|
xense-devel
RE: [Xense-devel] vtpm_managerd problem with Infineon TPM 1.2
|
vTPM
Manager will take ownership if the TPM is not already owned; it also works fine
it is owned. Either way, make sure to delete /var/vtpm/VTPM before running
Manager so that it doesn't try to use an old state.
Joe
Unless you reboot your
machine and do a modprobe tpmbk again you will need to do
mknod /dev/vtpm c 10 225
to get that device entry. The TPM
backend device is a 'permanent' device and cannot be 'rmmod'ed.
I don't get the entry even when i reboot and modprobe tpmbk.
So i made the entry manually. Now I was tried two things:
With
a cleaned and activated TPM i get the following output:
# vtpm_managerd
INFO[VTPM]: Starting VTPM.
INFO[TCS]: Constructing new
TCS:
INFO[TCS]: Calling TCS_OpenContext:
INFO[VTSP]:
OIAP.
INFO[VTSP]: Loading Key into TPM.
ERROR[TCS]: TCSP_LoadKeyByBlob
Failed with return code TPM_NOSRK
ERROR in VTSP_LoadKey at vtsp.c:634 code:
TPM_NOSRK.
ERROR in VTPM_LoadManagerData at securestorage.c:453 code:
TPM_NOSRK.
ERROR[VTPM]: Failed to load service data with error =
TPM_NOSRK
ERROR[VTPM]: Failed to read existing manager file
After
taking ownership (and stopping tcsd again) i get:
# vtpm_managerd
INFO[VTPM]: Starting VTPM.
INFO[TCS]: Constructing new
TCS:
INFO[TCS]: Calling TCS_OpenContext:
INFO[VTSP]:
OIAP.
INFO[VTSP]: Loading Key into TPM.
ERROR[TCS]: TCSP_LoadKeyByBlob
Failed with return code TPM_AUTHFAIL
ERROR in VTSP_LoadKey at vtsp.c:634
code: TPM_AUTHFAIL.
ERROR in VTPM_LoadManagerData at securestorage.c:453
code: TPM_AUTHFAIL.
ERROR[VTPM]: Failed to load service data with error =
TPM_AUTHFAIL
ERROR[VTPM]: Failed to read existing manager file
I am
not shure if i have to take ownership or
not?!
Thanks,
Max
> 2007/4/6, Cihula, Joseph < joseph.cihula@xxxxxxxxx>:
> Hopefully if you unload tpmbk, delete your current /dev/vtpm
entry,
> and then re- modprobe tpmbk it will create the proper entry
for you.
>
> It also looks like there is one more v1.1b command
in the code
> (TPM_EvictKey). Since the basic v1.2 patch worked
for you, I will
> generate a patch that can handle both versions and
fix the
> TPM_EvictKey usage in the v1.2 path of this new patch
(rather than
> sending out another v1.2 only patch).
>
>
Joe
>
> From: xense-devel-bounces@xxxxxxxxxxxxxxxxxxx [mailto: xense-devel-
> bounces@xxxxxxxxxxxxxxxxxxx] On Behalf Of Stefan
Berger
> Sent: Friday, April 06, 2007 12:07 PM
> To: Maximilian
Loy
> Cc: xense-devel-bounces@xxxxxxxxxxxxxxxxxxx; xense-devel@xxxxxxxxxxxxxxxxxxx
> Subject: Re:
[Xense-devel] vtpm_managerd problem with Infineon TPM
1.2
>
> xense-devel-bounces@xxxxxxxxxxxxxxxxxxx wrote on
04/06/2007 02:53:48 PM:
>
> >
> > > So, the
patch solves the earlier problem, but another one surfaced.
> >
> When i start vtpm_manager i get this output after it has
> >
> loaded/created the keys:
> > >
> > >
ERROR[VTPM]: VTPM ERROR: Can't open /dev/vtpm for reading.
