Browse Prior Art Database

Hot Pluggable TPM device

IP.com Disclosure Number: IPCOM000199839D
Publication Date: 2010-Sep-17
Document File: 2 page(s) / 69K

Publishing Venue

The IP.com Prior Art Database

Abstract

Trusted Platform Modules (TPMs) are traditionally hardware chips that are embedded onto systems at the time of manufacture. In such a context it is not feasible to dynamically add a TPM to a system whilst it is operational. This publication describes how by using a virtualised TPM device (vTPM) it is possible to dynamically add TPM functionality to a live system.

This text was extracted from a PDF file.
At least one non-text object (such as an image or picture) has been suppressed.
This is the abbreviated version, containing approximately 51% of the total text.

Page 1 of 2

Hot Pluggable TPM device

   Trusted Boot is a procedure for booting and establishing a chain of trust in a computing system. Using a secure device, e.g. a TPM (Trusted Platform Module) components of the boot can be cryptographically measured then stored in the TPM. The process is that each component measures and stores in the TPM the next boot component, this measurement is taken before control is transferred to the measured component. Once the system is running the chain of trust can be extracted for inspection by a remote system using a remote attestation procedure e.g. DAA (Direct Anonymous Attestation).

   Trusted Platform Modules (TPMs) are physical hardware devices that are connected to the host system. Whether or not a system has a TPM is determined during manufacturing. There is no capability to add this device to a system that does not already have one. Hence it is not possible to add the TPM capabilities "on-the-fly" to the Operating System of a system that is already booted. The problem this disclosure addresses is the ability to provide TPM services (namely secure storage, signing, cryptographic services) to a live Virtual Machine (VM)

without the

need to interrupt the VM's operation (through shutdown or reboot).

   IBM's Watson Research Laboratory has developed a virtual TPM (vTPM) i.e. one that is built purely in software. This is typically used to provide TPM capabilities to virtual machines that don't have access to physical TPM hardware. Adding vTPM capability to a VM is still an operation that must be performed whilst the VM is at-rest (i.e. shutdown).

   This invention is an extension to t...