[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Xense-devel] vtpm_managerd problem

To: "Rozas, Carlos V" <carlos.v.rozas@xxxxxxxxx>
From: Stefan Berger <stefanb@xxxxxxxxxx>
Date: Wed, 6 Dec 2006 10:42:39 -0500
Cc: xense-devel@xxxxxxxxxxxxxxxxxxx
Delivery-date: Wed, 06 Dec 2006 07:42:49 -0800
List-id: "A discussion list for those developing security enhancements for Xen." <xense-devel.lists.xensource.com>

Carlos,

is either you or Vinnie maintaining the vtpm manager?

Stefan

"Rozas, Carlos V" <carlos.v.rozas@xxxxxxxxx> wrote on 12/05/2006 04:34:31 PM: > We had an initial prototype that moved the vtpm manager and instances into a
> separate security domain (called domS0). This allowed transparent operation
> for existing and future TPM infrastructures in dom0 and a good > direction long term.
> For the short term, I don't see a good solution other than porting > vtpm manager
> to use trousers. If you're interested, I am sure Vin and Stefan can > provide some
> pointers.....
>
> Carlos
> > From: xense-devel-bounces@xxxxxxxxxxxxxxxxxxx [mailto:xense-devel- > bounces@xxxxxxxxxxxxxxxxxxx] On Behalf Of Burak OÐUZ > Sent: Tuesday, December 05, 2006 1:12 PM > To: Stefan Berger > Cc: xense-devel@xxxxxxxxxxxxxxxxxxx > Subject: Re: [Xense-devel] vtpm_managerd problem
> > > > Burak OÐUZ <burakoguzs@xxxxxxxxx> wrote on 12/05/2006 11:25:26 AM: > > > > > Stefan > > > > > > ----------> I have compiled the xen kernel again and made 'modprobe > > tpmbk' but in the vtpm_managerd it gives the same error again. > > > > dungeon linux-2.6.16.29-xen # vtpm_managerd > > INFO[VTPM]: Starting VTPM. > > INFO[TCS]: Constructing new TCS: > > ERROR[TXDATA]: TPM open failedERROR in VTPM_Init_Manager at > > vtpm_manager.c:205 code: TPM_IOERROR. > > ERROR[VTPM]: Closing vtpmd due to error during startup > > > > But when I shutdown the trousers, the behaviour of the > vtpm_managerdchanges: > > Oh, you are running trousers in domain-0. I think you cannot do this > since the vtpm manager will try to talk to /dev/tpm0 directly and > trousers is blocking that device. vtpm_managerd would have to be > changed to talk to the TPM indirectly through trousers. > > ----> Are there any options that I can use the vtpm_managerd > with trousers? How can I manage vtpm_managerd run with trousers? > Because I need trousers on domain-0. > > > > > dungeon burak # vtpm_managerd > > INFO[VTPM]: Starting VTPM. > > INFO[TCS]: Constructing new TCS: > > INFO[TCS]: Calling TCS_OpenContext: > > INFO[VTSP]: OIAP. > > ERROR[VTPM]: Failed to load service data with error = TPM_IOERROR > > INFO[VTPM]: Failed to read manager file. Assuming first time initialization > > INFO[VTSP]: Reading Public EK. > > ERROR[TCS]: TCSP_ReadPubek Failed with return code TPM_DISABLED_CMD > > ERROR in VTSP_ReadPubek at vtsp.c:264 code: TPM_DISABLED_CMD. > > INFO[VTPM]: Failed to readEK meaning TPM has an owner. Creating Keys > > off exg SRK. > > INFO[VTSP]: OSAP. > > INFO[VTSP]: Creating new key of type 20. > > INFO[VTSP]: Creating Binding Key... > > ERROR[TCS]: TCSP_CreateWrapKey Failed with return code TPM_AUTHFAIL > > ERROR in VTSP_CreateWrapKey at vtsp.c:557 code: TPM_AUTHFAIL. > > ERROR in VTPM_Create_Manager at vtpm_manager.c:134 code: TPM_AUTHFAIL. > > > > I have checked that after modprobing the tpmbk there created vtpm device. > > > > dungeon linux-2.6.16.29-xen # ll /dev/vtpm > > crw-rw---- 1 root root 10, 225 Ara 5 17:57 /dev/vtpm > > > > Also it does not modprobe the tpm_xenu > > > > dungeon burak # modprobe tpm_xenu > > FATAL: Error inserting tpm_xenu (/lib/modules/2.6.16.29- > > xen/kernel/drivers/char/tpm/tpm_xenu.ko): Operation not permitted > > Are you trying to do this in domain-0? The tpm_xenu does not work there. > You can use the domain-0 kernel in a user domain and if you copy the > tpm_xenu module into the guest domain, then you should be able to do this. > > ------> OK. > > After that you should be able to start the trouser in the guest domain. > > Stefan > > -----> Thanks again.. > > > > > > > > > What will be the problem? > > > > Thanks again > > > > Best Regards.. > > > > --burak > > > > Everyone is raving about the all-new Yahoo! Mail beta. > > _______________________________________________ > > Xense-devel mailing list > > Xense-devel@xxxxxxxxxxxxxxxxxxx > > http://lists.xensource.com/xense-devel > > > > > > Everyone is raving about the all-new Yahoo! Mail beta.
> > > Any questions? Get answers on any topic at Yahoo! Answers. Try it now.

_______________________________________________
Xense-devel mailing list
Xense-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xense-devel

References:
- RE: [Xense-devel] vtpm_managerd problem
  - From: Rozas, Carlos V

Prev by Date: [Xense-devel] Vtpm_manager getting TPM_NOSPACE
Next by Date: RE: [Xense-devel] vtpm_managerd problem
Previous by thread: RE: [Xense-devel] vtpm_managerd problem
Next by thread: Re: [Xense-devel] vtpm_managerd problem
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.