Re: [Qemu-devel] [PATCH] hw/misc: Add simple measurement hardware

[Stefan Berger]

Matthew Garrett <address@hidden> wrote on 07/18/2016 08:39:07 PM:


> 
> On Jul 18, 2016 17:08, "Stefan Berger" <address@hidden> wrote:
> > The point of the TPM is that the device that holds the state of 
> the PCRs provides the signatures over their state rather than some 
> other 'entity' whose trustworthiness wouldn't be clear. Admittedly 
> the device comes with its own set of challenges.

> The hypervisor holds the PCR state and also provides the signature. 
> If the hypervisor is untrustworthy than the state of the virtualised
> system can never be verified, since it could simply have faked the 
> measurements passed to whatever the root of trust is. 

So the hypervisor will have the key for signing and provide the quote ?

   Stefan