Lines Matching refs:to
7 for Xen. The reader is assumed to have familiarity with building and installing
12 The goal of this work is to provide a TPM functionality to a virtual guest
13 operating system (a DomU). This allows programs to interact with a TPM in a
17 seals the secrets to the Physical TPM. If the process of creating each of these
19 chain of trust rooted in the hardware TPM to virtual machines in Xen. Each
22 mini-os to reduce memory and processor overhead.
69 The Linux based guest that wants to use a vTPM. There many be
75 provides vTPM access to a para-virtualized Linux based DomU.
80 connects to this backend driver to facilitate
82 driver is also used by vtpmmgr-stubdom to communicate with
88 one to one mapping between running vtpm-stubdom instances and
90 Registers (PCRs) are all initialized to zero.
95 vtpm-stubdom uses this driver to communicate with
96 vtpmmgr-stubdom. This driver could also be used separately to
97 implement a mini-os domain that wishes to use a vTPM of
105 access to the physical TPM on the system and secures the
111 driver. This driver used by vtpmmgr-stubdom to talk directly to
126 software requirement for compiling vTPM is cmake. You must use libxl to manage
136 Because the TPM manager uses direct access to the physical TPM, it may interfere
137 with access to the TPM by dom0. The simplest solution for this is to prevent
139 blacklisting the module. If dom0 needs a TPM but does not need to use it during
140 the boot process (i.e. it is not using IMA), a virtual TPM can be attached to
143 Access to the physical TPM may be required in order to manage the NVRAM or to
144 perform other advanced operations where the vTPM is insufficient. In order to
147 TPM Manager is recommended. If both Linux and the TPM Manager attempt to access
158 features such as IMA require the TPM to be built in to the kernel.
167 The vTPM Manager requires a disk image to store its encrypted data. The image
169 is not large; the Xen 4.5 vtpmmgr is limited to using the first 2MB of the image
176 for storage and permission to access the hardware memory pages for the TPM. The
182 locality 2 is required to manipulate PCR 20-22.
186 The vTPM manager should be started at boot; you may wish to create an init
187 script to do this. If a domain builder is used, the TPM Manager should be
188 started by the domain builder to minimize the trusted computing base for the
195 The TPM Manager does not respond to shutdown requests; use the destroy command
196 to shut it down.
202 The vTPM requires a disk image to store its persistent data (RSA keys, NVRAM,
203 etc). The image does not require a filesystem. The image does not need to be
209 requires a disk image for storage and a TPM frontend driver to communicate with
210 the manager. You are required to generate a uuid for this vtpm, which is
211 specified on the C<vtpm=> line that describes its connection to the vTPM Manager.
212 The uuidgen application may be used to generate a uuid, or one from the output
213 of the C<manage-vtpmmgr.pl vtpm-add> command may be used to create a vTPM
214 belonging to a specific group.
216 If you wish to clear the vTPM data you can either recreate the disk image or
221 The Linux guest config file needs to be modified to include the Linux tpmfront
232 configuration. Attaching a vTPM to a running domain should only be used for
233 trusted domains or when measurements have already been sent to the vTPM from
245 Info: VTPM attached to Frontend X/Y
265 You should also see the command being sent to the vtpm console as well as the
269 You may wish to write a script to start your vtpm and guest together and to
274 The vTPM currently starts up with all PCRs set to their default values (all
278 using a trusted configuration and guest kernel be able to provide guarantees
280 log). Guests wishing to use a custom kernel in such a secure environment are
282 the untrusted kernel without needing to parse an untrusted filesystem and kernel
283 in dom0. If the pv-grub stub domain succeeds in connecting to a vTPM, it will
286 way can attest to its early boot state.
290 See <xen-vtpmmgr(7)> for more details about how the manager domain works, how to use
295 The vtpm-stubdom is a mini-OS domain that emulates a TPM for the guest OS to
298 vTPM data is encrypted and stored via a disk image provided to the virtual
299 machine. The key used to encrypt the data along with a hash of the vTPM's data
300 is sent to the vTPM manager for secure storage and later retrieval. The vTPM
305 Command line arguments are passed to the domain via the 'extra' parameter in the
316 Controls the amount of logging printed to the console.
342 which is the default. You should not need to specify any of these.
346 Enable to disable the TPM maintenance commands.
366 =item * <X-Y>: copy pcrs x to y (inclusive)