1. Field of the Invention
The present invention relates generally to an improved data processing system and, in particular, to a method, apparatus, and computer program product for data storage protection using cryptography. Still more particularly, the present invention relates generally to a method, apparatus, and computer program product for asserting physical presence to a trusted platform module in a hypervisor environment.
2. Description of Related Art
Most data processing systems contain sensitive data and sensitive operations that need to be protected. For example, the integrity of configuration information needs to be protected from illegitimate modification, while other information, such as a password file, needs to be protected from illegitimate disclosure. As another example, a data processing system needs to be able to reliably identify itself to other data processing systems.
An operator of a given data processing system may employ many different types of security mechanisms to protect the data processing system. For example, the operating system on the data processing system may provide various software mechanisms to protect sensitive data, such as various authentication and authorization schemes, while certain hardware devices and software applications may rely upon hardware mechanisms to protect sensitive data, such as hardware security tokens and biometric sensor devices.
The integrity of a data processing system's data and its operations, however, centers around the issue of trust. A data processing system's data and operations can be verified or accepted by another entity if that entity has some manner for establishing trust with the data processing system with respect to particular data items or particular operations.
Hence, the ability to protect a data processing system is limited by the manner in which trust is created or rooted within the data processing system. To address the issues of protecting data processing systems, a consortium of companies has formed the Trusted Computing Group (TCG) to develop and to promulgate open standards and specifications for trusted computing. According to the specifications of the Trusted Computing Group, trust within a given data processing system or trust between a data processing system and another entity is based on the existence of a hardware component within the data processing system that has been termed the trusted platform module (TPM).
A trusted platform enables an entity to determine the state of the software environment in that platform and to seal data to a particular software environment in that platform. The entity deduces whether the state of the computing environment in that platform is acceptable before performing a transaction with that platform. To enable this, the trusted platform provides integrity metrics, also known as integrity measurements, to the entity that reflects the integrity of the software state of the trusted platform, and the integrity measurements require a root of trust within the computing platform. In order for a system to be a trusted platform, the integrity measurements must be taken from the Core Root of Trust for Measurements and extended through the initial program load (IPL) process up to the point at which the operating system is initialized.
A trusted platform module (TPM) has been generally described in a platform-independent manner, but platform-specific descriptions have been created for certain classes of systems, such as personal computers (PCs). Existing hardware for trusted computing has focused on implementations for a single trusted platform module for a single system.
There are some TCG commands that require the physical presence of a user before the TPM will execute the commands. For these commands, “physical presence” must be asserted before the commands will be executed. Physical presence of a user is typically proven by having a user depress a key or depress a particular key sequence.
It may be desirable, however, for a remote computer system to act as a proxy for a user without actually requiring the user to be physically present when “physical presence” is established with the TPM, such as in a computer cluster. Therefore, it would be advantageous to have a mechanism in an environment, that includes a high-performance trusted platform module (TPM), for enabling a hardware management console (HMC) to successfully establish “physical presence” to the TPM so that the TPM will execute commands that require “physical presence” be asserted as a prerequisite before being executed.