This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


RE: [Xense-devel] vtpm_managerd problem with Infineon TPM 1.2

To: "Maximilian Loy" <maximilian.loy@xxxxxxxxx>, <burakoguzs@xxxxxxxxx>
Subject: RE: [Xense-devel] vtpm_managerd problem with Infineon TPM 1.2
From: "Cihula, Joseph" <joseph.cihula@xxxxxxxxx>
Date: Thu, 5 Apr 2007 11:37:10 -0700
Cc: xense-devel@xxxxxxxxxxxxxxxxxxx
Delivery-date: Thu, 05 Apr 2007 11:35:49 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
In-reply-to: <59e676e40703260440y40af4104h2efe4ff9584c6c34@xxxxxxxxxxxxxx>
List-help: <mailto:xense-devel-request@lists.xensource.com?subject=help>
List-id: "A discussion list for those developing security enhancements for Xen." <xense-devel.lists.xensource.com>
List-post: <mailto:xense-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xense-devel>, <mailto:xense-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xense-devel>, <mailto:xense-devel-request@lists.xensource.com?subject=unsubscribe>
References: <59e676e40703260440y40af4104h2efe4ff9584c6c34@xxxxxxxxxxxxxx>
Sender: xense-devel-bounces@xxxxxxxxxxxxxxxxxxx
Thread-index: Acdvm7Y1A/DdkQVjRmOSwRf7AUGDtAGxiyDw
Thread-topic: [Xense-devel] vtpm_managerd problem with Infineon TPM 1.2
Max and Burak,
Sorry for the delay in responding (especially to Burak whose much
earlier posting we missed).  We don't have an Infineon TPM here to test
with, but the root cause of this error isn't specific to the TPM mfgr.
and we did verify it on our v1.2 TPMs.  Attached and inline is a patch
(including Vinnie's existing one) that should fix this problem.  You
should delete your /var/vtpm/VTPM file before re-running, but you don't
need to reset your owner.

Let me know how it works.  If this solves your problem then I will work
up an official patch that can support both v1.1b and v1.2 TPMs (this
patch will only work with v1.2 TPMs).

Vinnie Scarlata deserves all of the credit for root causing this and
providing the fix.


