zoukankan      html  css  js  c++  java
  • xen4.4.2/xen-4.4.2/stubdom/vtpmmgr/README

    Copyright (c) 2010-2012 United States Government, as represented by
    the Secretary of Defense.  All rights reserved.
    November 12 2012
    Authors: Matthew Fioravante (JHUAPL),

    This document describes the operation and command line interface
    of vtpmmgr-stubdom. See docs/misc/vtpm.txt for details on the
    vTPM subsystem as a whole.


    ------------------------------
    OPERATION
    ------------------------------

    The vtpmmgr-stubdom implements a vTPM manager who has two major functions:

     - Securely store encryption keys for each of the vTPMS
     - Regulate access to the hardware TPM for the entire system

    The manager accepts commands from the vtpm-stubdom domains via the mini-os
    TPM backend driver. The vTPM manager communicates directly with hardware TPM
    using the mini-os tpm_tis driver.


    When the manager starts for the first time it will check if the TPM
    has an owner. If the TPM is unowned, it will attempt to take ownership
    with the supplied owner_auth (see below) and then create a TPM
    storage key which will be used to secure vTPM key data. Currently the
    manager only binds vTPM keys to the disk. In the future support
    for sealing to PCRs should be added.

    ------------------------------
    COMMAND LINE ARGUMENTS
    ------------------------------

    Command line arguments are passed to the domain via the 'extra'
    parameter in the VM config file. Each parameter is separated
    by white space. For example:

    extra="foo=bar baz"

    List of Arguments:
    ------------------

    owner_auth=<AUTHSPEC>: Set the owner auth of the TPM. The default
        is the well known owner auth of all ones.

    srk_auth=<AUTHSPEC>: Set the SRK auth for the TPM. The default is
        the well known srk auth of all zeroes.
        The possible values of <AUTHSPEC> are:
         well-known: Use the well known auth (default)
         random: Randomly generate an auth
         hash: <HASH>: Use the given 40 character ASCII hex string
         text: <STR>: Use sha1 hash of <STR>.

    tpmdriver=<DRIVER>: Which driver to use to talk to the hardware TPM.
        Don't change this unless you know what you're doing.
        The possible values of <DRIVER> are:
         tpm_tis: Use the tpm_tis driver to talk directly to the TPM.
            The domain must have access to TPM IO memory.  (default)
         tpmfront: Use tpmfront to talk to the TPM. The domain must have
            a tpmfront device setup to talk to another domain
            which provides access to the TPM.

    The following options only apply to the tpm_tis driver:

    tpmiomem=<ADDR>: The base address of the hardware memory pages of the
        TPM (default 0xfed40000).

    tpmirq=<IRQ>: The irq of the hardware TPM if using interrupts. A value of
        "probe" can be set to probe for the irq. A value of 0
        disabled interrupts and uses polling (default 0).

    tpmlocality=<LOC>: Attempt to use locality <LOC> of the hardware TPM.
        (default 0)

  • 相关阅读:
    求文件的hash值(基于SHA3的Hash)
    Discrete Log Algorithms :Baby-step giant-step 【二】
    非专业填坑
    xml转换csv
    使用PowerShell批量注册DLL到GAC
    ui-grid 中cellTemplate中click事件
    ui-grid样式,表格高度自适应行高,没有滚动条,去掉表头
    ui-grid使用详解
    数组过滤重复元素
    正则表达式验证邮箱
  • 原文地址:https://www.cnblogs.com/summer2017/p/7912026.html
Copyright © 2011-2022 走看看