Re: [v9 00/19] QEMU:Xen stubdom vTPM for HVM virtual machine(QEMU Part)

From: Stefano Stabellini <sstabellini@kernel.org>
To: "Xu, Quan" <quan.xu@intel.com>
Cc: Stefano Stabellini <sstabellini@kernel.org>,
	"wei.liu2@citrix.com" <wei.liu2@citrix.com>,
	"stefanb@linux.vnet.ibm.com" <stefanb@linux.vnet.ibm.com>,
	"quan.xu2@aliyun.com" <quan.xu2@aliyun.com>,
	"qemu-devel@nongnu.org" <qemu-devel@nongnu.org>,
	"xen-devel@lists.xen.org" <xen-devel@lists.xen.org>,
	anthony.perard@citrix.com,
	"dgdegra@tycho.nsa.gov" <dgdegra@tycho.nsa.gov>,
	"eblake@redhat.com" <eblake@redhat.com>,
	Emil Condrea <emilcondrea@gmail.com>
Subject: Re: [v9 00/19] QEMU:Xen stubdom vTPM for HVM virtual machine(QEMU Part)
Date: Thu, 14 Jul 2016 16:33:58 +0100 (BST)	[thread overview]
Message-ID: <alpine.DEB.2.10.1607141632410.22290__20983.0993823291$1468510525$gmane$org@sstabellini-ThinkPad-X260> (raw)
In-Reply-To: <945CA011AD5F084CBEA3E851C0AB28894B8FD7C8@SHSMSX101.ccr.corp.intel.com>

Hi Quan,

thanks for CC'ing me. sstabellini@kernel.org is the right address to
reach me now.

I am also CC'ing Anthony Perard who is Xen co-maintainer in QEMU.