> > >
ERROR[VTPM]: [Backend Listener]: Backend Listener can't read from
>
> > ipc. Aborting...
> > > ....
> >
>
> Did you do 'modprobe tpmbk'? That should make /dev/vtpm available.
> >
> > I did, and lsmod shows me tpmbk running, as well
as the tpm drivers:
> > tpmbk
17724 0 [permanent]
> > tpm_tis
14592 0
>
> tpm_infineon 12312 0
>
> tpm
18848 2 tpm_tis,tpm_infineon
> > tpm_bios
10368 1 tpm
> >
>
> Although the /dev/vtpm directory exists, it is completly empty. Is
> > this normal?
>
> /dev/vtpm is a character
device, not a directory.
>
> 'ls /dev/vtpm' should show
something like this:
>
> crw------- 1 root root 10, 225 Apr
6 11:50 /dev/vtpm
>
>
> Stefan
>
> >
> > Regards,
> > Max
>
> >
> >
> > >
> > > I get this
message again and again till i abort it:
> > >
> >
> INFO[VTPM]: [BINFO[VTPM]: Child shutting down
> > >
INFO[VTPM]: VTPM Manager shutting down for signal 2.
> > >
INFO[VTPM]: Enveloping Input[624]: 0x2 c5 94 f9 e4 fa 88 e0 a4 8d 43
>
> > a3 b1 35 ee 43 3d 5e 5e f 50 e1 51 7a 59 9f cb 70 a4 fb 3c b5 41
56
> > > ad 5d e2 37 3b a5
> > > ........
>
> > 6a 96 5b 1e 6b da a5 f4 ea 22 98 10 b0 b1 c8 b2 7c 27 10 51
a3 da 0
> > > 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
> >
> INFO[VTSP]: Binding 16 bytes of data.
> > > INFO[VTPM]:
Saved 256 bytes of E(symkey) + 656 bytes of E(data)
> > >
INFO[VTPM]: Enveloping Output[920]: 0x0 0 1 0 3a 85 a0 a2 7f cb 9a
>
> > 1c 85 2b 6c ec 76 5c 2f 59 57 fd 16 94 1c c2 e a3 9b d1 b4 25 ca
4a
> > > f 5f 21 f2 2e 1f f4 ......
> > > 88
1c 13 35 47 d8 e b0 93 1a b5 d2 d f1 5e ed ea 7e 69 2e b4 c2 21
>
> > f2 da 34 5c ea a5 6d f6
> > > INFO[VTPM]: Child
shutting down
> > > INFO[VTPM]: Saved VTPM Manager state (status
= 0, dmis = -1)
> > > INFO[TCS]: Calling
TCS_CloseContext.
> > > INFO[VTPM]: Child shutting down
>
> > ERROR[TCS]: TCSP_EvictKey Failed with return code TPM_BAD_ORDINAL
> > > ERROR[TCS]: Not all handles evicted from TPM.
>
> > INFO[TCS]: Destructing TCS:
> > > INFO[TCS]: Calling
TCS_CloseContext.
> > > INFO[VTPM]: VTPM Manager
stopped.
> > >
> > >
> > > So i tried
to solve the problem by clearing the ownership and
> > >
deleting /var/vtpm/VTPM, but with the same result.
> > >
> > > The /dev/vtpm directory is empty now with the following
access rights:
> > > drwxrwxr-x 2 root root
4096 Apr 5 22:15 vtpm
> > >
> >
> lsmod shows me tpmbk running, as well as the tpm drivers:
> >
> tpmbk
17724 0 [permanent]
> > > tpm_tis
14592 0
> > >
tpm_infineon 12312 0
> >
> tpm
18848 2 tpm_tis,tpm_infineon
> > > tpm_bios
10368 1 tpm
> >
>
> > >
> > > Maybe that helps.
