Re: [Xense-devel] vtpm_managerd problem with Infineon TPM 1.2

xense-devel-bounces@xxxxxxxxxxxxxxxxxxx wrote on 04/06/2007 02:53:48 PM: > > > So, the patch solves the earlier problem, but another one surfaced. > > When i start vtpm_manager i get this output after it has > > loaded/created the keys: > > > > ERROR[VTPM]: VTPM ERROR: Can't open /dev/vtpm for reading. > > ERROR[VTPM]: [Backend Listener]: Backend Listener can't read from > > ipc. Aborting... > > .... > > Did you do 'modprobe tpmbk'? That should make /dev/vtpm available.
> > I did, and lsmod shows me tpmbk running, as well as the tpm drivers: > tpmbk 17724 0 [permanent] > tpm_tis 14592 0 > tpm_infineon 12312 0 > tpm 18848 2 tpm_tis,tpm_infineon > tpm_bios 10368 1 tpm > > Although the /dev/vtpm directory exists, it is completly empty. Is > this normal?

/dev/vtpm is a character device, not a directory.

'ls /dev/vtpm' should show something like this:

crw------- 1 root root 10, 225 Apr 6 11:50 /dev/vtpm

Stefan
> > Regards, > Max
> > > > > > I get this message again and again till i abort it: > > > > INFO[VTPM]: [BINFO[VTPM]: Child shutting down > > INFO[VTPM]: VTPM Manager shutting down for signal 2. > > INFO[VTPM]: Enveloping Input[624]: 0x2 c5 94 f9 e4 fa 88 e0 a4 8d 43 > > a3 b1 35 ee 43 3d 5e 5e f 50 e1 51 7a 59 9f cb 70 a4 fb 3c b5 41 56 > > ad 5d e2 37 3b a5 > > ........ > > 6a 96 5b 1e 6b da a5 f4 ea 22 98 10 b0 b1 c8 b2 7c 27 10 51 a3 da 0 > > 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 > > INFO[VTSP]: Binding 16 bytes of data. > > INFO[VTPM]: Saved 256 bytes of E(symkey) + 656 bytes of E(data) > > INFO[VTPM]: Enveloping Output[920]: 0x0 0 1 0 3a 85 a0 a2 7f cb 9a > > 1c 85 2b 6c ec 76 5c 2f 59 57 fd 16 94 1c c2 e a3 9b d1 b4 25 ca 4a > > f 5f 21 f2 2e 1f f4 ...... > > 88 1c 13 35 47 d8 e b0 93 1a b5 d2 d f1 5e ed ea 7e 69 2e b4 c2 21 > > f2 da 34 5c ea a5 6d f6 > > INFO[VTPM]: Child shutting down > > INFO[VTPM]: Saved VTPM Manager state (status = 0, dmis = -1) > > INFO[TCS]: Calling TCS_CloseContext. > > INFO[VTPM]: Child shutting down > > ERROR[TCS]: TCSP_EvictKey Failed with return code TPM_BAD_ORDINAL > > ERROR[TCS]: Not all handles evicted from TPM. > > INFO[TCS]: Destructing TCS: > > INFO[TCS]: Calling TCS_CloseContext. > > INFO[VTPM]: VTPM Manager stopped. > > > > > > So i tried to solve the problem by clearing the ownership and > > deleting /var/vtpm/VTPM, but with the same result. > > > > The /dev/vtpm directory is empty now with the following access rights: > > drwxrwxr-x 2 root root 4096 Apr 5 22:15 vtpm > > > > lsmod shows me tpmbk running, as well as the tpm drivers: > > tpmbk 17724 0 [permanent] > > tpm_tis 14592 0 > > tpm_infineon 12312 0 > > tpm 18848 2 tpm_tis,tpm_infineon > > tpm_bios 10368 1 tpm > > > > > > Maybe that helps. > > > > Regards, > > Max > > > > > 2007/4/5, Cihula, Joseph <joseph.cihula@xxxxxxxxx>: > > Max and Burak, > > > > Sorry for the delay in responding (especially to Burak whose much > > earlier posting we missed). We don't have an Infineon TPM here to test > > with, but the root cause of this error isn't specific to the TPM mfgr. > > and we did verify it on our v1.2 TPMs. Attached and inline is a patch > > (including Vinnie's existing one) that should fix this problem. You > > should delete your /var/vtpm/VTPM file before re-running, but you don't > > need to reset your owner. > > > > Let me know how it works. If this solves your problem then I will work > > up an official patch that can support both v1.1b and v1.2 TPMs (this > > patch will only work with v1.2 TPMs). > > > > Vinnie Scarlata deserves all of the credit for root causing this and > > providing the fix. > > > > Joe > > > > Patch: > > > > diff -r 15ff55aab051 tools/vtpm_manager/manager/vtpm_manager.c > > --- a/tools/vtpm_manager/manager/vtpm_manager.c Mon Mar 05 15:15:03 2007 > > -0800 > > +++ b/tools/vtpm_manager/manager/vtpm_manager.c Thu Apr 05 10:23:46 2007 > > -0700 > > @@ -90,22 +90,19 @@ TPM_RESULT VTPM_Create_Manager(){ > > CRYPTO_INFO ek_cryptoInfo; > > > > status = VTSP_ReadPubek(vtpm_globals->manager_tcs_handle, > > &ek_cryptoInfo); > > - > > + > > // If we can read PubEK then there is no owner and we should take it. > > // We use the abilty to read the pubEK to flag that the TPM is owned. > > // FIXME: Change to just trying to take ownership and react to the > > status > > if (status == TPM_SUCCESS) { > > - TPMTRYRETURN(VTSP_TakeOwnership(vtpm_globals->manager_tcs_handle, > > - (const > > TPM_AUTHDATA*)&vtpm_globals->owner_usage_auth, > > - &SRK_AUTH, > > - &ek_cryptoInfo, > > - &vtpm_globals->keyAuth)); > > - > > - > > TPMTRYRETURN(VTSP_DisablePubekRead(vtpm_globals->manager_tcs_handle, > > - (const > > TPM_AUTHDATA*)&vtpm_globals->owner_usage_auth, > > - &vtpm_globals->keyAuth)); > > - } else { > > - vtpmloginfo(VTPM_LOG_VTPM, "Failed to readEK meaning TPM has an > > owner. Creating Keys off existing SRK.\n"); > > + status = VTSP_TakeOwnership(vtpm_globals->manager_tcs_handle, > > + (const > > TPM_AUTHDATA*)&vtpm_globals->owner_usage_auth, > > + &SRK_AUTH, > > + &ek_cryptoInfo, > > + &vtpm_globals->keyAuth); > > + } > > + if (status != TPM_SUCCESS) { > > + vtpmloginfo(VTPM_LOG_VTPM, "TPM has an owner. Creating Keys off > > existing SRK.\n"); > > } > > > > // Generate storage key's auth > > diff -r 15ff55aab051 tools/vtpm_manager/manager/vtsp.c > > --- a/tools/vtpm_manager/manager/vtsp.c Mon Mar 05 15:15:03 2007 -0800 > > +++ b/tools/vtpm_manager/manager/vtsp.c Thu Apr 05 10:24:01 2007 -0700 > > @@ -596,7 +596,7 @@ TPM_RESULT VTSP_LoadKey(const TCS_CONTEX > > vtpmloginfo(VTPM_LOG_VTSP, "Loading Key %s.\n", (!skipTPMLoad ? "into > > TPM" : "only into memory")); > > > > TPM_RESULT status = TPM_SUCCESS; > > - TPM_COMMAND_CODE command = TPM_ORD_LoadKey; > > + TPM_COMMAND_CODE command = TPM_ORD_LoadKey2; > > > > BYTE *paramText=NULL; // Digest to make Auth. > > UINT32 paramTextSize; > > @@ -634,10 +634,9 @@ TPM_RESULT VTSP_LoadKey(const TCS_CONTEX > > &phKeyHMAC) ); > > > > // Verify Auth > > - paramTextSize = BSG_PackList(paramText, 3, > > + paramTextSize = BSG_PackList(paramText, 2, > > BSG_TPM_RESULT, &status, > > - BSG_TPM_COMMAND_CODE, &command, > > - BSG_TPM_HANDLE, newKeyHandle); > > + BSG_TPM_COMMAND_CODE, &command); > > > > TPMTRYRETURN( VerifyAuth( paramText, paramTextSize, > > parentAuth, auth, > > diff -r 15ff55aab051 tools/vtpm_manager/tcs/tcs.c > > --- a/tools/vtpm_manager/tcs/tcs.c Mon Mar 05 15:15:03 2007 -0800 > > +++ b/tools/vtpm_manager/tcs/tcs.c Thu Apr 05 10:24:12 2007 -0700 > > @@ -901,7 +901,7 @@ TPM_RESULT TCSP_LoadKeyByBlob(TCS_CONTEX > > // setup input/output parameters block > > TPM_TAG tag = TPM_TAG_RQU_AUTH1_COMMAND; > > UINT32 paramSize = 0; > > - TPM_COMMAND_CODE ordinal = TPM_ORD_LoadKey; > > + TPM_COMMAND_CODE ordinal = TPM_ORD_LoadKey2; > > TPM_RESULT returnCode = TPM_SUCCESS; > > > > // setup the TPM driver input and output buffers > > diff -r 15ff55aab051 tools/vtpm_manager/util/tcg.h > > --- a/tools/vtpm_manager/util/tcg.h Mon Mar 05 15:15:03 2007 -0800 > > +++ b/tools/vtpm_manager/util/tcg.h Thu Apr 05 10:24:24 2007 -0700 > > @@ -250,6 +250,7 @@ typedef struct pack_constbuf_t { > > #define TPM_ORD_ReadManuMaintPub (48UL + TPM_PROTECTED_ORDINAL) > > #define TPM_ORD_CertifyKey (50UL + TPM_PROTECTED_ORDINAL) > > #define TPM_ORD_Sign (60UL + TPM_PROTECTED_ORDINAL) > > +#define TPM_ORD_LoadKey2 (65UL + TPM_PROTECTED_ORDINAL) > > #define TPM_ORD_GetRandom (70UL + TPM_PROTECTED_ORDINAL) > > #define TPM_ORD_StirRandom (71UL + TPM_PROTECTED_ORDINAL) > > #define TPM_ORD_SelfTestFull (80UL + TPM_PROTECTED_ORDINAL) > > > > > > ________________________________ > > > > From: xense-devel-bounces@xxxxxxxxxxxxxxxxxxx > > [mailto:xense-devel-bounces@xxxxxxxxxxxxxxxxxxx] On Behalf Of Maximilian > > Loy > > Sent: Monday, March 26, 2007 4:40 AM > > To: xense-devel@xxxxxxxxxxxxxxxxxxx > > Subject: [Xense-devel] vtpm_managerd problem with Infineon TPM > > 1.2 > > > > > > Hi everybody, > > > > i am having problems to get the vtpm_managerd (Xen 3.0.4.1) to > > work with the Infineon TPM 1.2 (platform is a HP nx6325). > > > > I was having the BAD_ORDINAL problems like discussed earlier on > > this list, but i could solve them with applying the patch from: > > > > http://lists.xensource.com/archives/html/xense-devel/2006-12/msg00020.ht > > ml > > > > This resulted in TPM_AUTHFAIL like in > > > > http://lists.xensource.com/archives/html/xense-devel/2006-12/msg00024.ht > > ml > > giving me the following output after taking the ownership: > > ... > > INFO[VTSP]: Loading Key into TPM. > > ERROR[TCS]: TCSP_LoadKeyByBlob Failed with return code > > TPM_AUTHFAIL > > ERROR in VTSP_LoadKey at vtsp.c:634 code: TPM_AUTHFAIL. > > ERROR in VTPM_Init_Manager at vtpm_manager.c:240 code: > > TPM_AUTHFAIL. > > ERROR[VTPM]: Closing vtpmd due to error during startup. > > > > Maybe it has something to do with the patch, as the line 634 in > > vtsp.c has been modified by it. > > > > Any help would be very appreciated! > > > > Best regards, Max > >
> > _______________________________________________ > > Xense-devel mailing list > > Xense-devel@xxxxxxxxxxxxxxxxxxx > > http://lists.xensource.com/xense-devel
> _______________________________________________ > Xense-devel mailing list > Xense-devel@xxxxxxxxxxxxxxxxxxx > http://lists.xensource.com/xense-devel

_______________________________________________
Xense-devel mailing list
Xense-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xense-devel

WARNING - OLD ARCHIVES

xense-devel

Re: [Xense-devel] vtpm_managerd problem with Infineon TPM 1.2