c > create mode 100644 hw/xen/xen_pvdev.c create mode 100644 > include/hw/xen/xen_frontend.h create mode 100644 > include/hw/xen/xen_pvdev.h >=20 > -- > 1.9.1