> >
>
> > > Regards,
> > > Max
> > >
> >
> > > 2007/4/5, Cihula, Joseph <joseph.cihula@xxxxxxxxx>:
> > > Max and
Burak,
> > >
> > > Sorry for the delay in
responding (especially to Burak whose much
> > > earlier posting
we missed). We don't have an Infineon TPM here to test
> >
> with, but the root cause of this error isn't specific to the TPM mfgr.
> > > and we did verify it on our v1.2 TPMs. Attached and
inline is a patch
> > > (including Vinnie's existing one) that
should fix this problem. You
> > > should delete your
/var/vtpm/VTPM file before re-running, but you don't
> > > need
to reset your owner.
> > >
> > > Let me know how it
works. If this solves your problem then I will work
> > >
up an official patch that can support both v1.1b and v1.2 TPMs (this
>
> > patch will only work with v1.2 TPMs).
> > >
>
> > Vinnie Scarlata deserves all of the credit for root causing this
and
> > > providing the fix.
> > >
> >
> Joe
> > >
> > > Patch:
> > >
> > > diff -r 15ff55aab051
tools/vtpm_manager/manager/vtpm_manager.c
> > > ---
a/tools/vtpm_manager/manager/vtpm_manager.c Mon Mar 05 15:15:03 2007
> > > -0800
> > > +++
b/tools/vtpm_manager/manager/vtpm_manager.c Thu Apr 05 10:23:46 2007
>
> > -0700
> > > @@ -90,22 +90,19 @@ TPM_RESULT
VTPM_Create_Manager(){
> > > CRYPTO_INFO
ek_cryptoInfo;
> > >
> > > status =
VTSP_ReadPubek(vtpm_globals->manager_tcs_handle,
> > >
&ek_cryptoInfo);
> > > -
> > > +
> >
> // If we can read PubEK then there is no owner and we
should take it.
> > > // We use the abilty to read
the pubEK to flag that the TPM is owned.
> > > //
FIXME: Change to just trying to take ownership and react to the
>
> > status
> > > if (status == TPM_SUCCESS)
{
> > > -
TPMTRYRETURN(VTSP_TakeOwnership(vtpm_globals->manager_tcs_handle,
>
> > -
(const
> >
> TPM_AUTHDATA*)&vtpm_globals->owner_usage_auth,
> >
> -
&SRK_AUTH,
> >
> -
&ek_cryptoInfo,
>
> > -
&vtpm_globals->keyAuth));
> > > -
> > >
-
> > >
TPMTRYRETURN(VTSP_DisablePubekRead(vtpm_globals->manager_tcs_handle,
> > > -
(const
> > >
TPM_AUTHDATA*)&vtpm_globals->owner_usage_auth,
> > > -
&vtpm_globals->keyAuth));
> > > - } else {
>
> > - vtpmloginfo(VTPM_LOG_VTPM, "Failed to readEK
meaning TPM has an
> > > owner. Creating Keys off existing
SRK.\n");
> > > + status =
VTSP_TakeOwnership(vtpm_globals->manager_tcs_handle,
> > > +
(const
> > >
TPM_AUTHDATA*)&vtpm_globals->owner_usage_auth,
> > > +
&SRK_AUTH,
> > > +
&ek_cryptoInfo,
> > > +
&vtpm_globals->keyAuth);
> > > + }
>
> > + if (status != TPM_SUCCESS) {
> > > +
vtpmloginfo(VTPM_LOG_VTPM, "TPM has an owner. Creating Keys off
> > > existing SRK.\n");
> > >
}
> > >
> > > // Generate
storage key's auth
> > > diff -r 15ff55aab051
tools/vtpm_manager/manager/vtsp.c
> > > ---
a/tools/vtpm_manager/manager/vtsp.c Mon Mar 05 15:15:03 2007 -0800
>
> > +++ b/tools/vtpm_manager/manager/vtsp.c Thu Apr 05 10:24:01 2007
-0700
> > > @@ -596,7 +596,7 @@ TPM_RESULT VTSP_LoadKey(const
TCS_CONTEX
> > > vtpmloginfo(VTPM_LOG_VTSP,
"Loading Key %s.\n", (!skipTPMLoad ? "into
> > > TPM" : "only
into memory"));
> > >
> > > TPM_RESULT
status = TPM_SUCCESS;
> > > - TPM_COMMAND_CODE command =
TPM_ORD_LoadKey;
> > > + TPM_COMMAND_CODE command =
TPM_ORD_LoadKey2;
> > >
> > > BYTE
*paramText=NULL; // Digest to make Auth.
>
> > UINT32 paramTextSize;
> > > @@ -634,10
+634,9 @@ TPM_RESULT VTSP_LoadKey(const TCS_CONTEX
> > >
&phKeyHMAC)
);
> > >
> > > // Verify
Auth
> > > - paramTextSize =
BSG_PackList(paramText, 3,
> > > + paramTextSize =
BSG_PackList(paramText, 2,
> > >
BSG_TPM_RESULT, &status,
> > > -
BSG_TPM_COMMAND_CODE, &command,
> > > -
BSG_TPM_HANDLE, newKeyHandle);
>
> > +
BSG_TPM_COMMAND_CODE,
&command);
> > >
> > >
TPMTRYRETURN( VerifyAuth( paramText, paramTextSize,
> > >
parentAuth, auth,
> > > diff -r
15ff55aab051 tools/vtpm_manager/tcs/tcs.c
> > > ---
a/tools/vtpm_manager/tcs/tcs.c Mon Mar 05 15:15:03 2007
-0800
> > > +++ b/tools/vtpm_manager/tcs/tcs.c
Thu Apr 05 10:24:12 2007 -0700
> > > @@ -901,7 +901,7 @@
TPM_RESULT TCSP_LoadKeyByBlob(TCS_CONTEX
> > > //
setup input/output parameters block
> > > TPM_TAG
tag = TPM_TAG_RQU_AUTH1_COMMAND;
> > > UINT32
paramSize = 0;
> > > - TPM_COMMAND_CODE ordinal =
TPM_ORD_LoadKey;
> > > + TPM_COMMAND_CODE ordinal =
TPM_ORD_LoadKey2;
> > > TPM_RESULT returnCode =
TPM_SUCCESS;
> > >
> > > // setup the
TPM driver input and output buffers
> > > diff -r 15ff55aab051
tools/vtpm_manager/util/tcg.h
> > > ---
a/tools/vtpm_manager/util/tcg.h Mon Mar 05 15:15:03 2007 -0800
> > > +++ b/tools/vtpm_manager/util/tcg.h Thu Apr
05 10:24:24 2007 -0700
> > > @@ -250,6 +250,7 @@ typedef struct
pack_constbuf_t {
> > > #define TPM_ORD_ReadManuMaintPub
(48UL + TPM_PROTECTED_ORDINAL)
> > >
#define TPM_ORD_CertifyKey
(50UL + TPM_PROTECTED_ORDINAL)
> > > #define TPM_ORD_Sign
(60UL
+ TPM_PROTECTED_ORDINAL)
> > > +#define TPM_ORD_LoadKey2
(65UL +
TPM_PROTECTED_ORDINAL)
> > > #define TPM_ORD_GetRandom
(70UL +
TPM_PROTECTED_ORDINAL)
> > > #define TPM_ORD_StirRandom
(71UL +
TPM_PROTECTED_ORDINAL)
> > > #define TPM_ORD_SelfTestFull
(80UL + TPM_PROTECTED_ORDINAL)
>
> >
> > >
> > >
________________________________
> > >
> > >
From: xense-devel-bounces@xxxxxxxxxxxxxxxxxxx
> > >
[mailto:xense-devel-bounces@xxxxxxxxxxxxxxxxxxx] On Behalf Of
Maximilian
> > > Loy
> > >
Sent: Monday, March 26, 2007 4:40 AM
> > >
To: xense-devel@xxxxxxxxxxxxxxxxxxx
> > >
Subject: [Xense-devel] vtpm_managerd problem with
Infineon TPM
> > > 1.2
> > >
> > >
> > > Hi everybody,
> >
>
> > > i am having problems to
get the vtpm_managerd (Xen 3.0.4.1) to
> > > work with the Infineon TPM
1.2 (platform is a HP nx6325).
