ia64/xen-unstable

changeset 6571:69d21d9d6b57

Documentation about how to use the virtual TPM implementation.

Signed-off-by: Steven Hand <steven@xensource.com>
Signed-off-by: Stefan Berger <stefanb@us.ibm.com>
author shand@ubuntu.eng.hq.xensource.com
date Tue Aug 30 11:19:52 2005 -0800 (2005-08-30)
parents 551870a55f24
children edbdd7123d24
files docs/misc/vtpm.txt
line diff
     1.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
     1.2 +++ b/docs/misc/vtpm.txt	Tue Aug 30 11:19:52 2005 -0800
     1.3 @@ -0,0 +1,122 @@
     1.4 +Copyright: IBM Corporation (C), Intel Corporation
     1.5 +17 August 2005
     1.6 +Authors: Stefan Berger <stefanb@us.ibm.com> (IBM), 
     1.7 +         Employees of Intel Corp
     1.8 +
     1.9 +This document gives a short introduction to the virtual TPM support
    1.10 +in XEN and goes as far as connecting a user domain to a virtual TPM
    1.11 +instance and doing a short test to verify success. It is assumed
    1.12 +that the user is fairly familiar with compiling and installing XEN
    1.13 +and Linux on a machine. 
    1.14 + 
    1.15 +Production Prerequisites: An x86-based machine machine with an ATMEL or
    1.16 +National Semiconductor (NSC) TPM on the motherboard.
    1.17 +Development Prerequisites: An emulator for TESTING ONLY is provided
    1.18 +
    1.19 +
    1.20 +Compiling XEN tree:
    1.21 +-------------------
    1.22 +
    1.23 +Compile the XEN tree as usual.
    1.24 +
    1.25 +make uninstall; make mrproper; make install 
    1.26 +
    1.27 +After compiling the tree, verify that in the linux-2.6.XX-xen0/.config 
    1.28 +file at least the following entries are set as below (they should be set
    1.29 +by default):
    1.30 +
    1.31 +CONFIG_XEN_TPMDEV_BACKEND=y
    1.32 +CONFIG_XEN_TPMDEV_GRANT=y
    1.33 +
    1.34 +CONFIG_TCG_TPM=m
    1.35 +CONFIG_TCG_NSC=m
    1.36 +CONFIG_TCG_ATMEL=m
    1.37 +
    1.38 +
    1.39 +Verify that in the linux-2.6.XX-xenU/.config file at least the 
    1.40 +Following entries are set as below (they should be set by default):
    1.41 +
    1.42 +CONFIG_XEN_TPMDEV_FRONTEND=y
    1.43 +CONFIG_XEN_TPMDEV_GRANT=y
    1.44 +
    1.45 +CONFIG_TCG_TPM=y
    1.46 +CONFIG_TCG_XEN=y
    1.47 +
    1.48 +
    1.49 +Reboot the machine with the created XEN-0 kernel.
    1.50 +
    1.51 +Note: If you do not want any TPM-related code compiled into your
    1.52 +kernel or built as module then comment all the above lines like
    1.53 +this example:
    1.54 +# CONFIG_TCG_TPM is not set
    1.55 +
    1.56 +
    1.57 +Modifying VM Configuration files:
    1.58 +---------------------------------
    1.59 +
    1.60 +VM configuration files need to be adapted to make a TPM instance
    1.61 +available to a user domain. The following VM configuration file is
    1.62 +an example of how a user domain can be configured to have a TPM
    1.63 +available. It works similar to making a network interface
    1.64 +available to a domain.
    1.65 +
    1.66 +kernel = "/boot/vmlinuz-2.6.12-xenU"
    1.67 +ramdisk = "/xen/initrd_domU/U1_ramdisk.img"
    1.68 +memory = 32
    1.69 +name = "TPMUserDomain0"
    1.70 +vtpm = ['instance=1,backend=0']
    1.71 +root = "/dev/ram0 cosole=tty ro"
    1.72 +vif = ['backend=0']
    1.73 +
    1.74 +In the above configuration file the line 'vtpm = ...' provides
    1.75 +information about the domain where the virtual TPM is running and
    1.76 +where the TPM backend has been compiled into - this has to be 
    1.77 +domain 0  at the moment - and which TPM instance the user domain
    1.78 +is supposed to talk to. Note that each running VM must use a 
    1.79 +different instance and that using instance 0 is NOT allowed.
    1.80 +
    1.81 +Note: If you do not want TPM functionality for your user domain simply
    1.82 +leave out the 'vtpm' line in the configuration file.
    1.83 +
    1.84 +
    1.85 +Running the TPM:
    1.86 +----------------
    1.87 +
    1.88 +To run the vTPM, dev device /dev/vtpm must be available.
    1.89 +Verify that 'ls -l /dev/vtpm' shows the following output:
    1.90 +
    1.91 +crw-------  1 root root 10, 225 Aug 11 06:58 /dev/vtpm
    1.92 +
    1.93 +If it is not available, run the following command as 'root'.
    1.94 +mknod /dev/vtpm c 10 225
    1.95 +
    1.96 +Make sure that the vTPM is running in domain 0. To do this run the
    1.97 +following
    1.98 +
    1.99 +/usr/bin/vtpm_managerd
   1.100 +
   1.101 +Start a user domain using the 'xm create' command. Once you are in the
   1.102 +shell of the user domain, you should be able to do the following:
   1.103 +
   1.104 +> cd /sys/devices/vtpm
   1.105 +> ls
   1.106 +cancel  caps   pcrs    pubek
   1.107 +> cat pcrs
   1.108 +PCR-00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
   1.109 +PCR-01: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
   1.110 +PCR-02: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
   1.111 +PCR-03: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
   1.112 +PCR-04: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
   1.113 +PCR-05: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
   1.114 +PCR-06: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
   1.115 +PCR-07: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
   1.116 +PCR-08: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
   1.117 +[...]
   1.118 +
   1.119 +At this point the user domain has been sucessfully connected to its
   1.120 +virtual TPM instance.
   1.121 +
   1.122 +For further information please read the documentation in 
   1.123 +tools/vtpm_manager/README and tools/vtpm/README
   1.124 +
   1.125 +Stefan Berger and Employees of the Intel Corp