On Wed, Sep 14, 2011 at 01:05:44PM -0400, Stefan Berger wrote: > Hello! > > Over the last few days primarily Michael Tsirkin and I have > discussed the design of the 'blobstore' via IRC (#virtualization). > The intention of the blobstore is to provide storage to persist > blobs that devices create. Along with these blobs possibly some > metadata should be storable in this blobstore. > > An initial client for the blobstore would be the TPM emulation. > The TPM's persistent state needs to be stored once it changes so it > can be restored at any point in time later on, i.e., after a cold > reboot of the VM. In effect the blobstore simulates the NVRAM of a > device where it would typically store such persistent data onto.
While I can see the appeal of a general 'blobstore' for NVRAM tunables related to device, wrt the TPM emulation, should we be considering use of something like the PKCS#11 standard for storing/retrieving crypto data for the TPM ? https://secure.wikimedia.org/wikipedia/en/wiki/PKCS11 This is a industry standard for interfacing to cryptographic storage mechanisms, widely supported by all SSL libraries & more or less all programming languages. IIUC it lets the application avoid hardcoding a specification storage backend impl, so it can be made to work with anything from local files, to smartcards, to HSMs, to remote network services. Regards, Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
