tpm emulator作为一个vTPM实例使用就无须TPM设备驱动以及内核模块的支持,但为了能够与tpmd通讯需要修改命名管道。
先看一下/usr/src/xen-unstable/tools/vtpm/代码中的readme介绍:
vtpmd Flow (for vtpm_manager. vtpmd never run by default)
============================
- Launch the VTPM manager (vtpm_managerd) which which begins listening to the BE with one thread
and listens to a named fifo that is shared by the vtpms to commuincate with the manager.
- VTPM Manager listens to TPM BE.
- When xend launches a tpm frontend equipped VM it contacts the manager over the vtpm backend.
- When the manager receives the open message from the BE, it launches a vtpm
- Xend allows the VM to continue booting.
- When a TPM request is issued to the front end, the front end transmits the TPM request to the backend.
- The manager receives the TPM requests and uses a named fifo to forward the request to the vtpm.
- The fifo listener begins listening for the reply from vtpm for the request.
- Vtpm processes request and replies to manager over shared named fifo.
- If needed, the vtpm may send a request to the vtpm_manager at any time to save it's secrets to disk.
- Manager receives response from vtpm and passes it back to backend for forwarding to guest.
另外根据该目录下的Makefile和Rules.mk似乎指定了tpm emulator版本:
TPM_EMULATOR_NAME = tpm_emulator-0.5.1
这个有点僵,我查了一下该软件的官网上已经有更新,不过没关系我们编译时可以选择编译自己下载的:
# cd /usr/src
# svn checkout tpm-emulator
# cd /usr/src/tpm-emulator
# make
# make install
然后修改/usr/src/xen-unstable/Config.mk为
VTPM_TOOLS ?= y
不过要把/usr/src/xen-unstable/tools/vtpm/Rules.mk修改为
BUILD_EMULATOR = n
记得要安装gmp库哦:)
该目录下剩余几个都是patch文件,没什么好看的,先放过。跳到/usr/src/xen-unstable/tools/vtpm_manager/
readme告诉我们该目录结构以及基本流程:
Single-VM Flow
============================
- Launch the VTPM manager (vtpm_managerd) which which begins listening to the BE with one thread
and listens to a named fifo that is shared by the vtpms to commuincate with the manager.
- VTPM Manager listens to TPM BE.
- When xend launches a tpm frontend equipped VM it contacts the manager over the vtpm backend.
- When the manager receives the open message from the BE, it launches a vtpm
- Xend allows the VM to continue booting.
- When a TPM request is issued to the front end, the front end transmits the TPM request to the backend.
- The manager receives the TPM requests and uses a named fifo to forward the request to the vtpm.
- The fifo listener begins listening for the reply from vtpm for the request.
- Vtpm processes request and replies to manager over shared named fifo.
- If needed, the vtpm may send a request to the vtpm_manager at any time to save it's secrets to disk.
- Manager receives response from vtpm and passes it back to backend for forwarding to guest.
我们看看manager目录下的代码:
首先Makefile告诉我们将生成一个
BIN = vtpm_managerd
也就是vTPM管理工具守护进程,接着看我们的vtpmd.c
// -------------------- Initialize Manager -----------------
if (() != ) {
(, "Closing vtpmd due to error during startup.\n");
return -1;
}
Initialize Manager斗大的字,干什么用的一目了然,注意里面调用的点一下跟进去看看:
Defined as a function in:
看看它究竟干了些什么:
// Create new TCS Object
// Create TCS Context for service
// Create OIAP session for service's authorized commands
// If fails, create new Manager.
serviceStatus = ();
//Load Storage Key
// Create entry for Dom0 for control messages
呵呵,偷了些懒,不过这些信息足够了,这个初始化管理程序创建新的TCS对象和上下文环境以及OIAP对话,
调用 ()似乎是加载vTPM管理数据。
OK,我们回到vtpmd.c
// ------------------- Set up file ipc structures ----------
调用函数vtpm_ipc_init()初始化FIFO文件
// -------------------- Set up thread params -------------
设置线程参数
// --------------------- Launch Threads -----------------
下面启动了be_thread、dmi_thread、hp_thread三个线程监听来之后端驱动、vTPM实例和热插件的命令和数据,
其中的vtpm_manager_thread()会调用命令处理函数VTPM_Manager_Handler()处理命令请求:
void *(void *arg_void) {
* = ( *) (sizeof() );
struct * = (struct *) arg_void;
* = (->, ->,
->fw_tpm, ->fw_tx_ipc_h, ->fw_rx_ipc_h,
->is_priv, ->thread_name);
return ();
}
继续跟下去
( *,
*,
fw_tpm, // Forward TPM cmds?
*fw_tx_ipc_h,
*fw_rx_ipc_h,
is_priv,
char *thread_name) {
// ------------------------ Main Loop --------------------------------
while(1) {
(, "%s waiting for messages.\n", thread_name);
// --------------------- Read Cmd from Sender ----------------
// Read command header
size_read = (, , cmd_header, );
size_write = (, (dmi_res ? dmi_res->tx_vtpm_ipc_h : ), reply, reply_size );
可以看到在函数主循环中调用 接收并解析命令消息,调用 返回结果。
好了今天就到这里吧,下次结合起来分析前后端驱动的问题。
我的百度空间:http://hi.baidu.com/from2_6_30_1/blog
注: vTPM实例守护进程叫vtpmd,这个守护进程不是由用户启动的而是由vTPM管理工具启动。
