Installation of KVM Tboot and Libvirt

Reference: http://www.ibm.com/developerworks/cn/aix/systemmaga/8/New_Way_Secure_Cloud/index.html (Tboot)

Https://en.wikipedia.org/wiki/Trusted_Execution_Technology (TXT technology)

Tboot Introduction:

Why use this technique please refer to the first link.

Tboot Full Name trusted boot translation is a trusted guide, it is based on the TXT (trusted excution technology) technology to start the host system to be trusted to detect, specific technical implementation details refer to the above two links. Since the system boot to detect, then obviously, tboot to boot before the kernel boot, because my system is based on grub boot, so my experiment is to modify the grub.conf to replace the boot sequence, if useful other programs boot, please modify according to the actual situation.

The TXT technology requires hardware support and relies on the VT and vt-d technologies, so you need to turn on the two when you turn on the function, and one is the TPM (Trusted Platform Module Trusted platform), which is used to store the software's fingerprint information, Each time the software starts, it detects and compares the fingerprint information to see if there is a risk.

Tboot installation using:

1. Turn on the function of the TXT technology

BIOS options are located at: Advanced-->processor Configuration-->intel (R) TXT

VT and Vt-d:advanced-->processor configuration--> Intel (R) virtualization technology and Intel (R) VT for Direct I/O

Tpm:security-->TPM administartive Control

2. Kernel Support

[Email protected] ~]# grep-i-E "TXT|TCG|IOMMU|VIRTUAL|TPM"/boot/config-2.6.32-431.el6.x86_64 view

Config_have_intel_txt=y

Config_gart_iommu=y

Config_calgary_iommu=y

# Config_calgary_iommu_enabled_by_default is not set

Config_amd_iommu=y

Config_amd_iommu_stats=y

Config_iommu_helper=y

Config_iommu_api=y

Config_tcg_tpm=y

Config_tcg_tis=y

Config_tcg_nsc=m

Config_tcg_atmel=m

Config_tcg_infineon=m

# Config_regulator_virtual_consumer is not set

Config_fb_virtual=m

# config_debug_virtual is not set

# Config_iommu_debug is not set

# config_iommu_stress is not set

Onfig_intel_txt=y

Config_virtualization=y

Config_tcg_tpm=y

3. Installing Tboot

Yum Install Tboot-y

4. Modify Grub.conf

Default=0

Timeout=5

Splashimage= (hd0,0)/grub/splash.xpm.gz

Hiddenmenu

Title CentOS (2.6.32-431.el6.x86_64)

Root (hd0,0)

Kernel/tboot.gz logging=vga,serial,memory

module/vmlinuz-2.6.32-431.el6.x86_64 ro root=uuid=c492ad38-5c04-46e2-bddb-7b05428e16fa Rd_NO_LUKS rd_NO_LVM LANG=en _us. UTF-8 rd_no_md sysfont=latarcyrheb-sun16 crashkernel=auto keyboardtype=pc keytable=us Rd_NO_DM rhgb quiet

Module/initramfs-2.6.32-431.el6.x86_64.img

Module/wsm_sinit_100407_rel.bin

Here the Grub bootloader first loads the tboot.gz, and the kernel and initrd of the meta-shell are switched to module mode, Wsm_sinit_100407_rel.bin is the Sinit AC module of the current system, need to go to the hardware supplier to obtain, You can also choose not to have the function of this module, not to load

5. Get ownership of a trusted platform

Modprobe Tpm_infineon #这个是tpm的硬件驱动, some tpm_tis, etc.

TCSD #启动tpm守护进程

6. View txt execution status

Txt_stat partial results are as follows:

***********************************************************

TXT measured Launch:true

Secrets Flag Set:true

***********************************************************

Libvirt Introduction: Reference: http://libvirt.org/

Suppose such a scenario: we do not understand English, and want to make a deal with the Americans, then what are we to solve? One is that we learn English by ourselves, which is undoubtedly a waste of time, and the other is to ask for a translator, this is much quicker.

Libvirt's role is similar to the above scenario of translation, upper user space directly and hypervisor deal with more complex, and Libvirt is to block the underlying hypervisor details, for the upper management tools to provide a unified, more stable interface (API). And this libvirt is a multi-lingual translation of these scenarios, supporting a variety of virtualization scenarios such as KVM, Xen, LXC, and more.

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/8C/24/wKioL1hjfQmic1rZAAH3Qn4mZOM676.png "title=" 378{ 7ta56%covds8hhfyiny.png "alt=" Wkiol1hjfqmic1rzaah3qn4mzom676.png "/>

Several important concepts of libvirt are as follows:

Node: It's actually a physical machine that may run multiple virtual machines

Hypervisor: Also known as VMM, is the software that implements virtualization, such as Kvm,xen

Domain: is a virtual machine, also known as instance (instance)

Installation of Libvirt:

Yum install LIBYAJL yajl-devel libxml* device-mapper* libpciaccess-devel libnl-devel-y

wget HTTP://LIBVIRT.ORG/SOURCES/LIBVIRT-2.5.0.TAR.XZ

Tar XF libvirt-2.5.0.tar.xz

CD libvirt-2.5.0

./configure--help

./configure--prefix=/usr/local/libvirt

Make && make install

Libvirt installation is very simple, mainly configure will prompt missing a lot of libraries, at this time can be Yum list all |grep "Lib_keyword" view the library's keywords, find the corresponding library installation, Yum is my system is missing, summed up for reference.

Installation of KVM Tboot and Libvirt