TPM_ORD_DeepQuote is a custom command used just with vTPMs so a domU user can get a quote signed with vTPM PCRs and also physical PCRs. It is not included in 1.2 specification.
On Mon, Mar 9, 2015 at 4:51 PM, Xu, Quan <quan...@intel.com> wrote: > For ‘TPM_ORD_DeepQuote’cmd, it looks like a specific TPM 1.2 emulator > command, instead of TPM physic cmd. I can’t find it in TPM 1.2 spec. > > (my TPM Main Part2 TPM Structures is *Specification version 1.2/ Level 2 > Revision 116 / 1 March 2011*) > > > > > > -Quan > > > > *From:* xen-devel-boun...@lists.xen.org [mailto: > xen-devel-boun...@lists.xen.org] *On Behalf Of *Emil Condrea > *Sent:* Sunday, March 08, 2015 7:41 PM > *To:* xen-devel@lists.xen.org > *Cc:* Daniel De Graaf > *Subject:* [Xen-devel] vTPM Deep Quote validation > > > > I am trying to validate a Deep Quote request made by domU but I feel that > something is missing. Right now when a domU requests TPM_ORD_DeepQuote: > > 1. vTPM: > > - unpacks the params: nonce, vTPM PCR selection and physical PCR selection > > - packs PCR_INFO_SHORT structure into buf that contains the selected vTPM > PCRs > > - computes nonce as a SHA1 of: dquot_hdr, nonce, and previous packed buf > > - packs: nonce, physical PCR selection > > - receives physical pcr data and signature from manager and returns them > to DomU > > 2. vTPM Manager > > - unpacks the params: nonce, PCR selection > > - execute TPM_Quote with: externalData = nonce > > - returns pcr data and signature to vTPM > > > If domU user wants to validate the signature it has to do the exact > process that the vtpm and manager did but the virtual PCR values are not > included in response, just physical ones. > > We can include the vTPM PCRS in response or the manager must perform > TPM_Quote using the nonce received from domU in order to be able to have a > successful validation on the client side. > > What do you think? Is there something that I am missing ? >
_______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org http://lists.xen.org/xen-devel
