^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1) =============================
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2) Virtual TPM interface for Xen
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3) =============================
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5) Authors: Matthew Fioravante (JHUAPL), Daniel De Graaf (NSA)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7) This document describes the virtual Trusted Platform Module (vTPM) subsystem for
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 8) Xen. The reader is assumed to have familiarity with building and installing Xen,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 9) Linux, and a basic understanding of the TPM and vTPM concepts.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 10)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 11) Introduction
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 12) ------------
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 13)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 14) The goal of this work is to provide a TPM functionality to a virtual guest
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 15) operating system (in Xen terms, a DomU). This allows programs to interact with
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 16) a TPM in a virtual system the same way they interact with a TPM on the physical
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 17) system. Each guest gets its own unique, emulated, software TPM. However, each
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 18) of the vTPM's secrets (Keys, NVRAM, etc) are managed by a vTPM Manager domain,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 19) which seals the secrets to the Physical TPM. If the process of creating each of
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 20) these domains (manager, vTPM, and guest) is trusted, the vTPM subsystem extends
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 21) the chain of trust rooted in the hardware TPM to virtual machines in Xen. Each
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 22) major component of vTPM is implemented as a separate domain, providing secure
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 23) separation guaranteed by the hypervisor. The vTPM domains are implemented in
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 24) mini-os to reduce memory and processor overhead.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 25)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 26) This mini-os vTPM subsystem was built on top of the previous vTPM work done by
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 27) IBM and Intel corporation.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 28)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 29)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 30) Design Overview
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 31) ---------------
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 32)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 33) The architecture of vTPM is described below::
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 34)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 35) +------------------+
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 36) | Linux DomU | ...
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 37) | | ^ |
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 38) | v | |
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 39) | xen-tpmfront |
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 40) +------------------+
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 41) | ^
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 42) v |
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 43) +------------------+
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 44) | mini-os/tpmback |
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 45) | | ^ |
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 46) | v | |
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 47) | vtpm-stubdom | ...
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 48) | | ^ |
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 49) | v | |
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 50) | mini-os/tpmfront |
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 51) +------------------+
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 52) | ^
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 53) v |
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 54) +------------------+
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 55) | mini-os/tpmback |
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 56) | | ^ |
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 57) | v | |
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 58) | vtpmmgr-stubdom |
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 59) | | ^ |
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 60) | v | |
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 61) | mini-os/tpm_tis |
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 62) +------------------+
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 63) | ^
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 64) v |
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 65) +------------------+
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 66) | Hardware TPM |
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 67) +------------------+
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 68)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 69) * Linux DomU:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 70) The Linux based guest that wants to use a vTPM. There may be
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 71) more than one of these.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 72)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 73) * xen-tpmfront.ko:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 74) Linux kernel virtual TPM frontend driver. This driver
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 75) provides vTPM access to a Linux-based DomU.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 76)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 77) * mini-os/tpmback:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 78) Mini-os TPM backend driver. The Linux frontend driver
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 79) connects to this backend driver to facilitate communications
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 80) between the Linux DomU and its vTPM. This driver is also
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 81) used by vtpmmgr-stubdom to communicate with vtpm-stubdom.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 82)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 83) * vtpm-stubdom:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 84) A mini-os stub domain that implements a vTPM. There is a
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 85) one to one mapping between running vtpm-stubdom instances and
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 86) logical vtpms on the system. The vTPM Platform Configuration
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 87) Registers (PCRs) are normally all initialized to zero.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 88)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 89) * mini-os/tpmfront:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 90) Mini-os TPM frontend driver. The vTPM mini-os domain
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 91) vtpm-stubdom uses this driver to communicate with
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 92) vtpmmgr-stubdom. This driver is also used in mini-os
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 93) domains such as pv-grub that talk to the vTPM domain.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 94)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 95) * vtpmmgr-stubdom:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 96) A mini-os domain that implements the vTPM manager. There is
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 97) only one vTPM manager and it should be running during the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 98) entire lifetime of the machine. This domain regulates
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 99) access to the physical TPM on the system and secures the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 100) persistent state of each vTPM.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 101)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 102) * mini-os/tpm_tis:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 103) Mini-os TPM version 1.2 TPM Interface Specification (TIS)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 104) driver. This driver used by vtpmmgr-stubdom to talk directly to
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 105) the hardware TPM. Communication is facilitated by mapping
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 106) hardware memory pages into vtpmmgr-stubdom.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 107)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 108) * Hardware TPM:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 109) The physical TPM that is soldered onto the motherboard.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 110)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 111)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 112) Integration With Xen
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 113) --------------------
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 114)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 115) Support for the vTPM driver was added in Xen using the libxl toolstack in Xen
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 116) 4.3. See the Xen documentation (docs/misc/vtpm.txt) for details on setting up
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 117) the vTPM and vTPM Manager stub domains. Once the stub domains are running, a
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 118) vTPM device is set up in the same manner as a disk or network device in the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 119) domain's configuration file.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 120)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 121) In order to use features such as IMA that require a TPM to be loaded prior to
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 122) the initrd, the xen-tpmfront driver must be compiled in to the kernel. If not
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 123) using such features, the driver can be compiled as a module and will be loaded
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 124) as usual.
Orange Pi5 kernel
Deprecated Linux kernel 5.10.110 for OrangePi 5/5B/5+ boards
3 Commits
0 Branches
0 Tags