|
|
|
|
|
|
|
|
|
|
xen-devel
Re: [Xen-devel] vTPM NVM, loadkey and trousers questions
Hi Erdem,
thanks for your reply.
> See post in [0] about loading keys into vTPM on infineon 1.2 TPMs. IMO,
> you also need this patch.
Are you using Xen 3.1.x yet? I am pretty sure the patch you mentioned is
included in Xen 3.2.1.
> Could you send any progress about this NVM issue. This is one of my
> biggest problems in vTPM and I want to see if anyone gets it work.
I will definitely keep you posted on any progress concerning this.
Tim
> [0]
> http://lists.xensource.com/archives/html/xen-devel/2008-02/msg01092.html
>
> Tim Feld wrote On 26-08-2008 23:58:
> > Hi everyone,
> >
> > I am using Xen 3.2.1 with the vtpm-12-patch.diff patch posted in [0]. My
> TPM is an Infineon 1.2. In total I have got three different questions:
> >
> > 1. NVM loading problem at VM creation
> > When I am creating a VM the last few lines of the vtpm_manager output
> are:
> > TPMD[245]: tpm/tpm_startup.c:45: Info: TPM_Startup(1)
> > Loading NVM.
> > Sending LoadNVM command
> > ERROR[VTPM]: Failed to load NVM
> > .INFO[VTPM]: [VTPM Listener]: VTPM Listener waiting for messages.
> > Reading LoadNVM header
> >
> > For every VM a new tpmd instance is created, ignoring the setting in my
> VM config file. In /var/vtpm are only two folders (fifos, socks) and two
> files (VTPM, vtpm.db). I am missing the one for non volatile memory. Any
> ideas what might be wrong here?
> >
> >
> > 2. Using IAIK jTSS in VM (http://trustedjava.sourceforge.net/)
> > I want to use the jTSS in my VMs. Some simple operations like taking
> ownership, extending a PCR and creating keys are working, but there seems to
> be a problem when it comes to loading keys.
> > For example, if I try to bind data after taking ownership using the
> jtpmtools example (jtt.sh bind) the operation fails. Java stack trace is:
> > iaik.tc.tss.api.exceptions.tcs.TcTpmException:
> >
> > TSS Error:
> > error layer: 0x00 (TPM)
> > error code (without layer): 0x1f
> > error code (full): 0x1f
> > error message: An IO error occurred transmitting information to the TPM
> >
> > at
> iaik.tc.tss.impl.java.tcs.pbg.TcTpmCmdCommon.handleRetCode(TcTpmCmdCommon.java:73)
> > at
> iaik.tc.tss.impl.java.tcs.pbg.TcTpmCmdDeprMisc.TpmLoadKey(TcTpmCmdDeprMisc.java:222)
> > at
> iaik.tc.tss.impl.java.tcs.kcmgr.TcTcsKeyManager.LoadKeyByBlob(TcTcsKeyManager.java:72)
> > at
> iaik.tc.tss.impl.java.tcs.tcsi.TcTcsi.TcsipLoadKeyByBlob(TcTcsi.java:535)
> >
> > A lot of vtpm_manager output is produced. The last few lines are:
> > TPMD[6]: tpm/tpm_cmd_handler.c:4162: Debug: tpm_handle_command()
> > TPMD[6]: tpm/tpm_cmd_handler.c:3466: Debug: [TPM_TAG_RQU_AUTH1_COMMAND]
> > TPMD[6]: tpm/tpm_cmd_handler.c:3654: Debug: [TPM_ORD_LoadKey]
> > TPMD[6]: tpm/tpm_storage.c:526: Info: TPM_LoadKey()
> > TPMD[6]: tpm/tpm_storage.c:528: Debug: [ parentHandle=40000000 ]
> > TPMD[6]: tpm/tpm_cmd_handler.c:4117: Info: TPM command succeeded
> > ERROR[VTPM]: [Backend Listener]: Error reading from DMI. Aborting...
