Hypervisors like Xen have virtual TPM (vTPM) support. In cloud environments, are there any implementations where such vTPM's are being used during remote attestation in addition to the host TPM based attestation in practice? What are the possible advantages/drawbacks of using vTPM's?
Asked
Active
Viewed 273 times
1 Answers
1
There is a very helpful document on this from IBM that can enlighten you on your query.
It is necessary to enable remote parties that have established trust in the initial environment to also establish trust in the vTPM environment at a later point in time. For example, the strong binding of TPM credentials to those of the hardware platform is important to challenging parties during remote attestation. The challenger must follow the trust chain from the target platform’s hardware TPM through a virtual TPM and into the runtime environment of the associated virtual machine.
Pay special attention to page 6.
Overmind
- 8,779
- 3
- 19
- 28