From: "Marcos Simó Picó" <marcossp@kth.se>
To: "xen-devel@lists.xen.org" <xen-devel@lists.xen.org>
Subject: vTPM issues
Date: Wed, 24 Jun 2015 15:16:37 +0000 [thread overview]
Message-ID: <1435158998075.14889@kth.se> (raw)
[-- Attachment #1.1: Type: text/plain, Size: 1946 bytes --]
Hello everyone,
I would like to try the vTPM feature, but I'm having some issues. Basically, I followed the steps explained in https://mhsamsal.wordpress.com/2013/12/05/configuring-virtual-tpm-vtpm-for-xen-4-3-guest-virtual-machines/
I'm running Ubuntu 14.04 as Dom0 on a Dell optiplex-9020. I compiled Xen 4.5.0 from source. After creating vtpmmgr and vtpm stubdoms, and DomU, I can invoke tpm_version from DomU:
root@DomU:/home/xen# tpm_version
TPM 1.2 Version Info:
Chip Version: 1.2.0.7
Spec Level: 2
Errata Revision: 1
TPM Vendor ID: ETHZ
TPM Version: 01010000
Manufacturer Info: 4554485a
I can also see the PCRs status by invoking cat /sys/class/misc/tpm0/device/pcrs, however, most of the commands return an error. When I invoke takeownership I get the following error:
root@DomU:/home/xen# tpm_takeownership -y -z -l debug
Tspi_Context_Create success
Tspi_Context_Connect success
Tspi_Context_GetTpmObject success
Tspi_GetPolicyObject success
Tspi_Policy_SetSecret success
Tspi_Context_CreateObject success
Tspi_GetPolicyObject success
Tspi_Policy_SetSecret success
Tspi_TPM_TakeOwnership failed: 0x00002004 - layer=tcs, code=0004 (4), Internal software error
Tspi_Context_CloseObject success
Tspi_Context_FreeMemory success
Tspi_Context_Close success
The same error is given when invoking tpm_getpubkey. I have already tried after clearing the TPM from BIOS, after having taken ownership and with ownership no taken with the same result when using the vTPM. I have also installed Xen 4.3.4, with the same result too.
In the end, I would like to use the vTPM to generate and use RSA keys for TLS session establishing (using the API provided with GnuTLS). Since I cannot take ownership of the vTPM, the GnuTLS' tpmtool complains it doesn't find any SRK.
I really appreciate any help you can provide.
Best regards,
Marcos
[-- Attachment #1.2: Type: text/html, Size: 5567 bytes --]
[-- Attachment #2: Type: text/plain, Size: 126 bytes --]
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
next reply other threads:[~2015-06-24 15:16 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-06-24 15:16 Marcos Simó Picó [this message]
2015-06-25 8:21 ` vTPM issues Emil Condrea
2015-06-25 9:10 ` Marcos Simó Picó
2015-06-25 9:22 ` Emil Condrea
2015-06-25 9:34 ` Marcos Simó Picó
2015-06-25 9:52 ` Emil Condrea
2015-06-25 19:18 ` Marcos Simó Picó
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1435158998075.14889@kth.se \
--to=marcossp@kth.se \
--cc=xen-devel@lists.xen.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.