[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-users] Not able to get Virtual TPM working with Xen,

To: xen-users@xxxxxxxxxxxxxxxxxxx
From: Sharath Babu <sharathx@xxxxxxxxx>
Date: Fri, 30 Sep 2005 05:16:26 +0530
Delivery-date: Thu, 29 Sep 2005 23:44:10 +0000
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:mime-version:content-type; b=RzkSjlNvN/XrWCIP4pSqNaaFTiuE5lgghw8eCZEwccuG9D3+XrEzrjHpFhJi8/Bbz/iaG4/4xKyPyUaT0bMyoMnyIJpC7gyrJ2D/zaiwRL39uECtrrxw4Lh8rAZvUybkhS+/Ycltw9IWIePWvog/lgKTiNwLbA0GKQWJOQkcHLQ=
List-id: Xen user discussion <xen-users.lists.xensource.com>

Hi All,

Please read the following steps involved in installing and configuring my Xen box with V-TPM enabled, which I am not able to make it work.

Host Linux Distro - CentOS 4.1
Guest Linux distros - Centos 4.1, SUSE
TPM module - TPM emulator

Downloads:
gmp-4.1.4
xen-instable-src.tgz (downloaded on 29/9/2005)
bridge-utils-1.0.6.tar.gz

compiled and installed gmp-4.1.4 and bridge-utils.

Now coming to Xen..
Configured Dom0 kernel with TPM BE enabled, and with TPM hardware support, National semiconductor TPM and ATMEL TPM inerfaces as modules.
Configured DomU kernel with TPM FE enabled, TPM support for xen and Xen TPM interface.

Compiled and installed the newly configured kernels.

Installing TPM emulator:

cd ../tools/vtpm
make
make insatll
This will download TPM emulator version 0.2 and applies following patches,
--------------------------------
tpm_emulator-0.2b-x86_64.patch
vtpm.patch
--------------------------------

and also this will create "vtpmd"

now..
cd tpm_emulator
#make
#make insatll

This would create /dev/tpm0.
And also creates tpm_emulator module

#modinfo tpm_emulator //gives the following
-----------------------------------
[root@localhost log]# modinfo tpm_emulator
filename:       /lib/modules/2.6.12-xen0/extra/tpm_emulator.ko
license:        GPL
author:         Mario Strasser <mast@xxxxxxx>
description:    Trusted Platform Module (TPM) Emulator
parmtype:       startup:s
parm:           startup: Sets the startup mode of the TPM. Possible values are 'clear', 'save' (default) and 'deactivated.
parmtype:       storage_file:s
parm:           storage_file: Sets the persistent-data storage file of the TPM.
vermagic:       2.6.12-xen0 preempt 686 gcc-3.4
depends:
vermagic:       2.6.12-xen0 preempt 686 gcc-3.4
depends:
-----------------------------------------

Now compiled the vtpm_manager to get the "vtpm_managerd" by

cd ../tools/vtpm_manager
#make
#make install

reBooted to my Xen.
Ran
#xend start
xend started without any problems.
tested DomU by creating a domain with SUSE. it started fine. so I shutdown this VM.

did
#modprobe tpm_emulator statrup="clean"

To check whether the TPM emulator is loaded fine or not, downloaded the TPM drivers and tools from IBM site:
http://www.research.ibm.com/gsal/tcpa/tpm-1.1b.tar.gz

compiled and used the following command
#./tcpa_demo
---------------------------------------------
[root@localhost examples]# ./tcpa_demo
TPM successfully reset
TPM version 1.2.0.0
24 PCR registers are available
PCR-00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR-01: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR-02: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR-03: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR-04: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR-05: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR-06: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR-07: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR-08: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR-09: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR-10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR-11: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR-12: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR-13: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR-14: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR-15: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR-16: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR-17: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR-18: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR-19: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR-20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR-21: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR-22: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR-23: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
5 Key slots are available
Key Handle 1000000 loaded
Key Handle 1000001 loaded
Key Handle 1000002 loaded
Key Handle 1000003 loaded
Key Handle 1000004 loaded
[root@localhost examples]
-------------------------------------------------------------------

Now started vtpm_managerd
#vtpm_managerd

----------------------------------------------------
INFO[VTPM]: Starting VTPM.
INFO[TCS]: Constructing new TCS:
INFO[TCS]: Calling TCS_OpenContext:
INFO[VTSP]: OIAP.
ERROR[VTPM]: Failed to load service data with error = TPM_IOERROR
INFO[VTPM]: Attempting Pubek Read. NOTE: Failure is ok.
INFO[VTSP]: Reading Public EK.
ERROR[TCS]: TCSP_ReadPubek Failed with return code TPM_DISABLED_CMD
ERROR in VTSP_ReadPubek at vtsp.c:229 code: TPM_DISABLED_CMD.
INFO[VTSP]: OSAP.
INFO[VTSP]: Creating new key of type 20.
INFO[VTSP]: Creating Binding Key...
INFO[VTPM]: Finished initialized new VTPM service (Status = 0).
INFO[VTSP]: Loading Key.
INFO[VTPM]: Creating new DMI instance 0 attached on domain 0.
INFO[TCS]: Calling TCS_OpenContext:
INFO[VTPM]: [1]: Waiting for Guest requests & ctrl messages.
ERROR[VTPM]: [1]: Can't open inbound fh.
INFO[VTPM]: [2]: Waiting for DMI messages.

---------------------------------------------------

Now My question is, is this supposed to stop at "INFO[VTPM]: [2]: Waiting for DMI messages."
I dont have a machine with onboard TPM, so thats the reason Iam using a TPM emulator, but emulator seems to be working fine.

I start my VM and login to it,
and do a
cat /sys/devices/vtpm/pcrs
--------------------------------------------------------
cat: /sys/devices/vtpm/pcrs: No such file or directory

-bash-3.00# cd /sys/devices/vtpm/
-bash-3.00# ls
cancel caps pcrs pubek
-bash-3.00#
--------------------------------------------------------

VM cofiguration file
----------------------------------------------
kernel = "/boot/vmlinuz-2.6-xenU"
memory = 128
name = "centos"
nics = 1
dhcp = "dhcp"
disk = ['file:/downloads/Images/centos.4-1.img,sda1,w', 'file:/downloads/Images/centos.swap,sda2,w']
root = "/dev/sda1 ro"
vtpm = [ 'instance=1,backend=0' ]
vif = [ 'backend=0']
-----------------------------------------------------

This should be showing me all the 24 PCR registers, are there any issues with the drivers, or my installation procedure has some problem???? Please correct me if i have made some mistake in installation

HELP.....

Regards,
Sharath

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

Prev by Date: [Xen-users] Kernel panic - not syncing: Attempted to kill init!
Next by Date: Re: [Xen-users] Kernel panic - not syncing: Attempted to kill init!
Previous by thread: [Xen-users] Kernel panic - not syncing: Attempted to kill init!
Next by thread: [Xen-users] mini-os: please help make this compile
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.