This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


[Xen-devel] [PATCH 7/12] VTPM mini-os: vtpm_manager bug fixes and change

To: "xen-devel@xxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxx>
Subject: [Xen-devel] [PATCH 7/12] VTPM mini-os: vtpm_manager bug fixes and changes
From: Matthew Fioravante <matthew.fioravante@xxxxxxxxxx>
Date: Fri, 11 Mar 2011 17:59:46 -0500
Delivery-date: Fri, 11 Mar 2011 15:03:50 -0800
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv: Gecko/20101208 Thunderbird/3.1.7
This is a rather large path for vtpm_managerd. It can be broken up if requested but seeing as nobody else seems to be maintaining the vtpm code I don't think anyone will mind.

Bug fixes:
-A new routine to flush all handles from the tpm everytime vtpm_managerd is started. Previously if the manager would crash it would leave stale keys and auth handles in the tpm. After restarting the manager several times and letting it crash, the tpm would run out of memory and the manager would fail to start with a TPM_NO_SPACE error.
-Several memory errors fixed such as uninitialized reads and memory leaks.
-Fixed the signal handler to work with blocking IO and threads correctly. Previously the manager would not shutdown correctly when you tried to Ctrl+C close it on 64 bit. -Removal of VTPM_MULTI_VM #defines. These were supposed to be a partial implementation for a way to run vtpms in multiple domains but it was never finished. It doesn't appear there has been any development on this for several years. Since vtpm-stubdom performs this functionality I removed these #defines and #ifdefs to make the code a little cleaner.

VTPM Stubdom functionality:
-New vTPM ordinals: VTPM_SAVE_KEY and VTPM_LOAD_KEY. The vtpm domains encrypt their persistent state themselves, they only request the manager to store the key. -#define VTPM_STUBDOM will build the manager in stubdom mode. The manager can only work in either vtpm-stubdom or vtpmd mode. You cannot combine them. Clearing out the manager state will be required.
# rm /var/vtpm/VTPM /var/vtpm/vtpm_dm*
-See the vtpm-stubdom patch for more info

Hotplug fixes:
-Changes to how the ipc pipes are setup and used to avoid hanging in the hotplug system. -vtpmmgrtalk: A c program for the dom0 scripts to correctly speak to the vtpm manager. The next patch which fixes hotplug errors requires this program.

Build changes:
-Changed the way certain pieces of the vtpm manager are built. This allows pieces of it to be included
in vtpmmgrdom.

-vtpmconnd: A simple program to pass tpm commands from the xen tpm backend in dom0 to the hardware tpm. This is needed if you don't want to passthrough the tpm directly to vtpmmgrdom (see the vtpmmgrdom patch for more information).

Signed off by: Matthew Fioravante <matthew.fioravante@xxxxxxxxxx>

Attachment: 7-vtpm_managerd.patch
Description: Text Data

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

Xen-devel mailing list
<Prev in Thread] Current Thread [Next in Thread>
  • [Xen-devel] [PATCH 7/12] VTPM mini-os: vtpm_manager bug fixes and changes, Matthew Fioravante <=