From mboxrd@z Thu Jan 1 00:00:00 1970 From: =?iso-8859-1?Q?Marcos_Sim=F3_Pic=F3?= Subject: Re: vTPM issues Date: Thu, 25 Jun 2015 09:34:39 +0000 Message-ID: <1435224879340.54383@kth.se> References: <1435158998075.14889@kth.se> <1435223407807.88525@kth.se>, Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="===============4495964964602028510==" Return-path: In-Reply-To: Content-Language: es-ES List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-devel-bounces@lists.xen.org Errors-To: xen-devel-bounces@lists.xen.org To: Emil Condrea Cc: "xen-devel@lists.xen.org" List-Id: xen-devel@lists.xenproject.org --===============4495964964602028510== Content-Language: es-ES Content-Type: multipart/alternative; boundary="_000_143522487934054383kthse_" --_000_143522487934054383kthse_ Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Okay, /etc/tpm0 is present. The timeout values are: 752000 2000000 752000 752000 [adjusted] I have no problem actually upgrading to Ubuntu 15.04 if that might solve th= e problem. Thanks a lot for your reply again. ________________________________ De: Emil Condrea Enviado: jueves, 25 de junio de 2015 11:22 Para: Marcos Sim=F3 Pic=F3 Cc: xen-devel@lists.xen.org Asunto: Re: [Xen-devel] vTPM issues Sorry, I misspelled, I meant /dev/tpm0 not /etc/tpm0 I remember that once I had this problem when almost all trousers commands were returning internal software error in domU. Can you check what are the timeout values? cat /sys/devices/vtpm-0/timeouts I remember that there was a bug in ubuntu 14.04 regarding tpm driver. You could try 14.04.2. I am using Ubuntu 15.04 as domU guest and tpm comand= s run succesfully. On Thu, Jun 25, 2015 at 12:10 PM, Marcos Sim=F3 Pic=F3 > wrote: Yes, I'm indeed using pv guests. After running #tcsd -f & I get: TCSD TDDL ioctl: (25) Inappropriate ioctl for device TCSD TDDL Falling back to Read/Write device support. TCSD trousers 0.3.5git: TCSD up and running. I don't know if the problem might be there. When I invoke tpm_takeownership= -z -y -l debug it returns exactly the same messages I sent in my previous = email. On the other hand, /sys/devices/vtpm-0 is present, but /etc/tpm0 is not. Thanks for your reply. ________________________________ De: Emil Condrea > Enviado: jueves, 25 de junio de 2015 10:21 Para: Marcos Sim=F3 Pic=F3 Cc: xen-devel@lists.xen.org; Xu, Quan Asunto: Re: [Xen-devel] vTPM issues I guess you are using pv guests, I don't know exactly if Quan finished deve= lopment for hvm. I suggest to take a look at tcsd log: pkill tcsd tcsd -f & tpm_takeownership -z -y -l debug Also can you see if /sys/devices/vtpm-0 and /dev/tpm0 are present? On Wed, Jun 24, 2015 at 6:16 PM, Marcos Sim=F3 Pic=F3 > wrote: Hello everyone, I would like to try the vTPM feature, but I'm having some issues. Basically= , I followed the steps explained in https://mhsamsal.wordpress.com/2013/12/= 05/configuring-virtual-tpm-vtpm-for-xen-4-3-guest-virtual-machines/ I'm running Ubuntu 14.04 as Dom0 on a Dell optiplex-9020. I compiled Xen 4.= 5.0 from source. After creating vtpmmgr and vtpm stubdoms, and DomU, I can = invoke tpm_version from DomU: root@DomU:/home/xen# tpm_version TPM 1.2 Version Info: Chip Version: 1.2.0.7 Spec Level: 2 Errata Revision: 1 TPM Vendor ID: ETHZ TPM Version: 01010000 Manufacturer Info: 4554485a I can also see the PCRs status by invoking cat /sys/class/misc/tpm0/device/= pcrs, however, most of the commands return an error. When I invoke takeowne= rship I get the following error: root@DomU:/home/xen# tpm_takeownership -y -z -l debug Tspi_Context_Create success Tspi_Context_Connect success Tspi_Context_GetTpmObject success Tspi_GetPolicyObject success Tspi_Policy_SetSecret success Tspi_Context_CreateObject success Tspi_GetPolicyObject success Tspi_Policy_SetSecret success Tspi_TPM_TakeOwnership failed: 0x00002004 - layer=3Dtcs, code=3D0004 (4), I= nternal software error Tspi_Context_CloseObject success Tspi_Context_FreeMemory success Tspi_Context_Close success The same error is given when invoking tpm_getpubkey. I have already tried a= fter clearing the TPM from BIOS, after having taken ownership and with owne= rship no taken with the same result when using the vTPM. I have also instal= led Xen 4.3.4, with the same result too. In the end, I would like to use the vTPM to generate and use RSA keys for T= LS session establishing (using the API provided with GnuTLS). Since I canno= t take ownership of the vTPM, the GnuTLS' tpmtool complains it doesn't find= any SRK. I really appreciate any help you can provide. Best regards, Marcos _______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org http://lists.xen.org/xen-devel --_000_143522487934054383kthse_ Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable

Okay, /etc/tpm0 is present.

