[meta-virtualization] [PATCH 0/7] Xen vTPM stubdomains

Bruce Ashfield bruce.ashfield at gmail.com
Thu Mar 8 12:58:43 PST 2018


On Mon, Mar 5, 2018 at 10:35 AM, Kurt Bodiker
<kurt.bodiker at braintrust-us.com> wrote:
> This patchset introduces the basic recipes necessary to build Xen
> stubdomains, in particular the vTPM and vTPM Manager stubdomains. vTPM
> stubdomains provide Xen guest domains access to a virtualized TPM. The
> vTPM Manager stubdomain manages each of the vTPM domains and seals them
> to the physical TPM. The intention of this patchset is to provide the
> ability to build Xen stubdomains separately from the rest of the Xen
> components since the stubdomains have separate dependencies that are
> hard-coded within the Xen build and configuration files.  Separating the
> stubdomain recipes and dependencies from the rest of the Xen build gives
> the ability to use newer or different libraries than what is currently
> used.
>
> The stubdom.inc file defines a set of CPPFLAGS, CFLAGS, and LDFLAGS
> common for building all Xen stubdomains. Xen stubdomains are
> cross-compiled with the MiniOS, which creates some issues when trying to
> compile stubdomains in an OpenEmbedded environment. To address these
> issues and to ensure the stubdoms are built as Xen had intended, all of
> the build flags and build tools that are exported into the environment
> by OE have been unset. Each of the new recipes introduced here then
> implements the build flags and the tools as though the build had been
> run in the bare-metal environment.
>
> Xen vTPM stubdomains have depencencies on static libraries for newlib,
> polarssl, gmp, and tpm emulator. Xen vTPM Manager stubdomain has
> dependencies on static libraries for newlib and polarssl.
>
> The newlib, polarssl, gmp, and tpm emulator recipes are constructed to
> behave the same as a bare-metal build. These recipes are cross-compiled
> against both the Xen and MiniOS source code.
>
> The xen-vtpm recipe is responsible for building and installing the vTPM
> and vTPM Manager stubdomain images into the Xen boot directory. xen-vtpm
> would need to be added to DISTRO_FEATURES the similar for what is done
> for Xen.

I don't have any major issues with the series, I'll wait another day
or so to see
if there are any comments, and will merge it after that.

