Para-Virtualized TPM Sharing

  • Paul England
  • Jork Loeser
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4968)


We introduce a technique that allows a hypervisor to safely share a TPM among its guest operating systems. The design allows guests full use of the TPM in legacy-compliant or functionally equivalent form. The design also allows guests to use the authenticated-operation facilities of the TPM (attestation, sealed storage) to authenticate themselves and their hosting environment. Finally, our design and implementation makes use of the hardware TPM wherever possible, which means that guests can enjoy the hardware key protection offered by a physical TPM. In addition to superior protection for cryptographic keys our technique is also much simpler than a full soft-TPM implementation.

An important contribution of this paper is to show that a current TCG TPM 1.2 compliant TPM can be multiplexed easily and safely between multiple guest operating systems. However, the peculiar characteristics of the TPM mean that certain features (in particular those that involve PCRs) cannot be exposed unmodified, but instead need to be exposed in a functionally equivalent para-virtualized form. In such cases we provide an analysis of our reasoning on the right balance between the accuracy of virtualization, and the complexity of the resulting implementation.


Virtual Machine Trust Platform Module Trust Computing Group Guest Operating System Platform Configuration 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    King, S.T., Chen, P.M., Wang, Y.M., Verbowski, C., Wang, H.J., Lorch, J.R.: SubVirt: Implementing malware with virtual machines. In: IEEE Symposium on Security and Privacy, Oakland (May 2006)Google Scholar
  2. 2.
    Sadeghi, A.R., Christian Stüble, C.: Property-based Attestation for Computing Platforms: Caring about properties, not mechanisms. In: New Security Paradigms Workshop (September 2004)Google Scholar
  3. 3.
    Goldman, K.A., Berger, S.: TPM Main Part 3 – IBM Commands,
  4. 4.
    Berger, S., Cáceres, R., Goldman, K.A., Perez, R., Sailer, R., van Doorn, L.: vTPM: Virtualizing the Trusted Platform Module. In: 15th USENIX Security Symposium, Vancouver, Canada (August 2006)Google Scholar
  5. 5.
    Trusted Computing Group: TCG Software Stack (TSS) Specification – Version 1.10 Golden (2003)Google Scholar
  6. 6.
    Balacheff, B., et al.: Trusted Computing Platforms: TCPA Technology in Context. Prentice Hall (2002)Google Scholar
  7. 7.
    van Dijk, S., et al.: Virtual Monotonic Counters and Count-Limited Objects using a TPM without a Trusted OS (Extended Version). Technical Report MIT-CSAIL-TR-2006-064, MIT (September 2006)Google Scholar
  8. 8.
    Stamer, H., Strasser, M.: A Software-Based Trusted Platform Module Emulator. In: TRUST 2008, Villach, Austria (March 2008)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2008

Authors and Affiliations

  • Paul England
    • 1
  • Jork Loeser
    • 1
  1. 1.Microsoft CorporationRedmondUSA

Personalised recommendations