Be the first to like this
OpenXT is a Xen-based client virtualization platform that provides a DRTM environment using the TPM, Tboot, and Intel TXT. Within the past few years, the TPM 2.0 specification has been finalized enough such that the majority of new hardware ships with a 2.0 module. Therefore, it was imperative that the OpenXT project leverage the significant improvements to security and features that TPM 2.0 provides. This presentation seeks to detail and examine the implementation challenges we faced during the course of development, including the integration of a new set of TPM tools from Intel, modifications to Tboot, 'layered' sealing, and handling the many nuances of the TPM 2.0 spec as it applies to OpenXT. It is our hope that this knowledge may contribute to the adoption of TPM 2.0 in a wider variety of security-focused projects.