> > >
> > >
I was having the BAD_ORDINAL problems like discussed
earlier on
> > > this list, but i could solve them with
applying the patch from:
> > >
> > > http://lists.xensource.com/archives/html/xense-devel/2006-12/msg00020.ht
> > > ml
> > >
> > >
This resulted in TPM_AUTHFAIL like in
> > >
> > > http://lists.xensource.com/archives/html/xense-devel/2006-12/msg00024.ht
> > > ml
> > >
giving me the following output after taking the ownership:
> > >
...
> > >
INFO[VTSP]: Loading Key into TPM.
> > >
ERROR[TCS]: TCSP_LoadKeyByBlob Failed with return code
>
> > TPM_AUTHFAIL
> > > ERROR
in VTSP_LoadKey at vtsp.c:634 code: TPM_AUTHFAIL.
> > >
ERROR in VTPM_Init_Manager at vtpm_manager.c:240
code:
> > > TPM_AUTHFAIL.
> > >
ERROR[VTPM]: Closing vtpmd due to error during startup.
> >
>
> > > Maybe it has something
to do with the patch, as the line 634 in
> > > vtsp.c has been
modified by it.
> > >
> > >
Any help would be very appreciated!
> > >
> >
> Best regards, Max
> > >
>
> > >
_______________________________________________
> > >
Xense-devel mailing list
> > > Xense-devel@xxxxxxxxxxxxxxxxxxx
> > > http://lists.xensource.com/xense-devel
> >
_______________________________________________
> > Xense-devel
mailing list
> > Xense-devel@xxxxxxxxxxxxxxxxxxx
> > http://lists.xensource.com/xense-devel
>
_______________________________________________
> Xense-devel mailing
list
> Xense-devel@xxxxxxxxxxxxxxxxxxx
> http://lists.xensource.com/xense-devel
_______________________________________________
Xense-devel mailing list
Xense-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xense-devel
|
| <Prev in Thread] |
Current Thread |
[Next in Thread>
|
- RE: [Xense-devel] vtpm_managerd problem with Infineon TPM 1.2, Cihula, Joseph
- Re: [Xense-devel] vtpm_managerd problem with Infineon TPM 1.2, Maximilian Loy
- Re: [Xense-devel] vtpm_managerd problem with Infineon TPM 1.2, Stefan Berger
- Re: [Xense-devel] vtpm_managerd problem with Infineon TPM 1.2, Maximilian Loy
- Re: [Xense-devel] vtpm_managerd problem with Infineon TPM 1.2, Stefan Berger
- RE: [Xense-devel] vtpm_managerd problem with Infineon TPM 1.2, Cihula, Joseph
- Re: [Xense-devel] vtpm_managerd problem with Infineon TPM 1.2, Maximilian Loy
- Re: [Xense-devel] vtpm_managerd problem with Infineon TPM 1.2, Stefan Berger
- Re: [Xense-devel] vtpm_managerd problem with Infineon TPM 1.2, Maximilian Loy
- RE: [Xense-devel] vtpm_managerd problem with Infineon TPM 1.2,
Cihula, Joseph <=
- Re: [Xense-devel] vtpm_managerd problem with Infineon TPM 1.2, Maximilian Loy
- RE: [Xense-devel] vtpm_managerd problem with Infineon TPM 1.2, Cihula, Joseph
- Re: [Xense-devel] vtpm_managerd problem with Infineon TPM 1.2, Maximilian Loy
|
|
|
Home