[SLOF] [PATCH 00/16] Add vTPM support to SLOF

Stefan Berger stefanb at linux.vnet.ibm.com
Tue Sep 29 01:52:09 AEST 2015


On 08/13/2015 08:22 PM, Stefan Berger wrote:
> David Gibson <david at gibson.dropbear.id.au> wrote on 08/11/2015 
> 10:13:45 PM:
>
> > From: David Gibson <david at gibson.dropbear.id.au>
> > To: Stefan Berger <stefanb at linux.vnet.ibm.com>
> > Cc: slof at lists.ozlabs.org, nikunj at linux.vnet.ibm.com,
> > aik at au1.ibm.com, pmac at au1.ibm.com, Tim Block/Rochester/IBM at IBMUS,
> > Stefan Berger/Watson/IBM at IBMUS, Hon c Lo/Poughkeepsie/IBM at IBMUS,
> > George Wilson/Austin/IBM at IBMUS, Dimitrios Pendarakis/Watson/
> > IBM at IBMUS, Joy Latten/Austin/IBM at IBMUS
> > Date: 08/11/2015 10:41 PM
> > Subject: Re: [SLOF] [PATCH 00/16] Add vTPM support to SLOF
> >
> > On Mon, Aug 10, 2015 at 06:55:10AM -0400, Stefan Berger wrote:
> > > The following series of patches adds TPM support to SLOF.
> > > In particular it adds the following:
> > >
> > > - TPM drivers for hardware interface and CRQ interface
> > > - TPM initialization
> > > - TPM logging area and firmware API to transfer it to the OS
> > >   (measurements are visible in sysfs)
> > > - Some measurement code (Static Core Root Of Trust)
> > > - TPM menu (accessible via 't' key during boot if TPM is available)
> > > - Firmware API extensions following Power Firmware Doc
> > >   (to make trusted grub work)
> > >
> > > Necessarily, some of its parts are written in Forth, many are written
> > > in 'C'. The extensions are known to work with QEMU for ppc64 
> running Linux.
> > >
> > > Patches 4-6 will eventually need to be merged to avoid compiler 
> warnings
> > > related to unused functions.
> >
> > So, your cover letter seems to be missing the single most important
> > bit of information:  why is this useful?
>
> The firmware extensions are necessary for initializing the TPM, 
> establishing
> a core root of trust for measurements, etc, which is required for 
> systems with
> an attached TPM. The same is then true for systems with an attached vTPM.
>
> Otherwise having a vTPM attached to a VM provides the following benefits:
>
> - enablement of trusted boot; this allow us to eventually extend the 
> chain of trust from the hypervisor to the guests
> - enablement of attestation so that one can verify what software is 
> running on a machine
> - provides TPM functionality to VMs, which includes a standardized 
> mechanism to store keys and other blobs
>   (Linux trusted keys, GNU TLS's TPM extensions)

FYI: The latest version of the patches are available here now:

https://github.com/stefanberger/SLOF-tpm/tree/SLOF-tpm

>
> Regards,
>     Stefan

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ozlabs.org/pipermail/slof/attachments/20150928/f9744eec/attachment.html>


More information about the SLOF mailing list