[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] some problems to start vTPM vtpm-stubdom

On 06/25/2013 07:52 AM, Xu, Quan wrote:
From: Ian Campbell [mailto:Ian.Campbell@xxxxxxxxxx]
Sent: Tuesday, June 25, 2013 5:16 PM
To: Xu, Quan
Cc: xen-users@xxxxxxxxxxxxx; Daniel De Graaf
Subject: Re: [Xen-users] some problems to start vTPM vtpm-stubdom

On Thu, 2013-06-20 at 03:18 +0000, Xu, Quan wrote:
Hi community,
    there are some problems to start vTPM vtpm-stubdom following

You might have better luck getting help with your problems if you CC the vTPM
maintainer as listed in the MAINTAINERS file in the source tree. I have added
Daniel here now.

     Thanks in advance. :)
     More resource will focus on it, my team will try to enable below 3 topics:
1. enable xen vTPM to allow programs to interact with a TPM in a virtual 
machine, the same way they interact with a TPM on the physical system.

This should be working for Linux domains (PV&HVM) with the PV driver for the 

2. intergrate xen vTPM in openstack cloud. virtual machine in OpenStack can 
work with Xen vTPM.
3. promote TPM 2.0 in Xen. Xen vTPM can run on TPM 2.0.

Just curious: do you mean using a hardware TPM 2.0, emulating a TPM 2.0, or 

  When I start vtpm-stbdom, the vtpmmgr-stubdom will print out:
ERROR[VTPM]: LoadKey failure: Unrecognized uuid!

This is just a message with a bad priority, assuming it's the first time you 
started this particular vTPM. Once the vTPM has run SaveHashKey, this should not
appear again for that UUID.

Eventually the TPM Manager will have a management interface used to create 
which can be used to provide evidence that a given vTPM's secrets were created
and only available in a given list of configurations.

ERROR[VTPM]: Failed to load key
ERROR in vtpmmgr_LoadHashKey at vtpm_cmd_handler.c:78 code:

tpm_cmd_handler.c:4113: Debug: tpm_emulator_init(1, 0x00000007)
vtpm_cmd.c:155: Info: Requesting Encryption key from backend
vtpm_cmd.c:164: Error: VTPM_LoadHashKey() failed with error code (3)
vtpm_cmd.c:175: Error: VTPM_LoadHashKey failed

Same error source here; the vTPM will generate new keys and save data once any
command has been processed.

tpm_data.c:120: Info: initializing TPM data to default values
tpm_startup.c:29: Info: TPM_Init()
tpm_testing.c:243: Info: TPM_SelfTestFull()
tpm_testing.c:39: Debug: tpm_test_prng()
tpm_testing.c:69: Debug: Monobit: 9922
tpm_testing.c:70: Debug: Poker:   17.6
tpm_testing.c:71: Debug: run_1:   2471, 2582
tpm_testing.c:72: Debug: run_2:   1364, 1259
tpm_testing.c:73: Debug: run_3:   616, 588
tpm_testing.c:74: Debug: run_4:   298, 331
tpm_testing.c:75: Debug: run_5:   139, 155
tpm_testing.c:76: Debug: run_6+:  163, 137
tpm_testing.c:77: Debug: run_34:  0
tpm_testing.c:111: Debug: tpm_test_sha1()
tpm_testing.c:157: Debug: tpm_test_hmac()
tpm_testing.c:184: Debug: tpm_test_rsa_EK()
tpm_testing.c:186: Debug: tpm_rsa_generate_key()
tpm_testing.c:191: Debug: testing endorsement key
tpm_testing.c:197: Debug: tpm_rsa_sign(RSA_SSA_PKCS1_SHA1)
tpm_testing.c:200: Debug: tpm_rsa_verify(RSA_SSA_PKCS1_SHA1)
tpm_testing.c:203: Debug: tpm_rsa_sign(RSA_SSA_PKCS1_DER)
tpm_testing.c:206: Debug: tpm_rsa_verify(RSA_SSA_PKCS1_DER)
tpm_testing.c:210: Debug: tpm_rsa_encrypt(RSA_ES_PKCSV15)
tpm_testing.c:214: Debug: tpm_rsa_decrypt(RSA_ES_PKCSV15)
tpm_testing.c:218: Debug: verify plain text
tpm_testing.c:221: Debug: tpm_rsa_encrypt(RSA_ES_OAEP_SHA1)
tpm_testing.c:225: Debug: tpm_rsa_decrypt(RSA_ES_OAEP_SHA1)
tpm_testing.c:229: Debug: verify plain text
tpm_testing.c:261: Info: Self-Test succeeded
tpm_startup.c:43: Info: TPM_Startup(1) ##################

Actually XSM is enabled, 'xl dmesg' can get below info:

XSM is not a requirement for using the vTPM domains, although it is helpful
to provide isolation of the keys contained in the vTPM.

(XEN) XSM Framework v1.0.0 initialized
(XEN) Policy len  0x25bf, start at ffff83021dffd000.
(XEN) Flask:  Initializing.
(XEN) Flask: 128 avtab hash slots, 276 rules.
(XEN) Flask: 128 avtab hash slots, 276 rules.
(XEN) Flask:  3 users, 3 roles, 39 types, 1 bools
(XEN) Flask:  11 classes, 276 rules
(XEN) Flask:  Starting in permissive mode.

Could you help me to fix it. Thanks in advance.


Xen-users mailing list

Daniel De Graaf
National Security Agency

Xen-users mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.