|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xense-devel] vtpm_managerd problem with Infineon TPM 1.2
xense-devel-bounces@xxxxxxxxxxxxxxxxxxx wrote on 04/06/2007 03:52:12 PM: > So now i found two mistakes i made: > First the TPM was not correctly activated. > Second, yesterday i created a /dev/vtpm directory because > vtpm_manager was complaining he couldnt access it. I removed it. > > The problem is now, that i dont get a /dev/vtpm entry when i > modprobe tpmbk, although lsmod shows that it is running. > Unless you reboot your machine and do a modprobe tpmbk again you will need to do mknod /dev/vtpm c 10 225 to get that device entry. The TPM backend device is a 'permanent' device and cannot be 'rmmod'ed. Stefan > 2007/4/6, Cihula, Joseph <joseph.cihula@xxxxxxxxx>: > Hopefully if you unload tpmbk, delete your current /dev/vtpm entry, > and then re- modprobe tpmbk it will create the proper entry for you. > > It also looks like there is one more v1.1b command in the code > (TPM_EvictKey). Since the basic v1.2 patch worked for you, I will > generate a patch that can handle both versions and fix the > TPM_EvictKey usage in the v1.2 path of this new patch (rather than > sending out another v1.2 only patch). > > Joe > > From: xense-devel-bounces@xxxxxxxxxxxxxxxxxxx [mailto:xense-devel- > bounces@xxxxxxxxxxxxxxxxxxx] On Behalf Of Stefan Berger > Sent: Friday, April 06, 2007 12:07 PM > To: Maximilian Loy > Cc: xense-devel-bounces@xxxxxxxxxxxxxxxxxxx; xense-devel@xxxxxxxxxxxxxxxxxxx > Subject: Re: [Xense-devel] vtpm_managerd problem with Infineon TPM 1.2 > > xense-devel-bounces@xxxxxxxxxxxxxxxxxxx wrote on 04/06/2007 02:53:48 PM: > > > > > > So, the patch solves the earlier problem, but another one surfaced. > > > When i start vtpm_manager i get this output after it has > > > loaded/created the keys: > > > > > > ERROR[VTPM]: VTPM ERROR: Can't open /dev/vtpm for reading. > > > ERROR[VTPM]: [Backend Listener]: Backend Listener can't read from > > > ipc. Aborting... > > > .... > > > > Did you do 'modprobe tpmbk'? That should make /dev/vtpm available. > > > > I did, and lsmod shows me tpmbk running, as well as the tpm drivers: > > tpmbk 17724 0 [permanent] > > tpm_tis 14592 0 > > tpm_infineon 12312 0 > > tpm 18848 2 tpm_tis,tpm_infineon > > tpm_bios 10368 1 tpm > > > > Although the /dev/vtpm directory exists, it is completly empty. Is > > this normal? > > /dev/vtpm is a character device, not a directory. > > 'ls /dev/vtpm' should show something like this: > > crw------- 1 root root 10, 225 Apr 6 11:50 /dev/vtpm > > > Stefan > > > > > Regards, > > Max > > > > > > > > > > > I get this message again and again till i abort it: > > > > > > INFO[VTPM]: [BINFO[VTPM]: Child shutting down > > > INFO[VTPM]: VTPM Manager shutting down for signal 2. > > > INFO[VTPM]: Enveloping Input[624]: 0x2 c5 94 f9 e4 fa 88 e0 a4 8d 43 > > > a3 b1 35 ee 43 3d 5e 5e f 50 e1 51 7a 59 9f cb 70 a4 fb 3c b5 41 56 > > > ad 5d e2 37 3b a5 > > > ........ > > > 6a 96 5b 1e 6b da a5 f4 ea 22 98 10 b0 b1 c8 b2 7c 27 10 51 a3 da 0 > > > 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 > > > INFO[VTSP]: Binding 16 bytes of data. > > > INFO[VTPM]: Saved 256 bytes of E(symkey) + 656 bytes of E(data) > > > INFO[VTPM]: Enveloping Output[920]: 0x0 0 1 0 3a 85 a0 a2 7f cb 9a > > > 1c 85 2b 6c ec 76 5c 2f 59 57 fd 16 94 1c c2 e a3 9b d1 b4 25 ca 4a > > > f 5f 21 f2 2e 1f f4 ...... > > > 88 1c 13 35 47 d8 e b0 93 1a b5 d2 d f1 5e ed ea 7e 69 2e b4 c2 21 > > > f2 da 34 5c ea a5 6d f6 > > > INFO[VTPM]: Child shutting down > > > INFO[VTPM]: Saved VTPM Manager state (status = 0, dmis = -1) > > > INFO[TCS]: Calling TCS_CloseContext. > > > INFO[VTPM]: Child shutting down > > > ERROR[TCS]: TCSP_EvictKey Failed with return code TPM_BAD_ORDINAL > > > ERROR[TCS]: Not all handles evicted from TPM. > > > INFO[TCS]: Destructing TCS: > > > INFO[TCS]: Calling TCS_CloseContext. > > > INFO[VTPM]: VTPM Manager stopped. > > > > > > > > > So i tried to solve the problem by clearing the ownership and > > > deleting /var/vtpm/VTPM, but with the same result. > > > > > > The /dev/vtpm directory is empty now with the following access rights: > > > drwxrwxr-x 2 root root 4096 Apr 5 22:15 vtpm > > > > > > lsmod shows me tpmbk running, as well as the tpm drivers: > > > tpmbk 17724 0 [permanent] > > > tpm_tis 14592 0 > > > tpm_infineon 12312 0 > > > tpm 18848 2 tpm_tis,tpm_infineon > > > tpm_bios 10368 1 tpm > > > > > > > > > Maybe that helps. > > > > > > Regards, > > > Max > > > > > > > > 2007/4/5, Cihula, Joseph <joseph.cihula@xxxxxxxxx>: > > > Max and Burak, > > > > > > Sorry for the delay in responding (especially to Burak whose much > > > earlier posting we missed). We don't have an Infineon TPM here to test > > > with, but the root cause of this error isn't specific to the TPM mfgr. > > > and we did verify it on our v1.2 TPMs. Attached and inline is a patch > > > (including Vinnie's existing one) that should fix this problem. You > > > should delete your /var/vtpm/VTPM file before re-running, but you don't > > > need to reset your owner. > > > > > > Let me know how it works. If this solves your problem then I will work > > > up an official patch that can support both v1.1b and v1.2 TPMs (this > > > patch will only work with v1.2 TPMs). > > > > > > Vinnie Scarlata deserves all of the credit for root causing this and > > > providing the fix. > > > > > > Joe > > > > > > Patch: > > > > > > diff -r 15ff55aab051 tools/vtpm_manager/manager/vtpm_manager.c > > > --- a/tools/vtpm_manager/manager/vtpm_manager.c Mon Mar 05 15:15:03 2007 > > > -0800 > > > +++ b/tools/vtpm_manager/manager/vtpm_manager.c Thu Apr 05 10:23:46 2007 > > > -0700 > > > @@ -90,22 +90,19 @@ TPM_RESULT VTPM_Create_Manager(){ > > > CRYPTO_INFO ek_cryptoInfo; > > > > > > status = VTSP_ReadPubek(vtpm_globals->manager_tcs_handle, > > > &ek_cryptoInfo); > > > - > > > + > > > // If we can read PubEK then there is no owner and we should take it. > > > // We use the abilty to read the pubEK to flag that the TPM is owned. > > > // FIXME: Change to just trying to take ownership and react to the > > > status > > > if (status == TPM_SUCCESS) { > > > - TPMTRYRETURN(VTSP_TakeOwnership(vtpm_globals->manager_tcs_handle, > > > - (const > > > TPM_AUTHDATA*)&vtpm_globals->owner_usage_auth, > > > - &SRK_AUTH, > > > - &ek_cryptoInfo, > > > - &vtpm_globals->keyAuth)); > > > - > > > - > > > TPMTRYRETURN(VTSP_DisablePubekRead(vtpm_globals->manager_tcs_handle, > > > - (const > > > TPM_AUTHDATA*)&vtpm_globals->owner_usage_auth, > > > - &vtpm_globals->keyAuth)); > > > - } else { > > > - vtpmloginfo(VTPM_LOG_VTPM, "Failed to readEK meaning TPM has an > > > owner. Creating Keys off existing SRK.\n"); > > > + status = VTSP_TakeOwnership(vtpm_globals->manager_tcs_handle, > > > + (const > > > TPM_AUTHDATA*)&vtpm_globals->owner_usage_auth, > > > + &SRK_AUTH, > > > + &ek_cryptoInfo, > > > + &vtpm_globals->keyAuth); > > > + } > > > + if (status != TPM_SUCCESS) { > > > + vtpmloginfo(VTPM_LOG_VTPM, "TPM has an owner. Creating Keys off > > > existing SRK.\n"); > > > } > > > > > > // Generate storage key's auth > > > diff -r 15ff55aab051 tools/vtpm_manager/manager/vtsp.c > > > --- a/tools/vtpm_manager/manager/vtsp.c Mon Mar 05 15:15:03 2007 -0800 > > > +++ b/tools/vtpm_manager/manager/vtsp.c Thu Apr 05 10:24:01 2007 -0700 > > > @@ -596,7 +596,7 @@ TPM_RESULT VTSP_LoadKey(const TCS_CONTEX > > > vtpmloginfo(VTPM_LOG_VTSP, "Loading Key %s.