[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] some problems to start vTPM vtpm-stubdom

To: "Xu, Quan" <quan.xu@xxxxxxxxx>
From: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>
Date: Mon, 01 Jul 2013 17:38:54 -0400
Cc: "xen-users@xxxxxxxxxxxxx" <xen-users@xxxxxxxxxxxxx>, Ian Campbell <Ian.Campbell@xxxxxxxxxx>
Delivery-date: Mon, 01 Jul 2013 21:40:13 +0000
List-id: Xen user discussion <xen-users.lists.xen.org>

On 06/25/2013 07:52 AM, Xu, Quan wrote:

From: Ian Campbell [mailto:Ian.Campbell@xxxxxxxxxx]
Sent: Tuesday, June 25, 2013 5:16 PM
To: Xu, Quan
Cc: xen-users@xxxxxxxxxxxxx; Daniel De Graaf
Subject: Re: [Xen-users] some problems to start vTPM vtpm-stubdom

On Thu, 2013-06-20 at 03:18 +0000, Xu, Quan wrote:

Hi community,
    there are some problems to start vTPM vtpm-stubdom following
docs/misc/vtpm.txt.


You might have better luck getting help with your problems if you CC the vTPM
maintainer as listed in the MAINTAINERS file in the source tree. I have added
Daniel here now.


Campbell,
     Thanks in advance. :)
     More resource will focus on it, my team will try to enable below 3 topics:
1. enable xen vTPM to allow programs to interact with a TPM in a virtual 
machine, the same way they interact with a TPM on the physical system.


This should be working for Linux domains (PV&HVM) with the PV driver for the 
vTPM.

2. intergrate xen vTPM in openstack cloud. virtual machine in OpenStack can 
work with Xen vTPM.
3. promote TPM 2.0 in Xen. Xen vTPM can run on TPM 2.0.


Just curious: do you mean using a hardware TPM 2.0, emulating a TPM 2.0, or 
both?

  When I start vtpm-stbdom, the vtpmmgr-stubdom will print out:
===
ERROR[VTPM]: LoadKey failure: Unrecognized uuid!
69743ae0-9d4a-4ad6-9819-e602085b6792


This is just a message with a bad priority, assuming it's the first time you 
have
started this particular vTPM. Once the vTPM has run SaveHashKey, this should not
appear again for that UUID.

Eventually the TPM Manager will have a management interface used to create 
vTPMs,
which can be used to provide evidence that a given vTPM's secrets were created
and only available in a given list of configurations.

ERROR[VTPM]: Failed to load key
ERROR in vtpmmgr_LoadHashKey at vtpm_cmd_handler.c:78 code:

TPM_BAD_PARAMETER.

===

[...]

tpm_cmd_handler.c:4113: Debug: tpm_emulator_init(1, 0x00000007)
vtpm_cmd.c:155: Info: Requesting Encryption key from backend
vtpm_cmd.c:164: Error: VTPM_LoadHashKey() failed with error code (3)
vtpm_cmd.c:175: Error: VTPM_LoadHashKey failed


Same error source here; the vTPM will generate new keys and save data once any
command has been processed.

tpm_data.c:120: Info: initializing TPM data to default values
tpm_startup.c:29: Info: TPM_Init()
tpm_testing.c:243: Info: TPM_SelfTestFull()
tpm_testing.c:39: Debug: tpm_test_prng()
tpm_testing.c:69: Debug: Monobit: 9922
tpm_testing.c:70: Debug: Poker:   17.6
tpm_testing.c:71: Debug: run_1:   2471, 2582
tpm_testing.c:72: Debug: run_2:   1364, 1259
tpm_testing.c:73: Debug: run_3:   616, 588
tpm_testing.c:74: Debug: run_4:   298, 331
tpm_testing.c:75: Debug: run_5:   139, 155
tpm_testing.c:76: Debug: run_6+:  163, 137
tpm_testing.c:77: Debug: run_34:  0
tpm_testing.c:111: Debug: tpm_test_sha1()
tpm_testing.c:157: Debug: tpm_test_hmac()
tpm_testing.c:184: Debug: tpm_test_rsa_EK()
tpm_testing.c:186: Debug: tpm_rsa_generate_key()
tpm_testing.c:191: Debug: testing endorsement key
tpm_testing.c:197: Debug: tpm_rsa_sign(RSA_SSA_PKCS1_SHA1)
tpm_testing.c:200: Debug: tpm_rsa_verify(RSA_SSA_PKCS1_SHA1)
tpm_testing.c:203: Debug: tpm_rsa_sign(RSA_SSA_PKCS1_DER)
tpm_testing.c:206: Debug: tpm_rsa_verify(RSA_SSA_PKCS1_DER)
tpm_testing.c:210: Debug: tpm_rsa_encrypt(RSA_ES_PKCSV15)
tpm_testing.c:214: Debug: tpm_rsa_decrypt(RSA_ES_PKCSV15)
tpm_testing.c:218: Debug: verify plain text
tpm_testing.c:221: Debug: tpm_rsa_encrypt(RSA_ES_OAEP_SHA1)
tpm_testing.c:225: Debug: tpm_rsa_decrypt(RSA_ES_OAEP_SHA1)
tpm_testing.c:229: Debug: verify plain text
tpm_testing.c:261: Info: Self-Test succeeded
tpm_startup.c:43: Info: TPM_Startup(1) ##################


Actually XSM is enabled, 'xl dmesg' can get below info:


XSM is not a requirement for using the vTPM domains, although it is helpful
to provide isolation of the keys contained in the vTPM.


(XEN) XSM Framework v1.0.0 initialized
(XEN) Policy len  0x25bf, start at ffff83021dffd000.
(XEN) Flask:  Initializing.
(XEN) AVC INITIALIZED
(XEN) Flask: 128 avtab hash slots, 276 rules.
(XEN) Flask: 128 avtab hash slots, 276 rules.
(XEN) Flask:  3 users, 3 roles, 39 types, 1 bools
(XEN) Flask:  11 classes, 276 rules
(XEN) Flask:  Starting in permissive mode.

Could you help me to fix it. Thanks in advance.



Quan,Xu
Intel



_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxx
http://lists.xen.org/xen-users



--
Daniel De Graaf
National Security Agency

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxx
http://lists.xen.org/xen-users

Follow-Ups:
- Re: [Xen-users] some problems to start vTPM vtpm-stubdom
  - From: Xu, Quan

Prev by Date: Re: [Xen-users] Alternative XEN kernel for CentOS 6.x?
Next by Date: Re: [Xen-users] Xen 4.2.2 /etc/init.d/xendomains save and restore of domains does not work
Previous by thread: [Xen-users] Odd domU Reboot Bug (possibly VGA passthrough related)
Next by thread: Re: [Xen-users] some problems to start vTPM vtpm-stubdom
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.