Lines Matching refs:a
8 Xen, Linux, and a basic understanding of the TPM and vTPM concepts.
12 The goal of this work is to provide a TPM functionality to a virtual guest
13 operating system (a DomU). This allows programs to interact with a TPM in a
14 virtual system the same way they interact with a TPM on the physical system.
16 vTPM's secrets (Keys, NVRAM, etc) are managed by a vTPM Manager domain, which
20 major component of vTPM is implemented as a separate domain, providing secure
69 The Linux based guest that wants to use a vTPM. There many be
75 provides vTPM access to a para-virtualized Linux based DomU.
87 A mini-os stub domain that implements a vTPM. There is a
97 implement a mini-os domain that wishes to use a vTPM of
125 You must have an x86 machine with a TPM on the motherboard. The only extra
138 dom0 from accessing the physical TPM by compiling the kernel without a driver or
139 blacklisting the module. If dom0 needs a TPM but does not need to use it during
140 the boot process (i.e. it is not using IMA), a virtual TPM can be attached to
148 the TPM at the same time, the TPM device will return a busy status; some
149 applications will consider this a fatal error instead of retrying the command at
150 a later time. If a vTPM gets an error when loading its key, it will currently
151 generate a fresh vTPM image (with a new EK, SRK, and blank NVRAM).
157 driver. It can be built directly into the kernel or as a module; however, some
167 The vTPM Manager requires a disk image to store its encrypted data. The image
168 does not require a filesystem and can live anywhere on the host disk. The image
175 virtual machine and requires a config file. The manager requires a disk image
187 script to do this. If a domain builder is used, the TPM Manager should be
202 The vTPM requires a disk image to store its persistent data (RSA keys, NVRAM,
203 etc). The image does not require a filesystem. The image does not need to be
208 The vTPM domain requires a configuration file like any other domain. The vTPM
209 requires a disk image for storage and a TPM frontend driver to communicate with
210 the manager. You are required to generate a uuid for this vtpm, which is
212 The uuidgen application may be used to generate a uuid, or one from the output
213 of the C<manage-vtpmmgr.pl vtpm-add> command may be used to create a vTPM
214 belonging to a specific group.
228 While attaching a vTPM after a guest is booted (using xl vtpm-attach) is
229 supported, the attached vTPM will not have a record of the boot of the attached
230 guest. Furthermore, if the vTPM has been freshly created, a malicious guest
232 configuration. Attaching a vTPM to a running domain should only be used for
238 If xen-tpmfront was compiled as a module, it must be loaded it in the guest.
263 Manufacturer Info: 4554485a
269 You may wish to write a script to start your vtpm and guest together and to
277 created the vTPM and the domU; for example, a system that only constructs images
278 using a trusted configuration and guest kernel be able to provide guarantees
280 log). Guests wishing to use a custom kernel in such a secure environment are
283 in dom0. If the pv-grub stub domain succeeds in connecting to a vTPM, it will
285 command line and initrd into PCR #5 before booting so that a domU booted in this
295 The vtpm-stubdom is a mini-OS domain that emulates a TPM for the guest OS to
296 use. It is a small wrapper around the Berlios TPM emulator version 0.7.4.
298 vTPM data is encrypted and stored via a disk image provided to the virtual
299 machine. The key used to encrypt the data along with a hash of the vTPM's data
301 domain communicates with the manager using a mini-os tpm front/back device pair.
348 open a security hole. They are disabled by default.