Virtual Trusted Platform modules (TPMs) were proposed as a software-basedalternative to the hardware-based TPMs to allow the use of their cryptographicfunctionalities in scenarios where multiple TPMs are required in a singleplatform, such as in virtualized environments. However, virtualizing TPMs,especially virutalizing the Platform Configuration Registers (PCRs), strikesagainst one of the core principles of Trusted Computing, namely the need for ahardware-based root of trust. In this paper we show how strength ofhardware-based security can be gained in virtual PCRs by binding them to theircorresponding hardware PCRs. We propose two approaches for such a binding. Forthis purpose, the first variant uses binary hash trees, whereas the othervariant uses incremental hashing. In addition, we present an FPGA-basedimplementation of both variants and evaluate their performance.
展开▼
