1. Technical Field
The present invention relates to a system and method that reports the trusted state of a virtual machine running on a computer system. More particularly, the present invention relates to a system and method that uses a hypervisor to provide virtual trusted platform modules (vTPMs) to perform trust activities for the virtual machines.
2. Description of the Related Art
Modern computer systems often employs “hypervisors” that allow multiple virtual machines, such as operating systems, to run on the host computer system. A hypervisor, also known as a “virtual machine monitor,” is a virtualization platform that provides an abstraction of hardware-based computer resources. The virtual machines (VMs) that run under the hypervisor run in a virtual environment where, from the point of view of the virtual machines, each virtual machine appears to occupy and control the entire computer system. The role of the hypervisor is to provide an interface to the higher level services, such hardware components. These hardware components can include a Trust Platform Module (TPM) which is a hardware module used to store secure information and provide cryptographic functions.
A TPM is a hardware chip embedded on the motherboard that can be used to authenticate a hardware device. Since each TPM chip is unique to a particular device, it is capable of performing platform authentication. It can be used to verify that the system seeking the access is the expected system.
A Trusted Platform Module offers facilities for secure generation of cryptographic keys, the abilities to limit the use of keys (to either signing/verification or encryption/decryption), as well as a hardware Random Number Generator. The TPM also performs functions of remote attestation, binding, and sealing. Remote attestation creates a theoretically unforgeable summary of the hardware, boot, and host O/S configuration of a computer, allowing a third party (such as a digital music store) to verify that the software has not been changed. Sealing encrypts data in such a way that it may be decrypted only in the exact same state (that is, it may be decrypted only on the computer it was encrypted running the same software). Binding encrypts data using the TPM Endorsement Key (a unique key embedded in the chip during the chip's production) or another ‘trusted’ key.
A challenge with using hypervisors and virtual machines in a computer system that includes a TPM is that the TPM is generally inaccessible from the virtual machines. One approach to this challenge is to use the hypervisor to pass requests from the virtual machines to the TPM and return the results. A challenge of this approach, however, is that, while the state of the system will different based upon the virtual machines that are running, these differences will not reflected in the hardware-based platform configuration registers (PCRs) maintained by the TPM.