Cheers,

Bruce

>
>
> kebodiker (7):
>   xen: Define the standard values needed for stubdoms
>   xen: LWIP source code with patches applied for stubdoms
>   xen: Newlib recipe and patches for Xen stubdoms
>   xen: PolarSSL recipe and patches for Xen stubdoms
>   xen: GMP recipe for Xen stubdoms
>   xen: TPM Emulator for Xen stubdoms
>   xen: vTPM and vTPM Manager stubdoms for Xen
>
>  .../lwip.dhcp_create_request-hwaddr_len.patch      |   13 +
>  recipes-extended/xen/files/lwip.patch-cvs          | 2398 ++++++++++++++++++++
>  recipes-extended/xen/files/newlib-chk.patch        |  155 ++
>  .../newlib-stdint-size_max-fix-from-1.17.0.patch   |   16 +
>  recipes-extended/xen/files/newlib.patch            |  727 ++++++
>  recipes-extended/xen/files/polarssl.patch          |   64 +
>  recipes-extended/xen/files/tpmemu-0.7.4.patch      |   12 +
>  recipes-extended/xen/files/vtpm-bufsize.patch      |   13 +
>  recipes-extended/xen/files/vtpm-cmake-Wextra.patch |   21 +
>  .../xen/files/vtpm-deepquote-anyloc.patch          |  127 ++
>  recipes-extended/xen/files/vtpm-deepquote.patch    |  187 ++
>  .../xen/files/vtpm-implicit-fallthrough.patch      |   10 +
>  recipes-extended/xen/files/vtpm-locality.patch     |   50 +
>  .../xen/files/vtpm-parent-sign-ek.patch            |  196 ++
>  recipes-extended/xen/lwip.inc                      |   22 +
>  recipes-extended/xen/lwip_1.3.0.bb                 |   22 +
>  recipes-extended/xen/newlib.inc                    |   64 +
>  recipes-extended/xen/newlib_1.16.0.bb              |   19 +
>  recipes-extended/xen/polarssl.inc                  |   25 +
>  recipes-extended/xen/polarssl_1.1.4.bb             |   17 +
>  recipes-extended/xen/stubdom-gmp.inc               |   36 +
>  recipes-extended/xen/stubdom-gmp_4.3.2.bb          |   20 +
>  recipes-extended/xen/stubdom.inc                   |  141 ++
>  recipes-extended/xen/tpm-emulator.inc              |   31 +
>  recipes-extended/xen/tpm-emulator_0.7.4.bb         |   26 +
>  recipes-extended/xen/xen-vtpm.inc                  |   97 +
>  recipes-extended/xen/xen-vtpm_1.0.bb               |   16 +
>  27 files changed, 4525 insertions(+)
>  create mode 100644 recipes-extended/xen/files/lwip.dhcp_create_request-hwaddr_len.patch
>  create mode 100644 recipes-extended/xen/files/lwip.patch-cvs
>  create mode 100644 recipes-extended/xen/files/newlib-chk.patch
>  create mode 100644 recipes-extended/xen/files/newlib-stdint-size_max-fix-from-1.17.0.patch
>  create mode 100644 recipes-extended/xen/files/newlib.patch
>  create mode 100644 recipes-extended/xen/files/polarssl.patch
>  create mode 100644 recipes-extended/xen/files/tpmemu-0.7.4.patch
>  create mode 100644 recipes-extended/xen/files/vtpm-bufsize.patch
>  create mode 100644 recipes-extended/xen/files/vtpm-cmake-Wextra.patch
>  create mode 100644 recipes-extended/xen/files/vtpm-deepquote-anyloc.patch
>  create mode 100644 recipes-extended/xen/files/vtpm-deepquote.patch
>  create mode 100644 recipes-extended/xen/files/vtpm-implicit-fallthrough.patch
>  create mode 100644 recipes-extended/xen/files/vtpm-locality.patch
>  create mode 100644 recipes-extended/xen/files/vtpm-parent-sign-ek.patch
>  create mode 100644 recipes-extended/xen/lwip.inc
>  create mode 100644 recipes-extended/xen/lwip_1.3.0.bb
>  create mode 100644 recipes-extended/xen/newlib.inc
>  create mode 100644 recipes-extended/xen/newlib_1.16.0.bb
>  create mode 100644 recipes-extended/xen/polarssl.inc
>  create mode 100644 recipes-extended/xen/polarssl_1.1.4.bb
>  create mode 100644 recipes-extended/xen/stubdom-gmp.inc
>  create mode 100644 recipes-extended/xen/stubdom-gmp_4.3.2.bb
>  create mode 100644 recipes-extended/xen/stubdom.inc
>  create mode 100644 recipes-extended/xen/tpm-emulator.inc
>  create mode 100644 recipes-extended/xen/tpm-emulator_0.7.4.bb
>  create mode 100644 recipes-extended/xen/xen-vtpm.inc
>  create mode 100644 recipes-extended/xen/xen-vtpm_1.0.bb
>
> --
> 2.14.2
>
>
> --
>
> *This email and all attachments are considered confidential and the
> proprietary information of BrainTrust Holdings.  Unauthorized disclosure is
> prohibited.  *
> --
> _______________________________________________
> meta-virtualization mailing list
> meta-virtualization at yoctoproject.org
> https://lists.yoctoproject.org/listinfo/meta-virtualization



-- 
"Thou shalt not follow the NULL pointer, for chaos and madness await
thee at its end"


More information about the meta-virtualization mailing list