Kicking it up a Level: Bringing the Trusted Platform Module into qemu

This proposal has been accepted as a session.

*

One Line Summary

The Design and Implementation of a virtual Trusted Platform Module in qemu

Abstract

Every server with an Intel chip ships with a Trusted Platform Module (TPM). Virtualization of this device is one of the last remaining barriers to adoption of qemu virtualization for security conscious customers. The vTPM device will be a significant tool that can be used, among other functionalities, to verify that the Trusted Computing Base (TCB) of a guest has not been tampered. This can be used in conjunction with a host TPM to verify that the hypervisor also has not been tampered. Combine this with remote attestation, and cloud users will be able to remotely verify that the TCB of both their guests and host have not maliciously been altered with malware or other means.

Tags

virtualization, qemu, kvm, security, TPM

Speaker

Leave a private comment to organizers about this proposal