\n", (!skipTPMLoad ? "into > > > TPM" : "only into memory")); > > > > > > TPM_RESULT status = TPM_SUCCESS; > > > - TPM_COMMAND_CODE command = TPM_ORD_LoadKey; > > > + TPM_COMMAND_CODE command = TPM_ORD_LoadKey2; > > > > > > BYTE *paramText=NULL; // Digest to make Auth. > > > UINT32 paramTextSize; > > > @@ -634,10 +634,9 @@ TPM_RESULT VTSP_LoadKey(const TCS_CONTEX > > > &phKeyHMAC) ); > > > > > > // Verify Auth > > > - paramTextSize = BSG_PackList(paramText, 3, > > > + paramTextSize = BSG_PackList(paramText, 2, > > > BSG_TPM_RESULT, &status, > > > - BSG_TPM_COMMAND_CODE, &command, > > > - BSG_TPM_HANDLE, newKeyHandle); > > > + BSG_TPM_COMMAND_CODE, &command); > > > > > > TPMTRYRETURN( VerifyAuth( paramText, paramTextSize, > > > parentAuth, auth, > > > diff -r 15ff55aab051 tools/vtpm_manager/tcs/tcs.c > > > --- a/tools/vtpm_manager/tcs/tcs.c Mon Mar 05 15:15:03 2007 -0800 > > > +++ b/tools/vtpm_manager/tcs/tcs.c Thu Apr 05 10:24:12 2007 -0700 > > > @@ -901,7 +901,7 @@ TPM_RESULT TCSP_LoadKeyByBlob(TCS_CONTEX > > > // setup input/output parameters block > > > TPM_TAG tag = TPM_TAG_RQU_AUTH1_COMMAND; > > > UINT32 paramSize = 0; > > > - TPM_COMMAND_CODE ordinal = TPM_ORD_LoadKey; > > > + TPM_COMMAND_CODE ordinal = TPM_ORD_LoadKey2; > > > TPM_RESULT returnCode = TPM_SUCCESS; > > > > > > // setup the TPM driver input and output buffers > > > diff -r 15ff55aab051 tools/vtpm_manager/util/tcg.h > > > --- a/tools/vtpm_manager/util/tcg.h Mon Mar 05 15:15:03 2007 -0800 > > > +++ b/tools/vtpm_manager/util/tcg.h Thu Apr 05 10:24:24 2007 -0700 > > > @@ -250,6 +250,7 @@ typedef struct pack_constbuf_t { > > > #define TPM_ORD_ReadManuMaintPub (48UL + TPM_PROTECTED_ORDINAL) > > > #define TPM_ORD_CertifyKey (50UL + TPM_PROTECTED_ORDINAL) > > > #define TPM_ORD_Sign (60UL + TPM_PROTECTED_ORDINAL) > > > +#define TPM_ORD_LoadKey2 (65UL + TPM_PROTECTED_ORDINAL) > > > #define TPM_ORD_GetRandom (70UL + TPM_PROTECTED_ORDINAL) > > > #define TPM_ORD_StirRandom (71UL + TPM_PROTECTED_ORDINAL) > > > #define TPM_ORD_SelfTestFull (80UL + TPM_PROTECTED_ORDINAL) > > > > > > > > > ________________________________ > > > > > > From: xense-devel-bounces@xxxxxxxxxxxxxxxxxxx > > > [mailto:xense-devel-bounces@xxxxxxxxxxxxxxxxxxx] On Behalf Of Maximilian > > > Loy > > > Sent: Monday, March 26, 2007 4:40 AM > > > To: xense-devel@xxxxxxxxxxxxxxxxxxx > > > Subject: [Xense-devel] vtpm_managerd problem with Infineon TPM > > > 1.2 > > > > > > > > > Hi everybody, > > > > > > i am having problems to get the vtpm_managerd (Xen 3.0.4.1) to > > > work with the Infineon TPM 1.2 (platform is a HP nx6325). > > > > > > I was having the BAD_ORDINAL problems like discussed earlier on > > > this list, but i could solve them with applying the patch from: > > > > > > http://lists.xensource.com/archives/html/xense-devel/2006-12/msg00020.ht > > > ml > > > > > > This resulted in TPM_AUTHFAIL like in > > > > > > http://lists.xensource.com/archives/html/xense-devel/2006-12/msg00024.ht > > > ml > > > giving me the following output after taking the ownership: > > > ... > > > INFO[VTSP]: Loading Key into TPM. > > > ERROR[TCS]: TCSP_LoadKeyByBlob Failed with return code > > > TPM_AUTHFAIL > > > ERROR in VTSP_LoadKey at vtsp.c:634 code: TPM_AUTHFAIL. > > > ERROR in VTPM_Init_Manager at vtpm_manager.c:240 code: > > > TPM_AUTHFAIL. > > > ERROR[VTPM]: Closing vtpmd due to error during startup. > > > > > > Maybe it has something to do with the patch, as the line 634 in > > > vtsp.c has been modified by it. > > > > > > Any help would be very appreciated! > > > > > > Best regards, Max > > > > > > > _______________________________________________ > > > Xense-devel mailing list > > > Xense-devel@xxxxxxxxxxxxxxxxxxx > > > http://lists.xensource.com/xense-devel > > _______________________________________________ > > Xense-devel mailing list > > Xense-devel@xxxxxxxxxxxxxxxxxxx > > http://lists.xensource.com/xense-devel > _______________________________________________ > Xense-devel mailing list > Xense-devel@xxxxxxxxxxxxxxxxxxx > http://lists.xensource.com/xense-devel _______________________________________________ Xense-devel mailing list Xense-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xense-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |