From: "Marcos Simó Picó" <marcossp@kth.se>
To: Emil Condrea <emilcondrea@gmail.com>
Cc: "xen-devel@lists.xen.org" <xen-devel@lists.xen.org>
Subject: Re: vTPM issues
Date: Thu, 25 Jun 2015 09:34:39 +0000 [thread overview]
Message-ID: <1435224879340.54383@kth.se> (raw)
In-Reply-To: <CAAULxKKcsKs2pWGf=zdZ9m4guyOCt2ncahnWGHabVydfQ1nFuA@mail.gmail.com>
[-- Attachment #1.1: Type: text/plain, Size: 4229 bytes --]
Okay, /etc/tpm0 is present.
The timeout values are:
752000 2000000 752000 752000 [adjusted]
I have no problem actually upgrading to Ubuntu 15.04 if that might solve the problem.
Thanks a lot for your reply again.
________________________________
De: Emil Condrea <emilcondrea@gmail.com>
Enviado: jueves, 25 de junio de 2015 11:22
Para: Marcos Simó Picó
Cc: xen-devel@lists.xen.org
Asunto: Re: [Xen-devel] vTPM issues
Sorry, I misspelled, I meant /dev/tpm0 not /etc/tpm0
I remember that once I had this problem when almost all trousers commands
were returning internal software error in domU.
Can you check what are the timeout values?
cat /sys/devices/vtpm-0/timeouts
I remember that there was a bug in ubuntu 14.04 regarding tpm driver.
You could try 14.04.2. I am using Ubuntu 15.04 as domU guest and tpm comands
run succesfully.
On Thu, Jun 25, 2015 at 12:10 PM, Marcos Simó Picó <marcossp@kth.se<mailto:marcossp@kth.se>> wrote:
Yes, I'm indeed using pv guests. After running #tcsd -f & I get:
TCSD TDDL ioctl: (25) Inappropriate ioctl for device
TCSD TDDL Falling back to Read/Write device support.
TCSD trousers 0.3.5git: TCSD up and running.
I don't know if the problem might be there. When I invoke tpm_takeownership -z -y -l debug it returns exactly the same messages I sent in my previous email.
On the other hand, /sys/devices/vtpm-0 is present, but /etc/tpm0 is not.
Thanks for your reply.
________________________________
De: Emil Condrea <emilcondrea@gmail.com<mailto:emilcondrea@gmail.com>>
Enviado: jueves, 25 de junio de 2015 10:21
Para: Marcos Simó Picó
Cc: xen-devel@lists.xen.org<mailto:xen-devel@lists.xen.org>; Xu, Quan
Asunto: Re: [Xen-devel] vTPM issues
I guess you are using pv guests, I don't know exactly if Quan finished development for hvm.
I suggest to take a look at tcsd log:
pkill tcsd
tcsd -f &
tpm_takeownership -z -y -l debug
Also can you see if /sys/devices/vtpm-0 and /dev/tpm0 are present?
On Wed, Jun 24, 2015 at 6:16 PM, Marcos Simó Picó <marcossp@kth.se<mailto:marcossp@kth.se>> wrote:
Hello everyone,
I would like to try the vTPM feature, but I'm having some issues. Basically, I followed the steps explained in https://mhsamsal.wordpress.com/2013/12/05/configuring-virtual-tpm-vtpm-for-xen-4-3-guest-virtual-machines/
I'm running Ubuntu 14.04 as Dom0 on a Dell optiplex-9020. I compiled Xen 4.5.0 from source. After creating vtpmmgr and vtpm stubdoms, and DomU, I can invoke tpm_version from DomU:
root@DomU:/home/xen# tpm_version
TPM 1.2 Version Info:
Chip Version: 1.2.0.7
Spec Level: 2
Errata Revision: 1
TPM Vendor ID: ETHZ
TPM Version: 01010000
Manufacturer Info: 4554485a
I can also see the PCRs status by invoking cat /sys/class/misc/tpm0/device/pcrs, however, most of the commands return an error. When I invoke takeownership I get the following error:
root@DomU:/home/xen# tpm_takeownership -y -z -l debug
Tspi_Context_Create success
Tspi_Context_Connect success
Tspi_Context_GetTpmObject success
Tspi_GetPolicyObject success
Tspi_Policy_SetSecret success
Tspi_Context_CreateObject success
Tspi_GetPolicyObject success
Tspi_Policy_SetSecret success
Tspi_TPM_TakeOwnership failed: 0x00002004 - layer=tcs, code=0004 (4), Internal software error
Tspi_Context_CloseObject success
Tspi_Context_FreeMemory success
Tspi_Context_Close success
The same error is given when invoking tpm_getpubkey. I have already tried after clearing the TPM from BIOS, after having taken ownership and with ownership no taken with the same result when using the vTPM. I have also installed Xen 4.3.4, with the same result too.
In the end, I would like to use the vTPM to generate and use RSA keys for TLS session establishing (using the API provided with GnuTLS). Since I cannot take ownership of the vTPM, the GnuTLS' tpmtool complains it doesn't find any SRK.
I really appreciate any help you can provide.
Best regards,
Marcos
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org<mailto:Xen-devel@lists.xen.org>
http://lists.xen.org/xen-devel
[-- Attachment #1.2: Type: text/html, Size: 10044 bytes --]
[-- Attachment #2: Type: text/plain, Size: 126 bytes --]
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
next prev parent reply other threads:[~2015-06-25 9:34 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-06-24 15:16 vTPM issues Marcos Simó Picó
2015-06-25 8:21 ` Emil Condrea
2015-06-25 9:10 ` Marcos Simó Picó
2015-06-25 9:22 ` Emil Condrea
2015-06-25 9:34 ` Marcos Simó Picó [this message]
2015-06-25 9:52 ` Emil Condrea
2015-06-25 19:18 ` Marcos Simó Picó
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1435224879340.54383@kth.se \
--to=marcossp@kth.se \
--cc=emilcondrea@gmail.com \
--cc=xen-devel@lists.xen.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.