direct-io.hg

view docs/misc/vtpm.txt @ 7504:3843e518e092

Use standard int typedefs.

Signed-off-by: John Levon <levon@movementarian.org>
author kaf24@firebug.cl.cam.ac.uk
date Thu Oct 27 17:16:12 2005 +0100 (2005-10-27)
parents 06d84bf87159
children cb215a84d1af
line source
1 Copyright: IBM Corporation (C), Intel Corporation
2 17 August 2005
3 Authors: Stefan Berger <stefanb@us.ibm.com> (IBM),
4 Employees of Intel Corp
6 This document gives a short introduction to the virtual TPM support
7 in XEN and goes as far as connecting a user domain to a virtual TPM
8 instance and doing a short test to verify success. It is assumed
9 that the user is fairly familiar with compiling and installing XEN
10 and Linux on a machine.
12 Production Prerequisites: An x86-based machine machine with an ATMEL or
13 National Semiconductor (NSC) TPM on the motherboard.
14 Development Prerequisites: An emulator for TESTING ONLY is provided
17 Compiling XEN tree:
18 -------------------
20 Compile the XEN tree as usual.
22 make uninstall; make mrproper; make install
24 After compiling the tree, verify that in the linux-2.6.XX-xen0/.config
25 file at least the following entries are set as below (they should be set
26 by default):
28 CONFIG_XEN_TPMDEV_BACKEND=y
29 CONFIG_XEN_TPMDEV_GRANT=y
31 CONFIG_TCG_TPM=m
32 CONFIG_TCG_NSC=m
33 CONFIG_TCG_ATMEL=m
36 Verify that in the linux-2.6.XX-xenU/.config file at least the
37 Following entries are set as below (they should be set by default):
39 CONFIG_XEN_TPMDEV_FRONTEND=y
40 CONFIG_XEN_TPMDEV_GRANT=y
42 CONFIG_TCG_TPM=y
43 CONFIG_TCG_XEN=y
46 Reboot the machine with the created XEN-0 kernel.
48 Note: If you do not want any TPM-related code compiled into your
49 kernel or built as module then comment all the above lines like
50 this example:
51 # CONFIG_TCG_TPM is not set
54 Modifying VM Configuration files:
55 ---------------------------------
57 VM configuration files need to be adapted to make a TPM instance
58 available to a user domain. The following VM configuration file is
59 an example of how a user domain can be configured to have a TPM
60 available. It works similar to making a network interface
61 available to a domain.
63 kernel = "/boot/vmlinuz-2.6.12-xenU"
64 ramdisk = "/xen/initrd_domU/U1_ramdisk.img"
65 memory = 32
66 name = "TPMUserDomain0"
67 vtpm = ['instance=1,backend=0']
68 root = "/dev/ram0 cosole=tty ro"
69 vif = ['backend=0']
71 In the above configuration file the line 'vtpm = ...' provides
72 information about the domain where the virtual TPM is running and
73 where the TPM backend has been compiled into - this has to be
74 domain 0 at the moment - and which TPM instance the user domain
75 is supposed to talk to. Note that each running VM must use a
76 different instance and that using instance 0 is NOT allowed.
78 Note: If you do not want TPM functionality for your user domain simply
79 leave out the 'vtpm' line in the configuration file.
82 Running the TPM:
83 ----------------
85 To run the vTPM, dev device /dev/vtpm must be available.
86 Verify that 'ls -l /dev/vtpm' shows the following output:
88 crw------- 1 root root 10, 225 Aug 11 06:58 /dev/vtpm
90 If it is not available, run the following command as 'root'.
91 mknod /dev/vtpm c 10 225
93 Make sure that the vTPM is running in domain 0. To do this run the
94 following
96 /usr/bin/vtpm_managerd
98 Start a user domain using the 'xm create' command. Once you are in the
99 shell of the user domain, you should be able to do the following:
101 > cd /sys/devices/vtpm
102 > ls
103 cancel caps pcrs pubek
104 > cat pcrs
105 PCR-00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
106 PCR-01: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
107 PCR-02: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
108 PCR-03: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
109 PCR-04: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
110 PCR-05: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
111 PCR-06: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
112 PCR-07: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
113 PCR-08: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
114 [...]
116 At this point the user domain has been sucessfully connected to its
117 virtual TPM instance.
119 For further information please read the documentation in
120 tools/vtpm_manager/README and tools/vtpm/README
122 Stefan Berger and Employees of the Intel Corp