Cheers,

Stefano

On Wed, 13 Jul 2016, Xu, Quan wrote:
> Emil, Thanks for your  effort ( today I just come back to return my laptop).
> 
> btw, sstabellini@kernel.org may be the right email.
>  Stefan / Stefano,  could you help us review these patches? Thanks in advance!!
> 
> Quan 
> 
>  
> On July 10, 2016 7:48 PM, Emil Condrea <emilcondrea@gmail.com> wrote:
> > *INTRODUCTION*
> > The goal of virtual Trusted Platform Module (vTPM) is to provide a TPM
> > functionality to virtual machines (Fedora, Ubuntu, Redhat, Windows .etc).
> > This allows programs to interact with a TPM in a virtual machine the same way
> > they interact with a TPM on the physical system. Each virtual machine gets its
> > own unique, emulated, software TPM. Each major component of vTPM is
> > implemented as a stubdom, providing secure separation guaranteed by the
> > hypervisor.
> > 
> > The vTPM stubdom is a Xen mini-OS domain that emulates a TPM for the
> > virtual machine to use. It is a small wrapper around the Berlios TPM emulator.
> > TPM commands are passed from mini-os TPM backend driver.
> > 
> > *ARCHITECTURE*
> > The architecture of stubdom vTPM for HVM virtual machine:
> > 
> >             +--------------------+
> >             | Windows/Linux DomU | ...
> >             |        |  ^        |
> >             |        v  |        |
> >             |  Qemu tpm1.2 Tis   |
> >             |        |  ^        |
> >             |        v  |        |
> >             | XenStubdoms backend|
> >             +--------------------+
> >                      |  ^
> >                      v  |
> >             +--------------------+
> >             |      XenDevOps     |
> >             +--------------------+
> >                      |  ^
> >                      v  |
> >             +--------------------+
> >             |  mini-os/tpmback   |
> >             |        |  ^        |
> >             |        v  |        |
> >             |   vtpm-stubdom     | ...
> >             |        |  ^        |
> >             |        v  |        |
> >             |  mini-os/tpmfront  |
> >             +--------------------+
> >                      |  ^
> >                      v  |
> >             +--------------------+
> >             |  mini-os/tpmback   |
> >             |        |  ^        |
> >             |        v  |        |
> >             |  vtpmmgr-stubdom   |
> >             |        |  ^        |
> >             |        v  |        |
> >             |  mini-os/tpm_tis   |
> >             +--------------------+
> >                      |  ^
> >                      v  |
> >             +--------------------+
> >             |    Hardware TPM    |
> >             +--------------------+
> > 
> >  * Windows/Linux DomU:
> >     The HVM based guest that wants to use a vTPM. There may be
> >     more than one of these.
> > 
> >  * Qemu tpm1.2 Tis:
> >     Implementation of the tpm1.2 Tis interface for HVM virtual
> >     machines. It is Qemu emulation device.
> > 
> >  * vTPM xenstubdoms driver:
> >     Qemu vTPM driver. This driver provides vtpm initialization
> >     and sending data and commends to a para-virtualized vtpm
> >     stubdom.
> > 
> >  * XenDevOps:
> >     Register Xen stubdom vTPM frontend driver, and transfer any
> >     request/repond between TPM xenstubdoms driver and Xen vTPM
> >     stubdom. Facilitate communications between Xen vTPM stubdom
> >     and vTPM xenstubdoms driver.
> > 
> >  * mini-os/tpmback:
> >     Mini-os TPM backend driver. The Linux frontend driver connects
> >     to this backend driver to facilitate communications between the
> >     Linux DomU and its vTPM. This driver is also used by vtpmmgr
> >     stubdom to communicate with vtpm-stubdom.
> > 
> >  * vtpm-stubdom:
> >     A mini-os stub domain that implements a vTPM. There is a
> >     one to one mapping between running vtpm-stubdom instances and
> >     logical vtpms on the system. The vTPM Platform Configuration
> >     Registers (PCRs) are all initialized to zero.
> > 
> >  * mini-os/tpmfront:
> >     Mini-os TPM frontend driver. The vTPM mini-os domain vtpm
> >     stubdom uses this driver to communicate with vtpmmgr-stubdom.
> >     This driver could also be used separately to implement a mini-os
> >     domain that wishes to use a vTPM of its own.
> > 
> >  * vtpmmgr-stubdom:
> >     A mini-os domain that implements the vTPM manager. There is only
> >     one vTPM manager and it should be running during the entire lifetime
> >     of the machine. vtpmmgr domain securely stores encryption keys for
> >     each of the vtpms and accesses to the hardware TPM to get the root of
> >     trust for the entire system.
> > 
> >  * mini-os/tpm_tis:
> >     Mini-os TPM version 1.2 TPM Interface Specification (TIS) driver.
> >     This driver used by vtpmmgr-stubdom to talk directly to the hardware
> >     TPM. Communication is facilitated by mapping hardware memory pages
> >     into vtpmmgr stubdom.
> > 
> >  * Hardware TPM: The physical TPM 1.2 that is soldered onto the
> > motherboard.
> > 
> > ---
> > Changes in v9
> > High level changes: (each patch has a detailed history versioning)
> >  * rebase on upstream qemu
> >  * refactor qemu xendevs, xenstore functions in order to be shared with both
> > backend and frontends
> >  * convert tpm stubdoms to new qapi layout
> >  * use libxengnttab, libxenevtchn stable API instead of xc_* calls
> >  * added reset_tpm_established_flag and get_tpm_version for TPMDriverOps
> >  * instead of xen_frontend.c global variable xenstore_dev, use vtpm specific
> > xenstore_vtpm_dev (since it will be needed just for tpm_xenstubdoms qemu
> > driver)
> > 
> > 
> > Emil Condrea (19):
> >   xen: Create a new file xen_pvdev.c
> >   xen: Create a new file xen_frontend.c
> >   xen: Move xenstore_update to xen_pvdev.c
> >   xen: Move evtchn functions to xen_pvdev.c
> >   xen: Prepare xendev qtail to be shared with frontends
> >   xen: Rename xen_be_printf to xen_pv_printf
> >   xen: Rename xen_be_unbind_evtchn
> >   xen: Rename xen_be_send_notify
> >   xen: Rename xen_be_evtchn_event
> >   xen: Rename xen_be_find_xendev
> >   xen: Rename xen_be_del_xendev
> >   xen: Rename xen_be_frontend_changed
> >   xen: Distinguish between frontend and backend devops
> >   Qemu-Xen-vTPM: Support for Xen stubdom vTPM command line options
> >   Qemu-Xen-vTPM: Xen frontend driver infrastructure
> >   Qemu-Xen-vTPM: Register Xen stubdom vTPM frontend driver
> >   Qemu-Xen-vTPM: Move tpm_passthrough_is_selftest() into tpm_util.c
> >   Qemu-Xen-vTPM: Qemu vTPM xenstubdoms backend
> >   Qemu-Xen-vTPM: QEMU machine class is initialized before tpm_init()
> > 
> >  backends/tpm.c                   |  11 ++
> >  configure                        |  14 ++
> >  hmp.c                            |   2 +
> >  hw/block/xen_disk.c              |  59 +++---
> >  hw/char/xen_console.c            |  16 +-
> >  hw/display/xenfb.c               |  57 +++---
> >  hw/net/xen_nic.c                 |  29 +--
> >  hw/tpm/Makefile.objs             |   3 +-
> >  hw/tpm/tpm_passthrough.c         |  13 +-
> >  hw/tpm/tpm_util.c                |  11 ++
> >  hw/tpm/tpm_util.h                |   1 +
> >  hw/tpm/tpm_xenstubdoms.c         | 284 ++++++++++++++++++++++++++
> >  hw/tpm/xen_vtpm_frontend.c       | 303 ++++++++++++++++++++++++++++
> >  hw/tpm/xen_vtpm_frontend.h       |  10 +
> >  hw/usb/xen-usb.c                 |  38 ++--
> >  hw/xen/Makefile.objs             |   2 +-
> >  hw/xen/xen_backend.c             | 378 ++++-------------------------------
> >  hw/xen/xen_devconfig.c           |   4 +-
> >  hw/xen/xen_frontend.c            | 416
> > +++++++++++++++++++++++++++++++++++++++
> >  hw/xen/xen_pvdev.c               | 298 ++++++++++++++++++++++++++++
> >  include/hw/xen/xen_backend.h     |  71 +------
> >  include/hw/xen/xen_frontend.h    |  20 ++
> >  include/hw/xen/xen_pvdev.h       |  83 ++++++++
> >  include/sysemu/tpm_backend_int.h |   2 +
> >  qapi-schema.json                 |  16 +-
> >  qemu-options.hx                  |  13 +-
> >  tpm.c                            |   7 +-
> >  vl.c                             |  17 +-
> >  xen-common.c                     |   4 +-
> >  xen-hvm.c                        |   6 +
> >  30 files changed, 1649 insertions(+), 539 deletions(-)  create mode 100644
> > hw/tpm/tpm_xenstubdoms.c  create mode 100644
> > hw/tpm/xen_vtpm_frontend.c  create mode 100644
> > hw/tpm/xen_vtpm_frontend.h  create mode 100644 hw/xen/xen_frontend.c
> > create mode 100644 hw/xen/xen_pvdev.c  create mode 100644
> > include/hw/xen/xen_frontend.h  create mode 100644
> > include/hw/xen/xen_pvdev.h
> > 
> > --
> > 1.9.1
> 

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel