Kicking it up a Level: Bringing the Trusted Platform Module into qemu

This proposal has been accepted as a session.


One Line Summary

The Design and Implementation of a virtual Trusted Platform Module in qemu


Every server with an Intel chip ships with a Trusted Platform Module (TPM). Virtualization of this device is one of the last remaining barriers to adoption of qemu virtualization for security conscious customers. The vTPM device will be a significant tool that can be used, among other functionalities, to verify that the Trusted Computing Base (TCB) of a guest has not been tampered. This can be used in conjunction with a host TPM to verify that the hypervisor also has not been tampered. Combine this with remote attestation, and cloud users will be able to remotely verify that the TCB of both their guests and host have not maliciously been altered with malware or other means.


virtualization, qemu, kvm, security, TPM


Leave a private comment to organizers about this proposal