[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-users] [TPM, vTPM] Persistence of data on VM?

To: Xen-Users <xen-users@xxxxxxxxxxxxxxxxxxx>
From: Nicolas Muñoz <nicolas.munoz.zz@xxxxxxxxx>
Date: Mon, 7 Sep 2009 16:16:00 +0100
Delivery-date: Mon, 07 Sep 2009 08:16:43 -0700
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type; b=XhtpM0QccBXVMPObIYZk46EMf2GIWVeBA6YLkovM81etaOe/4dSuSd0TTfI/oxERA5 sHV3lY35pkrWMTtHKIZe4F2yh2GbCnaYOfdf0C5eIlO3RUxzwFO7WAHvB7JSvkw6+ylg r0y4oUFRM8puad4oS4SpI12ae7Ypphns6Jk+k=
List-id: Xen user discussion <xen-users.lists.xensource.com>

Hi,

In advance, sorry, I am not sure if it's the right mailing list to ask that, but as my question is half-way between Xen and trousers, I thought asking in both mailing lists would not be too much....

I am currently having a little problem finding out how to make work my seal/unseal things...
Running a Debian Lenny on top of Xen 3.5 unstable. with vtpm management enabled on my VM's, my wish is to make some sealing tests on my VM's/

So here are all the operations I do :

On the Dom0

/etc/inid.d/trousers stop # TrouSerS prevents use of the vtpm manager, becauser the vtpmm cant use the TPM is another application is already using it

xend start

vtpm_managerd &

vtpm_migratord &

On the DomU

modprobe tpm_xenu

tcsd start

tpm_takeownership -z # I know SRK passw trouble is fixed now, but I continue using the well known secret for a test purpose for now

echo "Secret test" | tpm_sealdata -o 0209091104.blob -z

So here I've got a blob that contains

-----BEGIN TSS-----
-----TSS KEY-----
[...]
-----ENC KEY-----
[...]
-----ENC DAT-----
[...]
-----END TSS-----

Then I can unseal it, just to test that it has been done correctly:

lenny-guest# tpm_unsealdata -i 200909071534.blob

-----
Secret test

-----

So it seems that everything went ok.

So I reboot my VM, do the modprobe and tcsd start again, and then, I expect my TPM to have kept the state I gave to it last time. But that doesn't seem to work. or else I am doing something wrong.

Is not the TPM_STRONG_PERSISTENCE of the Xen tpm emulator option supposed to allow automatic state save after each issued command on a VM?

After reboot, I have to take ownership again of my TPM, otherwise, I cant issue any of the command that I want to execute. Example:

echo "secret" | tpm_sealdata -o 200909071544.blob -z

results in

Tspi_Key_CreateKey failed: 0x00000003 - layer=tpm, code=0003 (3), Bad parameter

Any idea?

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

Prev by Date: Re: [Xen-users] Load Balancing of Xen Guest VMs
Next by Date: [Xen-users] IO caching at dom0 level
Previous by thread: [Xen-users] Migrating a phyical windows 2003 server to xen not working
Next by thread: [Xen-users] IO caching at dom0 level
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.