ia64/xen-unstable

view docs/misc/vtpm.txt @ 9774:0094c4c8c221

This is an update on the vTPM installation instructions.

Signed-off-by: Stefan Berger <stefanb@us.ibm.com>
author emellor@leeni.uk.xensource.com
date Wed Apr 19 16:08:41 2006 +0100 (2006-04-19)
parents cb215a84d1af
children 6719dae17b6a
line source
1 Copyright: IBM Corporation (C), Intel Corporation
2 17 August 2005
3 Authors: Stefan Berger <stefanb@us.ibm.com> (IBM),
4 Employees of Intel Corp
6 This document gives a short introduction to the virtual TPM support
7 in XEN and goes as far as connecting a user domain to a virtual TPM
8 instance and doing a short test to verify success. It is assumed
9 that the user is fairly familiar with compiling and installing XEN
10 and Linux on a machine.
12 Production Prerequisites: An x86-based machine machine with an ATMEL or
13 National Semiconductor (NSC) TPM on the motherboard.
14 Development Prerequisites: An emulator for TESTING ONLY is provided
17 Compiling XEN tree:
18 -------------------
20 Compile the XEN tree as usual after the following lines set in the
21 linux-2.6.??-xen/.config file:
23 CONFIG_XEN_TPMDEV_BACKEND=y
24 CONFIG_XEN_TPMDEV_GRANT=y
26 CONFIG_TCG_TPM=m
27 CONFIG_TCG_NSC=m
28 CONFIG_TCG_ATMEL=m
30 You must also enable the virtual TPM to be built:
32 In Config.mk in the Xen root directory set the line
34 VTPM_TOOLS ?= y
36 Now build the Xen sources from Xen's root directory:
38 make install
41 Also build the initial RAM disk if necessary.
43 Reboot the machine with the created Xen kernel.
45 Note: If you do not want any TPM-related code compiled into your
46 kernel or built as module then comment all the above lines like
47 this example:
48 # CONFIG_TCG_TPM is not set
51 Modifying VM Configuration files:
52 ---------------------------------
54 VM configuration files need to be adapted to make a TPM instance
55 available to a user domain. The following VM configuration file is
56 an example of how a user domain can be configured to have a TPM
57 available. It works similar to making a network interface
58 available to a domain.
60 kernel = "/boot/vmlinuz-2.6.12-xenU"
61 ramdisk = "/xen/initrd_domU/U1_ramdisk.img"
62 memory = 32
63 name = "TPMUserDomain0"
64 vtpm = ['instance=1,backend=0']
65 root = "/dev/ram0 cosole=tty ro"
66 vif = ['backend=0']
68 In the above configuration file the line 'vtpm = ...' provides
69 information about the domain where the virtual TPM is running and
70 where the TPM backend has been compiled into - this has to be
71 domain 0 at the moment - and which TPM instance the user domain
72 is supposed to talk to. Note that each running VM must use a
73 different instance and that using instance 0 is NOT allowed. The
74 instance parameter is taken as the desired instance number, but
75 the actual instance number that is assigned to the virtual machine
76 can be different. This is the case if for example that particular
77 instance is already used by another virtual machine. The association
78 of which TPM instance number is used by which virtual machine is
79 kept in the file /etc/xen/vtpm.db. Associations are maintained by
80 domain name and instance number.
82 Note: If you do not want TPM functionality for your user domain simply
83 leave out the 'vtpm' line in the configuration file.
86 Running the TPM:
87 ----------------
89 To run the vTPM, dev device /dev/vtpm must be available.
90 Verify that 'ls -l /dev/vtpm' shows the following output:
92 crw------- 1 root root 10, 225 Aug 11 06:58 /dev/vtpm
94 If it is not available, run the following command as 'root'.
95 mknod /dev/vtpm c 10 225
97 Make sure that the vTPM is running in domain 0. To do this run the
98 following
100 /usr/bin/vtpm_managerd
102 Start a user domain using the 'xm create' command. Once you are in the
103 shell of the user domain, you should be able to do the following:
105 > cd /sys/devices/vtpm
106 > ls
107 cancel caps pcrs pubek
108 > cat pcrs
109 PCR-00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
110 PCR-01: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
111 PCR-02: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
112 PCR-03: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
113 PCR-04: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
114 PCR-05: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
115 PCR-06: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
116 PCR-07: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
117 PCR-08: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
118 [...]
120 At this point the user domain has been sucessfully connected to its
121 virtual TPM instance.
123 For further information please read the documentation in
124 tools/vtpm_manager/README and tools/vtpm/README
126 Stefan Berger and Employees of the Intel Corp