vtpm: add ordinal for obtaining an EK signature
For a vTPM to be useful for remote attestation, proof that the vTPM's EK
was generated and held within a secure vTPM implementation is necessary.
This patch adds an ordinal to the vTPM which will request a quote
providing this evidence from the TPM Manager; it only functions during
the first startup of a given vTPM in order to provide proof that the EK
was freshly generated (and not a key whose private part is available
elsewhere).
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Acked-by: Ian Campbell <ian.campbell@citrix.com>
projects / xen.git / commit