ia64/xen-unstable

view docs/misc/vtpm.txt @ 16242:3d97c1c1f7c8

pv-on-hvm: fixes for unmodified drivers build and modern Linux

- The adjustments to README and overrides.mk are generic.
- The removal of explicit linux/config.h inclusion should also not
cause any issues.
- The introduction of irq_handler_t should eliminiate warnings on
2.6.19+ kernels (I didn't check they're there, but since the
request_irq prototype changed, I'm sure there's at least
one. However, as a result changes to the Linux tree are expected to
be required.
- The change setup_xen_features -> xen_setup_features follows the
naming in mainline 2.6.23 but would apparently also require changes
to the Linux tree.
- The changes SA_* -> IRQF_ and pci_module_init ->
pci_register_driver should also not cause issues.

Signed-off-by: Jan Beulich <jbeulich@novell.com>
author Keir Fraser <keir@xensource.com>
date Thu Oct 25 15:54:19 2007 +0100 (2007-10-25)
parents 5d565bb12783
children a2903704c17a
line source
1 Copyright: IBM Corporation (C), Intel Corporation
2 29 June 2006
3 Authors: Stefan Berger <stefanb@us.ibm.com> (IBM),
4 Employees of Intel Corp
6 This document gives a short introduction to the virtual TPM support
7 in XEN and goes as far as connecting a user domain to a virtual TPM
8 instance and doing a short test to verify success. It is assumed
9 that the user is fairly familiar with compiling and installing XEN
10 and Linux on a machine.
12 Production Prerequisites: An x86-based machine machine with a
13 Linux-supported TPM on the motherboard (NSC, Atmel, Infineon, TPM V1.2).
14 Development Prerequisites: An emulator for TESTING ONLY is provided
17 Compiling the XEN tree:
18 -----------------------
20 Compile the XEN tree as usual after the following lines set in the
21 linux-2.6.??-xen/.config file:
23 CONFIG_XEN_TPMDEV_BACKEND=m
25 CONFIG_TCG_TPM=m
26 CONFIG_TCG_TIS=m (supported after 2.6.17-rc4)
27 CONFIG_TCG_NSC=m
28 CONFIG_TCG_ATMEL=m
29 CONFIG_TCG_INFINEON=m
30 CONFIG_TCG_XEN=m
31 <possible other TPM drivers supported by Linux>
33 If the frontend driver needs to be compiled into the user domain
34 kernel, then the following two lines should be changed.
36 CONFIG_TCG_TPM=y
37 CONFIG_TCG_XEN=y
40 You must also enable the virtual TPM to be built:
42 In Config.mk in the Xen root directory set the line
44 VTPM_TOOLS ?= y
46 and in
48 tools/vtpm/Rules.mk set the line
50 BUILD_EMULATOR = y
52 Now build the Xen sources from Xen's root directory:
54 make install
57 Also build the initial RAM disk if necessary.
59 Reboot the machine with the created Xen kernel.
61 Note: If you do not want any TPM-related code compiled into your
62 kernel or built as module then comment all the above lines like
63 this example:
64 # CONFIG_TCG_TPM is not set
67 Modifying VM Configuration files:
68 ---------------------------------
70 VM configuration files need to be adapted to make a TPM instance
71 available to a user domain. The following VM configuration file is
72 an example of how a user domain can be configured to have a TPM
73 available. It works similar to making a network interface
74 available to a domain.
76 kernel = "/boot/vmlinuz-2.6.x"
77 ramdisk = "/xen/initrd_domU/U1_ramdisk.img"
78 memory = 32
79 name = "TPMUserDomain0"
80 vtpm = ['instance=1,backend=0']
81 root = "/dev/ram0 cosole=tty ro"
82 vif = ['backend=0']
84 In the above configuration file the line 'vtpm = ...' provides
85 information about the domain where the virtual TPM is running and
86 where the TPM backend has been compiled into - this has to be
87 domain 0 at the moment - and which TPM instance the user domain
88 is supposed to talk to. Note that each running VM must use a
89 different instance and that using instance 0 is NOT allowed. The
90 instance parameter is taken as the desired instance number, but
91 the actual instance number that is assigned to the virtual machine
92 can be different. This is the case if for example that particular
93 instance is already used by another virtual machine. The association
94 of which TPM instance number is used by which virtual machine is
95 kept in the file /etc/xen/vtpm.db. Associations are maintained by
96 domain name and instance number.
98 Note: If you do not want TPM functionality for your user domain simply
99 leave out the 'vtpm' line in the configuration file.
102 Running the TPM:
103 ----------------
105 To run the vTPM, the device /dev/vtpm must be available.
106 Verify that 'ls -l /dev/vtpm' shows the following output:
108 crw------- 1 root root 10, 225 Aug 11 06:58 /dev/vtpm
110 If it is not available, run the following command as 'root'.
111 mknod /dev/vtpm c 10 225
113 Make sure that the vTPM is running in domain 0. To do this run the
114 following:
116 modprobe tpmbk
118 /usr/bin/vtpm_managerd
120 Start a user domain using the 'xm create' command. Once you are in the
121 shell of the user domain, you should be able to do the following as
122 user 'root':
124 Insert the TPM frontend into the kernel if it has been compiled as a
125 kernel module.
127 > modprobe tpm_xenu
129 Check the status of the TPM
131 > cd /sys/devices/xen/vtpm-0
132 > ls
133 [...] cancel caps pcrs pubek [...]
134 > cat pcrs
135 PCR-00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
136 PCR-01: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
137 PCR-02: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
138 PCR-03: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
139 PCR-04: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
140 PCR-05: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
141 PCR-06: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
142 PCR-07: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
143 PCR-08: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
144 [...]
146 At this point the user domain has been sucessfully connected to its
147 virtual TPM instance.
149 For further information please read the documentation in
150 tools/vtpm_manager/README and tools/vtpm/README
152 Stefan Berger and Employees of the Intel Corp