1. Field
The present invention relates generally to the data processing field. Specifically, the present invention provides a computer implemented method, a data processing system, and a computer program product for migrating a virtual Trusted Platform Module instance.
2. Description of the Related Art
The Trusted Computing Group has defined the functionality and protocol for a hardware module called the Trusted Platform Module (TPM). This piece of hardware offers security and cryptographic functionality to computer systems such as, for example, asymmetric key generation, decryption, encryption, signing, sealing and binding of data to the state of the TPM, migration of keys between TPMs, random number generation and hashing functionality. A TPM also holds state in forms of stored keys, non-volatile memory areas and platform configuration registers.
Many hardware vendors ship their computing systems equipped with a TPM soldered to the motherboard, which allows widespread usage of the TPM by operating systems such as Linux® or Windows®.
The interest in support for trusted computing on virtualizeable systems is growing as hardware virtualization becomes available for common, off the shelf hardware. Being able to run multiple operating systems on one machine will not remain an area reserved for high-end servers but will become widely available. To support trusted computing for each operating system on a virtualized system, a virtual Trusted Platform Module is preferred to be made available that makes each such operating system think that it is talking to its own private TPM.
Virtualization support for an operating system is enabled through an additional software layer underneath operating systems running on a platform. Whereas usually operating systems are running directly on the hardware, in a virtualizeable system a layer called a ‘hypervisor’ or ‘virtual machine monitor’ is implementing a virtual machine where an operating system can be run inside. The hypervisor becomes the lowest software layer in the system.
Modern virtualization technologies enable the migration of a virtual machine from one platform to another one. If the operating system inside the virtual machine is associated with a virtual TPM, then that virtual TPM is desired to be able to migrate its state to the new platform such that TPM functionality is available on the target platform.