@olivierlambert Thanks Olivier, I'm excited to be on board!
Best posts made by beshleman
Latest posts made by beshleman
RE: how to get Measured Boot Supplemental Pack
I assume you are looking to both support DRTM for guests (hence your vTPM interest), and for hosts (the Measured Boot Supplemental Pack), is that correct?
I believe you can get some form of DRTM up and running with tboot, Xen, and xentpm, although I say "some form" because the architecture of such a setup appears to be somewhat broken. If your boot chain contains a compromised component, you can no longer trust the state of subsequent components of the boot chain, which ultimately will include the OS in which xentpm is running, which eliminates any guarantees that the attestation received from xentpm is valid (xentpm itself could be modified to report that everything is okay or the PCR manifest could be spoofed, for instance).
There is a community effort called TrenchBoot which is attempting to tackle this and other problems related to launching Xen with DRTM. It is definitely worth taking a look at. TrenchBoot will include a tiny kernel as the measured launch environment, into which your attestation software can be incorporated.
I'm not entirely sure what is in the XenServer Supplemental Pack, and I can't really tell from the manual for it that they released. I suspect it is tboot and xentpm, which has the shortcomings above (please correct me if I am wrong).
As a part of the TrenchBoot effort, Grub now supports Intel TXT, so tboot may be redundant.
Regarding xentpm, I have not played with it. AFAIK, it is simply a tool to collect the TPM measurements produced at launch.
Regarding vTPM, it apparently works more-or-less, although there is some talk about replacing it. The issue with vTPM is that it is backed by a software emulator (I think QEMU's swtpm) and not the physical TPM. The only hardware protections for it lie in the fact that it exists in a separate domain, but this implies the domain and the hypervisor as attack vectors for retrieving TPM secrets, which is far too big of an attack surface to allow you to sleep well at night.
I hope some of this helps!