Skip to content
This repository was archived by the owner on Sep 4, 2025. It is now read-only.
This repository was archived by the owner on Sep 4, 2025. It is now read-only.

TPM manufacturing #148

Open
Open
TPM manufacturing#148
@zvonkok

Description

@zvonkok
zvonkok
opened on Jan 25, 2024

Some high-level questions about the architecture:

  1. The vTPM is ephemeral; it will not save any state and is unique to each VM; stopping or rebooting the VM will erase any internal state?
  2. Is the EK private key created on each VM boot?
  3. How is the EK Cert created, and to which root authority does it chain? Which entity is doing an attestation report with the hash of the EK pub key to authenticate the vTPM, which would chain it to the Intel root key?
  4. How is the vTPM protected against OVMF/Kernel/Guest OS? In SEV-SNP there are VM privilege levels where a vTPM runs in VMPL0, OVMF,Kernel in VMLPL1 and so forth.
  5. Does the vTPM implement the TPM2.0 spec or only part of it?

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions