Garrett D'Amore wrote: > Note that making the interface Consolidation Private, while possibly > confusing to external consumers, would primarily mean that others that > wanted to use it outside of the consolidation would need to talk to > you. I'm mostly concerned about whether or not there are "interesting" > applications that have relevance in a non-global zone. I'm willing to > concede this point, in the meantime.
That would be pointless though because the TSS 1.2 API won't change even if we do virtualise access via a Zone or hypervisor. If there is a change needed to the API to support virtualisation it will be a new rev of the API from the TCG. I'm very strongly against making the API any form of Private. > Okay, that makes sense. Surely the problem of operation of TCS/TSS/TPM > with Xen^WxVM is not unique to Solaris. It would be interesting to > learn what other design approaches the upstream community is considering > to deal with this problem. It isn't. IBM has to my knowlege developed an experimental Xen driver for virtualising the TPM for Xen. However as Wyllys has already mentioned virtualisation of the TPM is the subject of an active TCG working group and he as agreed to participate in that to make sure that what is done works for Zones as well. > Actually, I think what would be nice here would be some form of UNIX > domain socket or named pipes that crossed zone boundaries. Already discussed in other PSARC cases and already works in some configurations. For example in Trusted Extensions configuration there are doors and UNIX domain sockets that the global zone helps sets up to the local zones for various servces. -- Darren J Moffat
