This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


[Xen-devel] Infineon vtpm problem

To: xense-devel@xxxxxxxxxxxxxxxxxxx, xen-devel@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-devel] Infineon vtpm problem
From: Erdem Bayer <ebayer@xxxxxxxxxxxx>
Date: Wed, 27 Feb 2008 01:28:01 +0200
Delivery-date: Tue, 26 Feb 2008 15:26:06 -0800
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Thunderbird (X11/20071115)

I have successfully applied the patch mentioned here (http://lists.xensource.com/archives/html/xense-devel/2007-04/msg00005.html) to the xen v. 3.1.3 on an HP nx8325 with Infineon TPM.

I cleared the tpm, deleted /var/vtpm/VTPM file and rebooted.

After reboot, vtpm_managerd runs ok. (output is attched to the mail.)

I created a pv vm with the option vtpm = ['instance=1, backend=0'] The vm boots fine.

I installed trousers-0.3.1 and tpm-tools-1.3.1 from sources on the vm.

I run tcsd -f on the vm. (output is attched to the mail.)

I checkout and run the trousers test suite. 10 tests passed with 230 failed. (Is this expected?)

When I try tpm_takeownership on the vm, the command runs fine. (Although a strange warning appers on tcsd output which is attched).

But when I try tpm_sealdata < foo on the vm I get the following error.

Tspi_Key_LoadKey failed: 0x00003113 - layer=tsp, code=0113 (275), Authorization failed

But other tpm_version runs fine on vm.

tpm-test:~# tpm_version
 TPM 1.2 Version Info:
 Chip Version:
 Spec Level:          2
 Errata Revision:     94
 TPM Vendor ID:
 TPM Version:         01010000
 Manufacturer Info:   4554485a

Also this quote is from Xen User's Guide:

"Similarly, the TPM frontend driver must be compiled for the kernel trying to use TPM functionality. Its driver can be selected in the kernel configuration section Device Driver / Character Devices / TPM Devices. Along with that the TPM driver for the built-in TPM must be selected."

According to my understanding driver for the built-in TPM must be selected on the kernel where TPM frontend driver is used. Am I correct about this assumption? (The problem is tpm_infineon driver can not be selected on an unpriviledged kernel, it can only be selected on a priviledged kernel)

Am I missing something here? Why do I get auth errors?

Thanks in advance.

Erdem Bayer

Attachment: vtpm_managerd.out
Description: Text document

Attachment: tcsd.out
Description: Text document

Xen-devel mailing list