[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] vTPM issues


  • To: Emil Condrea <emilcondrea@xxxxxxxxx>
  • From: Marcos Simà Picà <marcossp@xxxxxx>
  • Date: Thu, 25 Jun 2015 19:18:11 +0000
  • Accept-language: es-ES, sv-SE, en-US
  • Cc: "xen-devel@xxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxx>
  • Delivery-date: Fri, 26 Jun 2015 05:39:06 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xen.org>
  • Thread-index: AQHQroyBg0rMbpTYf0ym8P/4IY3nP528wSwAgAAtzZj//+NuAIAAI8HD///kowCAAJ3ugA==
  • Thread-topic: [Xen-devel] vTPM issues

It worked straight away on Ubuntu 15.04. 

Thanks a lot for your advice.
On 25 Jun 2015, at 11:52, Emil Condrea <emilcondrea@xxxxxxxxx> wrote:

Timeouts have the standard values.
Good luck with installing 15.04.

On Thu, Jun 25, 2015 at 12:34 PM, Marcos Simà Picà <marcossp@xxxxxx> wrote:

Okay, /etc/tpm0 is present.

The timeout values are:

752000 2000000 752000 752000 [adjusted]


I have no problem actually upgrading to Ubuntu 15.04 if that might solve the problem.


Thanks a lot for your reply again.


De: Emil Condrea <emilcondrea@xxxxxxxxx>
Enviado: jueves, 25 de junio de 2015 11:22
Para: Marcos Simà PicÃ
Cc: xen-devel@xxxxxxxxxxxxx
Asunto: Re: [Xen-devel] vTPM issues
 
Sorry, I misspelled, I meant /dev/tpm0 not /etc/tpm0
I remember that once I had this problem when almost all trousers commands
were returning internal software error in domU.
Can you check what are the timeout values?
cat /sys/devices/vtpm-0/timeouts

I remember that there was a bug in ubuntu 14.04 regarding tpm driver.
You could try 14.04.2. I am using Ubuntu 15.04 as domU guest and tpm comands
run succesfully.

On Thu, Jun 25, 2015 at 12:10 PM, Marcos Simà Picà <marcossp@xxxxxx> wrote:

Yes, I'm indeed using pv guests. After running #tcsd -f & I get:

TCSD TDDL ioctl: (25) Inappropriate ioctl for device
TCSD TDDL Falling back to Read/Write device support.
TCSD trousers 0.3.5git: TCSD up and running.


I don't know if the problem might be there. When I invoke tpm_takeownership -z -y -l debug it returns exactly the same messages I sent in my previous email. 


On the other hand, /sys/devices/vtpm-0 is present, but /etc/tpm0 is not.


Thanks for your reply.



De: Emil Condrea <emilcondrea@xxxxxxxxx>
Enviado: jueves, 25 de junio de 2015 10:21
Para: Marcos Simà PicÃ
Cc: xen-devel@xxxxxxxxxxxxx; Xu, Quan
Asunto: Re: [Xen-devel] vTPM issues
 
I guess you are using pv guests, I don't know exactly if Quan finished development for hvm.
I suggest to take a look at tcsd log:
pkill tcsd
tcsd -f &
tpm_takeownership -z -y -l debug
Also can you see if /sys/devices/vtpm-0 and /dev/tpm0 are present?

On Wed, Jun 24, 2015 at 6:16 PM, Marcos Simà Picà <marcossp@xxxxxx> wrote:

Hello everyone,


I would like to try the vTPM feature, but I'm having some issues. Basically, I followed the steps explained in https://mhsamsal.wordpress.com/2013/12/05/configuring-virtual-tpm-vtpm-for-xen-4-3-guest-virtual-machines/


I'm running Ubuntu 14.04 as Dom0 on a Dell optiplex-9020. I compiled Xen 4.5.0 from source. After creating vtpmmgr and vtpm stubdoms, and DomU, I can invoke tpm_version from DomU:


root@DomU:/home/xen# tpm_version
  TPM 1.2 Version Info:
  Chip Version:        1.2.0.7
  Spec Level:          2
  Errata Revision:     1
  TPM Vendor ID:       ETHZ
  TPM Version:         01010000
  Manufacturer Info:   4554485a


I can also see the PCRs status by invoking cat /sys/class/misc/tpm0/device/pcrs, however, most of the commands return an error. When I invoke takeownership I get the following error:


root@DomU:/home/xen# tpm_takeownership -y -z -l debug
Tspi_Context_Create success
Tspi_Context_Connect success
Tspi_Context_GetTpmObject success
Tspi_GetPolicyObject success
Tspi_Policy_SetSecret success
Tspi_Context_CreateObject success
Tspi_GetPolicyObject success
Tspi_Policy_SetSecret success
Tspi_TPM_TakeOwnership failed: 0x00002004 - layer=tcs, code=0004 (4), Internal software error
Tspi_Context_CloseObject success
Tspi_Context_FreeMemory success
Tspi_Context_Close success


The same error is given when invoking tpm_getpubkey. I have already tried after clearing the TPM from BIOS, after having taken ownership and with ownership no taken with the same result when using the vTPM. I have also installed Xen 4.3.4, with the same result too.


In the end, I would like to use the vTPM to generate and use RSA keys for TLS session establishing (using the API provided with GnuTLS). Since I cannot take ownership of the vTPM, the GnuTLS' tpmtool complains it doesn't find any SRK.


I really appreciate any help you can provide.


Best regards,

Marcos


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel





_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.