> > INFO[VTPM]: [Backend Listener]: Backend Listener waiting for messages.
> >
> > Let me know, if you need the whole output. From my understanding it says
> "TPM command succeeded". What's the matter with "Error reading from DMI"?
> On my real TPM the command is working.
> >
> > I also tried a self written application using jTSS. When trying to load
> a key vtpm_managers output finishes with:
> > TPMD[1]: tpm/tpm_cmd_handler.c:4162: Debug: tpm_handle_command()
> > TPMD[1]: tpm/tpm_cmd_handler.c:3466: Debug: [TPM_TAG_RQU_AUTH1_COMMAND]
> > TPMD[1]: tpm/tpm_cmd_handler.c:3654: Debug: [TPM_ORD_LoadKey]
> > TPMD[1]: tpm/tpm_storage.c:526: Info: TPM_LoadKey()
> > TPMD[1]: tpm/tpm_storage.c:528: Debug: [ parentHandle=40000000 ]
> > TPMD[1]: tpm/tpm_cmd_handler.c:4110: Info: TPM command failed: (0x0c)
> The key handle presented was invalid.
> > TPMD[1]: tpm/tpm_eviction.c:56: Info: TPM_FlushSpecific()
> > TPMD[1]: tpm/tpm_eviction.c:57: Debug: [ handle=02000000
> resourceType=00000002 ]
> > TPMD[1]: tpmd.c:227: Debug: Sent[14]: 0 0 0 1 0 c4 0 0 0 a 0 0 0 c
> >
> > INFO[VTPM]: [Backend Listener]: Sending DMI's response to guest.
> > INFO[VTPM]: [Backend Listener]: Backend Listener waiting for messages.
> >
> > Again this program is running well on a real TPM and I created the key
> which is tried to load before.
> >
> >
> > 3. Trousers 0.2.9
> > IAIK provides a java wrapper to use the TPM. Unfortunately this is only
> working with trousers version 0.2.9. Using trousers 0.3.1 the tpm tools
> like tpm_version are working. But as mentioned, the wrapper is only compatible
> with 0.2.9.
> > Using that version (no matter if I apply IFX patch or not) the result of
> tpm_version is:
> > Tspi_Context_Connect failed: 0x00003004 - layer=tsp, code=0004 (4),
> Internal software error
> > TCSD's output:
> > TCSD svrside.c:272 accepted socket 6
> > TCSD tcsd_threads.c:225 Rx'd packet
> > TCSD tcsd_wrap.c:4060 Dispatching ordinal 1
> > TCSD tcsd_wrap.c:366 thread b7c7eb90 servicing a tcs_wrap_OpenContext
> request
> > TCSD tcsd_threads.c:252 Sending 0x21 bytes back
> > TCS tcs_utils.c:1317 Socket connection closed.
> > TCSD tcsd_threads.c:264 Thread exiting.
> > TCS tcscm.c:40 Closing context A0907600
> > TCS tcscm.c:52 Context A0907600 closed
> >
> > When I start tcsd the following output appears:
> > TDDL tddl.c:105 Calling write to driver
> > TDDL tddl.c:116 ioctl: (25) Inappropriate ioctl for device
> > TDDL tddl.c:117 Falling back to Read/Write device support.
> >
> > Does anyone know if 0.2.9 is just outdated or should it be working and
> there is something else wrong?
> >
> > Any hints are very welcome!
> >
> > Thanks in advance
> > Tim
> >
> >
> [0]http://lists.xensource.com/archives/html/xense-devel/2007-04/msg00005.html
> >
> >
>
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@xxxxxxxxxxxxxxxxxxx
> http://lists.xensource.com/xen-devel
--
GMX Kostenlose Spiele: Einfach online spielen und Spaß haben mit Pastry Passion!
http://games.entertainment.gmx.net/de/entertainment/games/free/puzzle/6169196
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
|
|
|
|
|