ia64/xen-unstable

view docs/misc/vtpm.txt @ 8335:c8378d3c3af8

Make sure to fork again after setsid() so that child cannot regain CTTY.

Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
author Anthony Liguori <anthony@codemonkey.ws>
date Mon Dec 12 15:11:13 2005 +0000 (2005-12-12)
parents cb215a84d1af
children 0094c4c8c221
line source
1 Copyright: IBM Corporation (C), Intel Corporation
2 17 August 2005
3 Authors: Stefan Berger <stefanb@us.ibm.com> (IBM),
4 Employees of Intel Corp
6 This document gives a short introduction to the virtual TPM support
7 in XEN and goes as far as connecting a user domain to a virtual TPM
8 instance and doing a short test to verify success. It is assumed
9 that the user is fairly familiar with compiling and installing XEN
10 and Linux on a machine.
12 Production Prerequisites: An x86-based machine machine with an ATMEL or
13 National Semiconductor (NSC) TPM on the motherboard.
14 Development Prerequisites: An emulator for TESTING ONLY is provided
17 Compiling XEN tree:
18 -------------------
20 Compile the XEN tree as usual.
22 make uninstall; make mrproper; make install
24 After compiling the tree, verify that in the linux-2.6.XX-xen0/.config
25 file at least the following entries are set as below (they should be set
26 by default):
28 CONFIG_XEN_TPMDEV_BACKEND=y
29 CONFIG_XEN_TPMDEV_GRANT=y
31 CONFIG_TCG_TPM=m
32 CONFIG_TCG_NSC=m
33 CONFIG_TCG_ATMEL=m
36 Verify that in the linux-2.6.XX-xenU/.config file at least the
37 Following entries are set as below (they should be set by default):
39 CONFIG_XEN_TPMDEV_FRONTEND=y
40 CONFIG_XEN_TPMDEV_GRANT=y
42 CONFIG_TCG_TPM=y
43 CONFIG_TCG_XEN=y
46 Reboot the machine with the created XEN-0 kernel.
48 Note: If you do not want any TPM-related code compiled into your
49 kernel or built as module then comment all the above lines like
50 this example:
51 # CONFIG_TCG_TPM is not set
54 Modifying VM Configuration files:
55 ---------------------------------
57 VM configuration files need to be adapted to make a TPM instance
58 available to a user domain. The following VM configuration file is
59 an example of how a user domain can be configured to have a TPM
60 available. It works similar to making a network interface
61 available to a domain.
63 kernel = "/boot/vmlinuz-2.6.12-xenU"
64 ramdisk = "/xen/initrd_domU/U1_ramdisk.img"
65 memory = 32
66 name = "TPMUserDomain0"
67 vtpm = ['instance=1,backend=0']
68 root = "/dev/ram0 cosole=tty ro"
69 vif = ['backend=0']
71 In the above configuration file the line 'vtpm = ...' provides
72 information about the domain where the virtual TPM is running and
73 where the TPM backend has been compiled into - this has to be
74 domain 0 at the moment - and which TPM instance the user domain
75 is supposed to talk to. Note that each running VM must use a
76 different instance and that using instance 0 is NOT allowed. The
77 instance parameter is taken as the desired instance number, but
78 the actual instance number that is assigned to the virtual machine
79 can be different. This is the case if for example that particular
80 instance is already used by another virtual machine. The association
81 of which TPM instance number is used by which virtual machine is
82 kept in the file /etc/xen/vtpm.db. Associations are maintained by
83 domain name and instance number.
85 Note: If you do not want TPM functionality for your user domain simply
86 leave out the 'vtpm' line in the configuration file.
89 Running the TPM:
90 ----------------
92 To run the vTPM, dev device /dev/vtpm must be available.
93 Verify that 'ls -l /dev/vtpm' shows the following output:
95 crw------- 1 root root 10, 225 Aug 11 06:58 /dev/vtpm
97 If it is not available, run the following command as 'root'.
98 mknod /dev/vtpm c 10 225
100 Make sure that the vTPM is running in domain 0. To do this run the
101 following
103 /usr/bin/vtpm_managerd
105 Start a user domain using the 'xm create' command. Once you are in the
106 shell of the user domain, you should be able to do the following:
108 > cd /sys/devices/vtpm
109 > ls
110 cancel caps pcrs pubek
111 > cat pcrs
112 PCR-00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
113 PCR-01: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
114 PCR-02: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
115 PCR-03: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
116 PCR-04: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
117 PCR-05: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
118 PCR-06: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
119 PCR-07: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
120 PCR-08: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
121 [...]
123 At this point the user domain has been sucessfully connected to its
124 virtual TPM instance.
126 For further information please read the documentation in
127 tools/vtpm_manager/README and tools/vtpm/README
129 Stefan Berger and Employees of the Intel Corp