diff -r 15ff55aab051 tools/vtpm_manager/manager/vtpm_manager.c
--- a/tools/vtpm_manager/manager/vtpm_manager.c Mon Mar 05 15:15:03 2007
+++ b/tools/vtpm_manager/manager/vtpm_manager.c Thu Apr 05 10:23:46 2007
@@ -90,22 +90,19 @@ TPM_RESULT VTPM_Create_Manager(){
   CRYPTO_INFO ek_cryptoInfo;
   status = VTSP_ReadPubek(vtpm_globals->manager_tcs_handle,
   // If we can read PubEK then there is no owner and we should take it.
   // We use the abilty to read the pubEK to flag that the TPM is owned.
   // FIXME: Change to just trying to take ownership and react to the
   if (status == TPM_SUCCESS) { 
-    TPMTRYRETURN(VTSP_TakeOwnership(vtpm_globals->manager_tcs_handle,
-                                   (const
-                                   &SRK_AUTH,
-                                   &ek_cryptoInfo,
-                                   &vtpm_globals->keyAuth)); 
-                                       (const
-                                       &vtpm_globals->keyAuth));     
-  } else {
-    vtpmloginfo(VTPM_LOG_VTPM, "Failed to readEK meaning TPM has an
owner. Creating Keys off existing SRK.\n");
+    status = VTSP_TakeOwnership(vtpm_globals->manager_tcs_handle,
+                               (const
+                               &SRK_AUTH,
+                               &ek_cryptoInfo,
+                               &vtpm_globals->keyAuth);
+  }
+  if (status != TPM_SUCCESS) { 
+    vtpmloginfo(VTPM_LOG_VTPM, "TPM has an owner. Creating Keys off
existing SRK.\n");
   // Generate storage key's auth
diff -r 15ff55aab051 tools/vtpm_manager/manager/vtsp.c
--- a/tools/vtpm_manager/manager/vtsp.c Mon Mar 05 15:15:03 2007 -0800
+++ b/tools/vtpm_manager/manager/vtsp.c Thu Apr 05 10:24:01 2007 -0700
@@ -596,7 +596,7 @@ TPM_RESULT VTSP_LoadKey(const TCS_CONTEX
   vtpmloginfo(VTPM_LOG_VTSP, "Loading Key %s.\n", (!skipTPMLoad ? "into
TPM" : "only into memory"));
-  TPM_COMMAND_CODE command = TPM_ORD_LoadKey;
+  TPM_COMMAND_CODE command = TPM_ORD_LoadKey2;
   BYTE *paramText=NULL;        // Digest to make Auth.
   UINT32 paramTextSize;
@@ -634,10 +634,9 @@ TPM_RESULT VTSP_LoadKey(const TCS_CONTEX
                                       &phKeyHMAC) );
     // Verify Auth
-    paramTextSize = BSG_PackList(paramText, 3,
+    paramTextSize = BSG_PackList(paramText, 2,
                                 BSG_TPM_RESULT, &status,
-                                BSG_TPM_COMMAND_CODE, &command,
-                                BSG_TPM_HANDLE, newKeyHandle);
+                                BSG_TPM_COMMAND_CODE, &command);
     TPMTRYRETURN( VerifyAuth( paramText, paramTextSize,
                              parentAuth, auth, 
diff -r 15ff55aab051 tools/vtpm_manager/tcs/tcs.c
--- a/tools/vtpm_manager/tcs/tcs.c      Mon Mar 05 15:15:03 2007 -0800
+++ b/tools/vtpm_manager/tcs/tcs.c      Thu Apr 05 10:24:12 2007 -0700
@@ -901,7 +901,7 @@ TPM_RESULT TCSP_LoadKeyByBlob(TCS_CONTEX
   // setup input/output parameters block
   UINT32 paramSize = 0;
-  TPM_COMMAND_CODE ordinal = TPM_ORD_LoadKey;
+  TPM_COMMAND_CODE ordinal = TPM_ORD_LoadKey2;
   // setup the TPM driver input and output buffers
diff -r 15ff55aab051 tools/vtpm_manager/util/tcg.h
--- a/tools/vtpm_manager/util/tcg.h     Mon Mar 05 15:15:03 2007 -0800
+++ b/tools/vtpm_manager/util/tcg.h     Thu Apr 05 10:24:24 2007 -0700
@@ -250,6 +250,7 @@ typedef struct pack_constbuf_t {
 #define TPM_ORD_ReadManuMaintPub         (48UL + TPM_PROTECTED_ORDINAL)
 #define TPM_ORD_CertifyKey               (50UL + TPM_PROTECTED_ORDINAL)
 #define TPM_ORD_Sign                     (60UL + TPM_PROTECTED_ORDINAL)
+#define TPM_ORD_LoadKey2                 (65UL + TPM_PROTECTED_ORDINAL)
 #define TPM_ORD_GetRandom                (70UL + TPM_PROTECTED_ORDINAL)
 #define TPM_ORD_StirRandom               (71UL + TPM_PROTECTED_ORDINAL)
 #define TPM_ORD_SelfTestFull             (80UL + TPM_PROTECTED_ORDINAL)


        From: xense-devel-bounces@xxxxxxxxxxxxxxxxxxx
[mailto:xense-devel-bounces@xxxxxxxxxxxxxxxxxxx] On Behalf Of Maximilian
        Sent: Monday, March 26, 2007 4:40 AM
        To: xense-devel@xxxxxxxxxxxxxxxxxxx
        Subject: [Xense-devel] vtpm_managerd problem with Infineon TPM
        Hi everybody,
        i am having problems to get the vtpm_managerd (Xen to
work with the Infineon TPM 1.2 (platform is a HP nx6325).
        I was having the BAD_ORDINAL problems like discussed earlier on
this list, but i could solve them with applying the patch from: 
        This resulted in TPM_AUTHFAIL like in
        giving me the following output after taking the ownership:
        INFO[VTSP]: Loading Key into TPM.
        ERROR[TCS]: TCSP_LoadKeyByBlob Failed with return code
        ERROR in VTSP_LoadKey at vtsp.c:634 code: TPM_AUTHFAIL.
        ERROR in VTPM_Init_Manager at vtpm_manager.c:240 code:
        ERROR[VTPM]: Closing vtpmd due to error during startup.
        Maybe it has something to do with the patch, as the line 634 in
vtsp.c has been modified by it.
        Any help would be very appreciated!
        Best regards, Max 

Attachment: vtpm-12-patch.diff
Description: vtpm-12-patch.diff

Xense-devel mailing list