This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


[Xen-devel] vTPM NVM, loadkey and trousers questions

To: xen-devel@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-devel] vTPM NVM, loadkey and trousers questions
From: "Tim Feld" <zolists@xxxxxx>
Date: Tue, 26 Aug 2008 22:58:02 +0200
Delivery-date: Tue, 26 Aug 2008 13:58:24 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
Hi everyone,

I am using Xen 3.2.1 with the vtpm-12-patch.diff patch posted in [0]. My TPM is 
an Infineon 1.2. In total I have got three different questions:

1. NVM loading problem at VM creation
When I am creating a VM the last few lines of the vtpm_manager output are:
TPMD[245]: tpm/tpm_startup.c:45: Info: TPM_Startup(1)
Loading NVM.
        Sending LoadNVM command
ERROR[VTPM]: Failed to load NVM
.INFO[VTPM]: [VTPM Listener]: VTPM Listener waiting for messages.
        Reading LoadNVM header

For every VM a new tpmd instance is created, ignoring the setting in my VM 
config file. In /var/vtpm are only two folders (fifos, socks) and two files 
(VTPM, vtpm.db). I am missing the one for non volatile memory. Any ideas what 
might be wrong here?

2. Using IAIK jTSS in VM (http://trustedjava.sourceforge.net/)
I want to use the jTSS in my VMs. Some simple operations like taking ownership, 
extending a PCR and creating keys are working, but there seems to be a problem 
when it comes to loading keys. 
For example, if I try to bind data after taking ownership using the jtpmtools 
example (jtt.sh bind) the operation fails. Java stack trace is:

TSS Error:
error layer:                0x00 (TPM)
error code (without layer): 0x1f
error code (full):          0x1f
error message: An IO error occurred transmitting information to the TPM


A lot of vtpm_manager output is produced. The last few lines are:
TPMD[6]: tpm/tpm_cmd_handler.c:4162: Debug: tpm_handle_command()
TPMD[6]: tpm/tpm_cmd_handler.c:3466: Debug: [TPM_TAG_RQU_AUTH1_COMMAND]
TPMD[6]: tpm/tpm_cmd_handler.c:3654: Debug: [TPM_ORD_LoadKey]
TPMD[6]: tpm/tpm_storage.c:526: Info: TPM_LoadKey()
TPMD[6]: tpm/tpm_storage.c:528: Debug: [ parentHandle=40000000 ]
TPMD[6]: tpm/tpm_cmd_handler.c:4117: Info: TPM command succeeded
ERROR[VTPM]: [Backend Listener]: Error reading from DMI. Aborting... 
INFO[VTPM]: [Backend Listener]: Backend Listener waiting for messages.

Let me know, if you need the whole output. From my understanding it says "TPM 
command succeeded". What's the matter with "Error reading from DMI"? On my real 
TPM the command is working. 

I also tried a self written application using jTSS. When trying to load a key 
vtpm_managers output finishes with:
TPMD[1]: tpm/tpm_cmd_handler.c:4162: Debug: tpm_handle_command()
TPMD[1]: tpm/tpm_cmd_handler.c:3466: Debug: [TPM_TAG_RQU_AUTH1_COMMAND]
TPMD[1]: tpm/tpm_cmd_handler.c:3654: Debug: [TPM_ORD_LoadKey]
TPMD[1]: tpm/tpm_storage.c:526: Info: TPM_LoadKey()
TPMD[1]: tpm/tpm_storage.c:528: Debug: [ parentHandle=40000000 ]
TPMD[1]: tpm/tpm_cmd_handler.c:4110: Info: TPM command failed: (0x0c) The key 
handle presented was invalid.
TPMD[1]: tpm/tpm_eviction.c:56: Info: TPM_FlushSpecific()
TPMD[1]: tpm/tpm_eviction.c:57: Debug: [ handle=02000000 resourceType=00000002 ]
TPMD[1]: tpmd.c:227: Debug: Sent[14]: 0 0 0 1 0 c4 0 0 0 a 0 0 0 c 

INFO[VTPM]: [Backend Listener]: Sending DMI's response to guest.
INFO[VTPM]: [Backend Listener]: Backend Listener waiting for messages.

Again this program is running well on a real TPM and I created the key which is 
tried to load before.

3. Trousers 0.2.9
IAIK provides a java wrapper to use the TPM. Unfortunately this is only working 
with trousers version 0.2.9. Using trousers 0.3.1 the tpm tools like 
tpm_version are working. But as mentioned, the wrapper is only compatible with 
Using that version (no matter if I apply IFX patch or not) the result of 
tpm_version is: 
Tspi_Context_Connect failed: 0x00003004 - layer=tsp, code=0004 (4), Internal 
software error
TCSD's output:
TCSD svrside.c:272 accepted socket 6
TCSD tcsd_threads.c:225 Rx'd packet
TCSD tcsd_wrap.c:4060 Dispatching ordinal 1
TCSD tcsd_wrap.c:366 thread b7c7eb90 servicing a tcs_wrap_OpenContext request
TCSD tcsd_threads.c:252 Sending 0x21 bytes back
TCS tcs_utils.c:1317 Socket connection closed.
TCSD tcsd_threads.c:264 Thread exiting.
TCS tcscm.c:40 Closing context A0907600
TCS tcscm.c:52 Context A0907600 closed

When I start tcsd the following output appears:
TDDL tddl.c:105 Calling write to driver
TDDL tddl.c:116 ioctl: (25) Inappropriate ioctl for device
TDDL tddl.c:117 Falling back to Read/Write device support.

Does anyone know if 0.2.9 is just outdated or should it be working and there is 
something else wrong?

Any hints are very welcome!

Thanks in advance


Ist Ihr Browser Vista-kompatibel? Jetzt die neuesten 
Browser-Versionen downloaden: http://www.gmx.net/de/go/browser

Der GMX SmartSurfer hilft bis zu 70% Ihrer Onlinekosten zu sparen! 
Ideal für Modem und ISDN: http://www.gmx.net/de/go/smartsurfer

Xen-devel mailing list

<Prev in Thread] Current Thread [Next in Thread>