From mboxrd@z Thu Jan 1 00:00:00 1970 From: "Tim Feld" Subject: Re: vTPM NVM, loadkey and trousers questions Date: Thu, 28 Aug 2008 12:18:04 +0200 Message-ID: <20080828101804.9610@gmx.net> References: <20080826205802.257670@gmx.net> <48B55A5D.9030005@bayer.gen.tr> Mime-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Return-path: In-Reply-To: <48B55A5D.9030005@bayer.gen.tr> List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-devel-bounces@lists.xensource.com Errors-To: xen-devel-bounces@lists.xensource.com To: Erdem Bayer Cc: xen-devel@lists.xensource.com List-Id: xen-devel@lists.xenproject.org Hi Erdem, thanks for your reply. > See post in [0] about loading keys into vTPM on infineon 1.2 TPMs. IMO,= =20 > you also need this patch. Are you using Xen 3.1.x yet? I am pretty sure the patch you mentioned is = included in Xen 3.2.1. > Could you send any progress about this NVM issue. This is one of my=20 > biggest problems in vTPM and I want to see if anyone gets it work. I will definitely keep you posted on any progress concerning this.=20 Tim > [0] > http://lists.xensource.com/archives/html/xen-devel/2008-02/msg01092.htm= l >=20 > Tim Feld wrote On 26-08-2008 23:58: > > Hi everyone, > > > > I am using Xen 3.2.1 with the vtpm-12-patch.diff patch posted in [0].= My > TPM is an Infineon 1.2. In total I have got three different questions: > > > > 1. NVM loading problem at VM creation > > When I am creating a VM the last few lines of the vtpm_manager output > are: > > TPMD[245]: tpm/tpm_startup.c:45: Info: TPM_Startup(1) > > Loading NVM. > > Sending LoadNVM command > > ERROR[VTPM]: Failed to load NVM > > .INFO[VTPM]: [VTPM Listener]: VTPM Listener waiting for messages. > > Reading LoadNVM header > > > > For every VM a new tpmd instance is created, ignoring the setting in = my > VM config file. In /var/vtpm are only two folders (fifos, socks) and tw= o > files (VTPM, vtpm.db). I am missing the one for non volatile memory. An= y > ideas what might be wrong here? > > > > > > 2. Using IAIK jTSS in VM (http://trustedjava.sourceforge.net/) > > I want to use the jTSS in my VMs. Some simple operations like taking > ownership, extending a PCR and creating keys are working, but there see= ms to > be a problem when it comes to loading keys.=20 > > For example, if I try to bind data after taking ownership using the > jtpmtools example (jtt.sh bind) the operation fails. Java stack trace i= s: > > iaik.tc.tss.api.exceptions.tcs.TcTpmException:=20 > > > > TSS Error: > > error layer: 0x00 (TPM) > > error code (without layer): 0x1f > > error code (full): 0x1f > > error message: An IO error occurred transmitting information to the T= PM > > > > at > iaik.tc.tss.impl.java.tcs.pbg.TcTpmCmdCommon.handleRetCode(TcTpmCmdComm= on.java:73) > > at > iaik.tc.tss.impl.java.tcs.pbg.TcTpmCmdDeprMisc.TpmLoadKey(TcTpmCmdDeprM= isc.java:222) > > at > iaik.tc.tss.impl.java.tcs.kcmgr.TcTcsKeyManager.LoadKeyByBlob(TcTcsKeyM= anager.java:72) > > at > iaik.tc.tss.impl.java.tcs.tcsi.TcTcsi.TcsipLoadKeyByBlob(TcTcsi.java:53= 5) > > > > A lot of vtpm_manager output is produced. The last few lines are: > > TPMD[6]: tpm/tpm_cmd_handler.c:4162: Debug: tpm_handle_command() > > TPMD[6]: tpm/tpm_cmd_handler.c:3466: Debug: [TPM_TAG_RQU_AUTH1_COMMAN= D] > > TPMD[6]: tpm/tpm_cmd_handler.c:3654: Debug: [TPM_ORD_LoadKey] > > TPMD[6]: tpm/tpm_storage.c:526: Info: TPM_LoadKey() > > TPMD[6]: tpm/tpm_storage.c:528: Debug: [ parentHandle=3D40000000 ] > > TPMD[6]: tpm/tpm_cmd_handler.c:4117: Info: TPM command succeeded > > ERROR[VTPM]: [Backend Listener]: Error reading from DMI. Aborting...=20 > > INFO[VTPM]: [Backend Listener]: Backend Listener waiting for messages= . > > > > Let me know, if you need the whole output. From my understanding it s= ays > "TPM command succeeded". What's the matter with "Error reading from DMI= "? > On my real TPM the command is working.=20 > > > > I also tried a self written application using jTSS. When trying to lo= ad > a key vtpm_managers output finishes with: > > TPMD[1]: tpm/tpm_cmd_handler.c:4162: Debug: tpm_handle_command() > > TPMD[1]: tpm/tpm_cmd_handler.c:3466: Debug: [TPM_TAG_RQU_AUTH1_COMMAN= D] > > TPMD[1]: tpm/tpm_cmd_handler.c:3654: Debug: [TPM_ORD_LoadKey] > > TPMD[1]: tpm/tpm_storage.c:526: Info: TPM_LoadKey() > > TPMD[1]: tpm/tpm_storage.c:528: Debug: [ parentHandle=3D40000000 ] > > TPMD[1]: tpm/tpm_cmd_handler.c:4110: Info: TPM command failed: (0x0c) > The key handle presented was invalid. > > TPMD[1]: tpm/tpm_eviction.c:56: Info: TPM_FlushSpecific() > > TPMD[1]: tpm/tpm_eviction.c:57: Debug: [ handle=3D02000000 > resourceType=3D00000002 ] > > TPMD[1]: tpmd.c:227: Debug: Sent[14]: 0 0 0 1 0 c4 0 0 0 a 0 0 0 c=20 > > > > INFO[VTPM]: [Backend Listener]: Sending DMI's response to guest. > > INFO[VTPM]: [Backend Listener]: Backend Listener waiting for messages= . > > > > Again this program is running well on a real TPM and I created the ke= y > which is tried to load before. > > > > > > 3. Trousers 0.2.9 > > IAIK provides a java wrapper to use the TPM. Unfortunately this is on= ly > working with trousers version 0.2.9. Using trousers 0.3.1 the tpm tools > like tpm_version are working. But as mentioned, the wrapper is only com= patible > with 0.2.9. =20 > > Using that version (no matter if I apply IFX patch or not) the result= of > tpm_version is:=20 > > Tspi_Context_Connect failed: 0x00003004 - layer=3Dtsp, code=3D0004 (4= ), > Internal software error > > TCSD's output: > > TCSD svrside.c:272 accepted socket 6 > > TCSD tcsd_threads.c:225 Rx'd packet > > TCSD tcsd_wrap.c:4060 Dispatching ordinal 1 > > TCSD tcsd_wrap.c:366 thread b7c7eb90 servicing a tcs_wrap_OpenContext > request > > TCSD tcsd_threads.c:252 Sending 0x21 bytes back > > TCS tcs_utils.c:1317 Socket connection closed. > > TCSD tcsd_threads.c:264 Thread exiting. > > TCS tcscm.c:40 Closing context A0907600 > > TCS tcscm.c:52 Context A0907600 closed > > > > When I start tcsd the following output appears: > > TDDL tddl.c:105 Calling write to driver > > TDDL tddl.c:116 ioctl: (25) Inappropriate ioctl for device > > TDDL tddl.c:117 Falling back to Read/Write device support. > > > > Does anyone know if 0.2.9 is just outdated or should it be working an= d > there is something else wrong? > > > > Any hints are very welcome! > > > > Thanks in advance > > Tim > > > > > [0]http://lists.xensource.com/archives/html/xense-devel/2007-04/msg0000= 5.html > > > > =20 >=20 > _______________________________________________ > Xen-devel mailing list > Xen-devel@lists.xensource.com > http://lists.xensource.com/xen-devel --=20 GMX Kostenlose Spiele: Einfach online spielen und Spa=DF haben mit Pastry= Passion! http://games.entertainment.gmx.net/de/entertainment/games/free/puzzle/616= 9196