What is TPM and PV

Question

I am reading a paper about Qubes OS (security oriented operating system) and there are two acronyms that I do not understand - TPM and PV. Does anybody know what they should mean?

They are used in these sentences:

TPM

Those secrets are released to Dom0 by the TPM ...

...attacker should not be able to re-seal secrets in TPM ...

...TPM-based trusted/verified boot process...

...hypervisor would still be loaded and started, but TPM would not release the secret needed to decrypt the rest of the filesystems...

...are placed into special TPM registers...

If the measurements are correct they will later allow to unseal a secret from the TPM that will be needed to get access to various disk encryption keys.

... would need to unseal a secret from the TPM needed to decrypt the rest of the file systems

Even though the TPM-based verified boot process...

This authentication passphrase would, of course, be normally encrypted, and the decryption key should be sealed into the TPM...

and more...

PV

The I/O Emulation vs. PV drivers.

If one doesnʼt need to run HVM guests, e.g. Windows, and runs only PV guests in Xen...

...in case the user wants to use only PV guests...

...dedicated minimal PV domains.

A driver domain is an unprivileged PV-domain...

(that is for hosting PV driver backends...

... KVM doesnʼt support PV domains...

... if the user only uses the PV guests.

...support only for PV Linux)

...in a separate PV domain...

... it is a regular unprivileged PV domain.

...USB PV backends...

Answer 1

TPM = Trusted Platform Module

PV = Paravirtualized