Xen project Mailing List

Re: [Xen-users] IMA DOMU Kernel with VTPM

To: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>

From: Karthick R <karthick.ramachandran@xxxxxxxxx>

Date: Fri, 29 Nov 2013 12:18:23 -0500

Delivery-date: Fri, 29 Nov 2013 17:19:05 +0000

List-id: Xen user discussion <xen-users.lists.xen.org>

On Thu, Nov 14, 2013 at 9:58 AM, Daniel De Graaf <dgdegra@xxxxxxxxxxxxx> wrote:

This is past the point where userspace is up and working; you should be able
to add debugging output to your init scripts or the dispatcher script that
outputs that message. The exact method for doing this is distro-dependent and
should be independent of xen/vtpm issues.

You may want to look at what loads your real IMA-TCB policy (to replace the
initial measure-everything policy) or tcsd/trousers; nothing else should be
waiting on a TPM.

You could also add debug output in the driver or check that the vTPM is not
stuck processing a command (and causing the kernel to time out on extends).

Thank you Daniel for the pointers. The init script was hanging in the startpar line in RC script, that was spawning the other init scripts in parallel. I was not able to pin point the exact script in my installed distro (Debian Wheezy).

As the client distro is not very important for my experiments, I changed it to Ubuntu Quantal as DomU distro and now domU boots by logging the hashes as expected in securityfs.

I am at the same time curious if someone has got Debian Wheezy working with IMA and vTPM.

Thanks!

--
Karthick Ramachandran

_______________________________________________ Xen-users mailing list Xen-users@xxxxxxxxxxxxx http://lists.xen.org/xen-users