The timeout values are:

752000 2000000 752000 752000 [adjusted]


I have no problem actually upgrading to Ubuntu 15.04 if that might solve= the problem.


Thanks a lot for your reply again.

De: Emil Condrea <emilc= ondrea@gmail.com>
Enviado: jueves, 25 de junio de 2015 11:22
Para: Marcos Sim=F3 Pic=F3
Cc: xen-devel@lists.xen.org
Asunto: Re: [Xen-devel] vTPM issues
 
Sorry, I misspelled, I meant /dev/tpm0 not /etc/tpm0
I remember that once I had this problem when almost all trousers comma= nds
were returning internal software error in domU.
Can you check what are the timeout values?
cat /sys/devices/vtpm-0/timeouts

I remember that there was a bug in ubuntu 14.04 regarding tpm driver.<= /div>
You could try 14.04.2. I am using Ubuntu 15.04 as domU guest and tpm c= omands
run succesfully.

On Thu, Jun 25, 2015 at 12:10 PM, Marcos Sim=F3 = Pic=F3 <marcossp@kth.se> wrote:

Yes, I'm indeed using pv guests. After running #tcsd -f & I get:

TCSD TDDL ioctl: (25) Inappropriate ioctl for device
TCSD TDDL Falling back to Read/Write device support.
TCSD trousers 0.3.5git: TCSD up and running.


I don't know if the problem might be there. When I invoke tpm_takeowners= hip -z -y -l debug it returns exactly the same messages I sent in= my previous email. 


On the other hand, /sys/devices/vtpm-0 is present, but&nb= sp;/etc/tpm0 is not.


Thanks for your reply.


De: Emil Condrea <emilcondrea@gmail.com>
Enviado: jueves, 25 de junio de 2015 10:21
Para: Marcos Sim=F3 Pic=F3
Cc: xen= -devel@lists.xen.org; Xu, Quan
Asunto: Re: [Xen-devel] vTPM issues
 
I guess you a= re using pv guests, I don't know exactly if Quan finished development for h= vm.
I suggest to take a look at tcs= d log:
pkill tcsd
tcsd -f &
tpm_takeownership -z -y -l debu= g
Also can you see if /sys/device= s/vtpm-0 and /dev/tpm0 are present?

On Wed, Jun 24, 2015 at 6:16 PM, Marcos Sim=F3 P= ic=F3 <marcossp@kth.se> wrote:

Hello everyone,


I would like to try the vTPM feature, but I'm having some issues. Basica= lly, I followed the steps explained in https://mhsamsal.wordpress.com/2013/12/05/configuring-virtual-tpm-vtpm-for-= xen-4-3-guest-virtual-machines/


I'm running Ubuntu 14.04 as Dom0 on a Dell optiplex-9020. I compiled Xen= 4.5.0 from source. After creating vtpmmgr and vtpm stubdoms, and DomU, I c= an invoke tpm_version from DomU:


root@DomU:/home/xen# tpm_version
  TPM 1.2 Version Info:
  Chip Version:        1.2.0.7
  Spec Level:          2<= br>   Errata Revision:     1
  TPM Vendor ID:       ETHZ
  TPM Version:         0101000= 0
  Manufacturer Info:   4554485a


I can also see the PCRs status by invoking cat /sys/class/misc/tpm0/devi= ce/pcrs, however, most of the commands return an error. When I invoke takeo= wnership I get the following error:


root@DomU:/home/xen# tpm_takeownership -y -z -l debug
Tspi_Context_Create success
Tspi_Context_Connect success
Tspi_Context_GetTpmObject success
Tspi_GetPolicyObject success
Tspi_Policy_SetSecret success
Tspi_Context_CreateObject success
Tspi_GetPolicyObject success
Tspi_Policy_SetSecret success
Tspi_TPM_TakeOwnership failed: 0x00002004 - layer=3Dtcs, code=3D0004 (4), I= nternal software error
Tspi_Context_CloseObject success
Tspi_Context_FreeMemory success
Tspi_Context_Close success


The same error is given when invoking tpm_getpubkey. I have already trie= d after clearing the TPM from BIOS, after having taken ownership and with o= wnership no taken with the same result when using the vTPM. I have also ins= talled Xen 4.3.4, with the same result too.


In the end, I would like to use the vTPM to generate and use RSA keys fo= r TLS session establishing (using the API provided with GnuTLS). Since = ;I cannot take ownership of the vTPM, the GnuTLS' tpmtool complains it does= n't find any SRK.


I really appreciate any help you can provide.


Best regards,

Marcos


_______________________________________________
Xen-devel mailing list
Xen-devel@list= s.xen.org
http://lists.xen.org/xen-devel



--_000_143522487934054383kthse_-- --===============4495964964602028510== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org http://lists.xen.org/xen-devel --===============4495964964602028510==--