WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xense-devel

RE: [Xense-devel] vtpm_managerd problem

To: "Rozas, Carlos V" <carlos.v.rozas@xxxxxxxxx>
Subject: RE: [Xense-devel] vtpm_managerd problem
From: Stefan Berger <stefanb@xxxxxxxxxx>
Date: Wed, 6 Dec 2006 10:42:39 -0500
Cc: xense-devel@xxxxxxxxxxxxxxxxxxx
Delivery-date: Wed, 06 Dec 2006 07:42:49 -0800
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
In-reply-to: <5FD5754DDBA0B1499B5A0B4BB5419485293314@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>
List-help: <mailto:xense-devel-request@lists.xensource.com?subject=help>
List-id: "A discussion list for those developing security enhancements for Xen." <xense-devel.lists.xensource.com>
List-post: <mailto:xense-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xense-devel>, <mailto:xense-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xense-devel>, <mailto:xense-devel-request@lists.xensource.com?subject=unsubscribe>
Sender: xense-devel-bounces@xxxxxxxxxxxxxxxxxxx

Carlos,

   is either you or Vinnie maintaining the vtpm manager?

   Stefan


"Rozas, Carlos V" <carlos.v.rozas@xxxxxxxxx> wrote on 12/05/2006 04:34:31 PM:

> We had an initial prototype that moved the vtpm manager and instances into a

> separate security domain (called domS0). This allowed transparent operation
> for existing and future TPM infrastructures in dom0 and a good
> direction long term.

> For the short term, I don't see a good solution other than porting
> vtpm manager

> to use trousers. If you're interested, I am sure Vin and Stefan can
> provide some

> pointers.....
>  
> Carlos
>
> From: xense-devel-bounces@xxxxxxxxxxxxxxxxxxx [mailto:xense-devel-
> bounces@xxxxxxxxxxxxxxxxxxx] On Behalf Of Burak OÐUZ
> Sent: Tuesday, December 05, 2006 1:12 PM
> To: Stefan Berger
> Cc: xense-devel@xxxxxxxxxxxxxxxxxxx
> Subject: Re: [Xense-devel] vtpm_managerd problem

>
>
>
> Burak OÐUZ <burakoguzs@xxxxxxxxx> wrote on 12/05/2006 11:25:26 AM:
>
> >
> >    Stefan
> >
> >
> > ----------> I have compiled the xen kernel again and made 'modprobe
> > tpmbk' but in the vtpm_managerd it gives the same error again.
> >
> > dungeon linux-2.6.16.29-xen # vtpm_managerd
> > INFO[VTPM]: Starting VTPM.
> > INFO[TCS]: Constructing new TCS:
> > ERROR[TXDATA]: TPM open failedERROR in VTPM_Init_Manager at
> > vtpm_manager.c:205 code: TPM_IOERROR.
> > ERROR[VTPM]: Closing vtpmd due to error during startup
> >
> > But when I shutdown the trousers, the behaviour of the
> vtpm_managerdchanges:
>
> Oh, you are running trousers in domain-0. I think you cannot do this
> since the vtpm manager will try to talk to /dev/tpm0 directly and
> trousers is blocking that device. vtpm_managerd would have to be
> changed to talk to the TPM indirectly through trousers.
>
>     ----> Are there any options that I can use the vtpm_managerd
> with trousers? How can I manage vtpm_managerd run with trousers?
> Because I need trousers on domain-0.
>
> >
> > dungeon burak # vtpm_managerd
> > INFO[VTPM]: Starting VTPM.
> > INFO[TCS]: Constructing new TCS:
> > INFO[TCS]: Calling TCS_OpenContext:
> > INFO[VTSP]: OIAP.
> > ERROR[VTPM]: Failed to load service data with error = TPM_IOERROR
> > INFO[VTPM]: Failed to read manager file. Assuming first time initialization
> > INFO[VTSP]: Reading Public EK.
> > ERROR[TCS]: TCSP_ReadPubek Failed with return code TPM_DISABLED_CMD
> > ERROR in VTSP_ReadPubek at vtsp.c:264 code: TPM_DISABLED_CMD.
> > INFO[VTPM]: Failed to readEK meaning TPM has an owner. Creating Keys
> > off exg SRK.
> > INFO[VTSP]: OSAP.
> > INFO[VTSP]: Creating new key of type 20.
> > INFO[VTSP]: Creating Binding Key...
> > ERROR[TCS]: TCSP_CreateWrapKey Failed with return code TPM_AUTHFAIL
> > ERROR in VTSP_CreateWrapKey at vtsp.c:557 code: TPM_AUTHFAIL.
> > ERROR in VTPM_Create_Manager at vtpm_manager.c:134 code: TPM_AUTHFAIL.
> >
> > I have checked that after modprobing the tpmbk there created vtpm device.
> >
> > dungeon linux-2.6.16.29-xen # ll /dev/vtpm
> > crw-rw---- 1 root root 10, 225 Ara  5 17:57 /dev/vtpm
> >
> > Also it does not modprobe the tpm_xenu
> >
> > dungeon burak # modprobe tpm_xenu
> > FATAL: Error inserting tpm_xenu (/lib/modules/2.6.16.29-
> > xen/kernel/drivers/char/tpm/tpm_xenu.ko): Operation not permitted
>
> Are you trying to do this in domain-0? The tpm_xenu does not work there.
> You can use the domain-0 kernel in a user domain and if you copy the
> tpm_xenu module into the guest domain, then you should be able to do this.
>
>        ------> OK.
>
> After that you should be able to start the trouser in the guest domain.
>
>    Stefan
>
>     -----> Thanks again..
>
>
>
> >
> >
> > What will be the problem?
> >
> > Thanks again
> >
> > Best Regards..
> >
> > --burak
> >
> > Everyone is raving about the all-new Yahoo! Mail beta.
> > _______________________________________________
> > Xense-devel mailing list
> > Xense-devel@xxxxxxxxxxxxxxxxxxx
> > http://lists.xensource.com/xense-devel
> >
> >
> > Everyone is raving about the all-new Yahoo! Mail beta.

>
>
> Any questions? Get answers on any topic at Yahoo! Answers. Try it now.
_______________________________________________
Xense-devel mailing list
Xense-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xense-devel