From mboxrd@z Thu Jan 1 00:00:00 1970 From: "Tim Feld" Subject: vTPM NVM, loadkey and trousers questions Date: Tue, 26 Aug 2008 22:58:02 +0200 Message-ID: <20080826205802.257670@gmx.net> Mime-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Return-path: List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-devel-bounces@lists.xensource.com Errors-To: xen-devel-bounces@lists.xensource.com To: xen-devel@lists.xensource.com List-Id: xen-devel@lists.xenproject.org Hi everyone, I am using Xen 3.2.1 with the vtpm-12-patch.diff patch posted in [0]. My = TPM is an Infineon 1.2. In total I have got three different questions: 1. NVM loading problem at VM creation When I am creating a VM the last few lines of the vtpm_manager output are= : TPMD[245]: tpm/tpm_startup.c:45: Info: TPM_Startup(1) Loading NVM. Sending LoadNVM command ERROR[VTPM]: Failed to load NVM .INFO[VTPM]: [VTPM Listener]: VTPM Listener waiting for messages. Reading LoadNVM header For every VM a new tpmd instance is created, ignoring the setting in my V= M config file. In /var/vtpm are only two folders (fifos, socks) and two f= iles (VTPM, vtpm.db). I am missing the one for non volatile memory. Any i= deas what might be wrong here? 2. Using IAIK jTSS in VM (http://trustedjava.sourceforge.net/) I want to use the jTSS in my VMs. Some simple operations like taking owne= rship, extending a PCR and creating keys are working, but there seems to = be a problem when it comes to loading keys.=20 For example, if I try to bind data after taking ownership using the jtpmt= ools example (jtt.sh bind) the operation fails. Java stack trace is: iaik.tc.tss.api.exceptions.tcs.TcTpmException:=20 TSS Error: error layer: 0x00 (TPM) error code (without layer): 0x1f error code (full): 0x1f error message: An IO error occurred transmitting information to the TPM at iaik.tc.tss.impl.java.tcs.pbg.TcTpmCmdCommon.handleRetCode(TcT= pmCmdCommon.java:73) at iaik.tc.tss.impl.java.tcs.pbg.TcTpmCmdDeprMisc.TpmLoadKey(TcTp= mCmdDeprMisc.java:222) at iaik.tc.tss.impl.java.tcs.kcmgr.TcTcsKeyManager.LoadKeyByBlob(= TcTcsKeyManager.java:72) at iaik.tc.tss.impl.java.tcs.tcsi.TcTcsi.TcsipLoadKeyByBlob(TcTcs= i.java:535) A lot of vtpm_manager output is produced. The last few lines are: TPMD[6]: tpm/tpm_cmd_handler.c:4162: Debug: tpm_handle_command() TPMD[6]: tpm/tpm_cmd_handler.c:3466: Debug: [TPM_TAG_RQU_AUTH1_COMMAND] TPMD[6]: tpm/tpm_cmd_handler.c:3654: Debug: [TPM_ORD_LoadKey] TPMD[6]: tpm/tpm_storage.c:526: Info: TPM_LoadKey() TPMD[6]: tpm/tpm_storage.c:528: Debug: [ parentHandle=3D40000000 ] TPMD[6]: tpm/tpm_cmd_handler.c:4117: Info: TPM command succeeded ERROR[VTPM]: [Backend Listener]: Error reading from DMI. Aborting...=20 INFO[VTPM]: [Backend Listener]: Backend Listener waiting for messages. Let me know, if you need the whole output. From my understanding it says = "TPM command succeeded". What's the matter with "Error reading from DMI"?= On my real TPM the command is working.=20 I also tried a self written application using jTSS. When trying to load a= key vtpm_managers output finishes with: TPMD[1]: tpm/tpm_cmd_handler.c:4162: Debug: tpm_handle_command() TPMD[1]: tpm/tpm_cmd_handler.c:3466: Debug: [TPM_TAG_RQU_AUTH1_COMMAND] TPMD[1]: tpm/tpm_cmd_handler.c:3654: Debug: [TPM_ORD_LoadKey] TPMD[1]: tpm/tpm_storage.c:526: Info: TPM_LoadKey() TPMD[1]: tpm/tpm_storage.c:528: Debug: [ parentHandle=3D40000000 ] TPMD[1]: tpm/tpm_cmd_handler.c:4110: Info: TPM command failed: (0x0c) The= key handle presented was invalid. TPMD[1]: tpm/tpm_eviction.c:56: Info: TPM_FlushSpecific() TPMD[1]: tpm/tpm_eviction.c:57: Debug: [ handle=3D02000000 resourceType=3D= 00000002 ] TPMD[1]: tpmd.c:227: Debug: Sent[14]: 0 0 0 1 0 c4 0 0 0 a 0 0 0 c=20 INFO[VTPM]: [Backend Listener]: Sending DMI's response to guest. INFO[VTPM]: [Backend Listener]: Backend Listener waiting for messages. Again this program is running well on a real TPM and I created the key wh= ich is tried to load before. 3. Trousers 0.2.9 IAIK provides a java wrapper to use the TPM. Unfortunately this is only w= orking with trousers version 0.2.9. Using trousers 0.3.1 the tpm tools li= ke tpm_version are working. But as mentioned, the wrapper is only compati= ble with 0.2.9. =20 Using that version (no matter if I apply IFX patch or not) the result of = tpm_version is:=20 Tspi_Context_Connect failed: 0x00003004 - layer=3Dtsp, code=3D0004 (4), I= nternal software error TCSD's output: TCSD svrside.c:272 accepted socket 6 TCSD tcsd_threads.c:225 Rx'd packet TCSD tcsd_wrap.c:4060 Dispatching ordinal 1 TCSD tcsd_wrap.c:366 thread b7c7eb90 servicing a tcs_wrap_OpenContext req= uest TCSD tcsd_threads.c:252 Sending 0x21 bytes back TCS tcs_utils.c:1317 Socket connection closed. TCSD tcsd_threads.c:264 Thread exiting. TCS tcscm.c:40 Closing context A0907600 TCS tcscm.c:52 Context A0907600 closed When I start tcsd the following output appears: TDDL tddl.c:105 Calling write to driver TDDL tddl.c:116 ioctl: (25) Inappropriate ioctl for device TDDL tddl.c:117 Falling back to Read/Write device support. Does anyone know if 0.2.9 is just outdated or should it be working and th= ere is something else wrong? Any hints are very welcome! Thanks in advance Tim [0]http://lists.xensource.com/archives/html/xense-devel/2007-04/msg00005.= html --=20 Ist Ihr Browser Vista-kompatibel? Jetzt die neuesten=20 Browser-Versionen downloaden: http://www.gmx.net/de/go/browser --=20 Der GMX SmartSurfer hilft bis zu 70% Ihrer Onlinekosten zu sparen!=20 Ideal f=FCr Modem und ISDN: http://www.gmx.net/de/go/smartsurfer