zoukankan      html  css  js  c++  java
  • xen4.4.2/xen-4.4.2/stubdom/vtpmmgr/README

    Copyright (c) 2010-2012 United States Government, as represented by
    the Secretary of Defense.  All rights reserved.
    November 12 2012
    Authors: Matthew Fioravante (JHUAPL),

    This document describes the operation and command line interface
    of vtpmmgr-stubdom. See docs/misc/vtpm.txt for details on the
    vTPM subsystem as a whole.


    ------------------------------
    OPERATION
    ------------------------------

    The vtpmmgr-stubdom implements a vTPM manager who has two major functions:

     - Securely store encryption keys for each of the vTPMS
     - Regulate access to the hardware TPM for the entire system

    The manager accepts commands from the vtpm-stubdom domains via the mini-os
    TPM backend driver. The vTPM manager communicates directly with hardware TPM
    using the mini-os tpm_tis driver.


    When the manager starts for the first time it will check if the TPM
    has an owner. If the TPM is unowned, it will attempt to take ownership
    with the supplied owner_auth (see below) and then create a TPM
    storage key which will be used to secure vTPM key data. Currently the
    manager only binds vTPM keys to the disk. In the future support
    for sealing to PCRs should be added.

    ------------------------------
    COMMAND LINE ARGUMENTS
    ------------------------------

    Command line arguments are passed to the domain via the 'extra'
    parameter in the VM config file. Each parameter is separated
    by white space. For example:

    extra="foo=bar baz"

    List of Arguments:
    ------------------

    owner_auth=<AUTHSPEC>: Set the owner auth of the TPM. The default
        is the well known owner auth of all ones.

    srk_auth=<AUTHSPEC>: Set the SRK auth for the TPM. The default is
        the well known srk auth of all zeroes.
        The possible values of <AUTHSPEC> are:
         well-known: Use the well known auth (default)
         random: Randomly generate an auth
         hash: <HASH>: Use the given 40 character ASCII hex string
         text: <STR>: Use sha1 hash of <STR>.

    tpmdriver=<DRIVER>: Which driver to use to talk to the hardware TPM.
        Don't change this unless you know what you're doing.
        The possible values of <DRIVER> are:
         tpm_tis: Use the tpm_tis driver to talk directly to the TPM.
            The domain must have access to TPM IO memory.  (default)
         tpmfront: Use tpmfront to talk to the TPM. The domain must have
            a tpmfront device setup to talk to another domain
            which provides access to the TPM.

    The following options only apply to the tpm_tis driver:

    tpmiomem=<ADDR>: The base address of the hardware memory pages of the
        TPM (default 0xfed40000).

    tpmirq=<IRQ>: The irq of the hardware TPM if using interrupts. A value of
        "probe" can be set to probe for the irq. A value of 0
        disabled interrupts and uses polling (default 0).

    tpmlocality=<LOC>: Attempt to use locality <LOC> of the hardware TPM.
        (default 0)

  • 相关阅读:
    MySQL中IS NULL、IS NOT NULL、!=不能用索引?胡扯!
    市值TOP10,人类进化及中美坐标
    倒序切片
    对list进行切片
    Python之定义可变参数
    Python之递归函数
    Python之“可变”的tuple
    Python之创建单元素tuple
    Python中Unicode字符串
    Pycharm配置autopep8让Python代码更符合pep8规范
  • 原文地址:https://www.cnblogs.com/summer2017/p/7912026.html
Copyright © 2011-2022 走看看