vtpm_managerd and default passwords

All of lore.kernel.org
 help / color / mirror / Atom feed

* vtpm_managerd and default passwords
@ 2007-07-26 14:56 Luke
  2007-07-26 20:53 ` Cihula, Joseph
  0 siblings, 1 reply; 4+ messages in thread
From: Luke @ 2007-07-26 14:56 UTC (permalink / raw)
  To: xen-devel

Looking through the code in tools/vtpm_manager/manager/vtpm_manager.c, I
see that when you start the vtpm_manager for the first time, that it
takes ownership of the TPM and sets the password to be 20 unprintable
ascii characters (0xff 20 times).

This seems to work fine, but later, I want to create a key with the TPM.
 I've made a file using python, using:

a = ""
for i in range(20):
	a = a + "\xff"
open("ascii_file","w").write(a)

when I use that as the password, I still get TPM_AUTHFAIL.
This is using the createkey utility found at:
http://domino.research.ibm.com/comm/research_projects.nsf/pages/gsal.TCG.html/$FILE/tpm-3.2.0.tar.gz

It's pretty straightforward, so I'm wondering if I'm not understanding
how the SRK password gets set in actuality.

Any ideas on what I might be doing wrong/how to fix this?

Specifically, should vtpm_managerd take an SRK password as a parameter?
 This seems much more sane.  Does this exist already, and I've just
missed it?

Apologies if this is more xen-user than xen-devel.

^ permalink raw reply	[flat|nested] 4+ messages in thread

* RE: vtpm_managerd and default passwords
  2007-07-26 14:56 vtpm_managerd and default passwords Luke
@ 2007-07-26 20:53 ` Cihula, Joseph
  2007-07-31  2:30   ` Luke St.Clair
  0 siblings, 1 reply; 4+ messages in thread
From: Cihula, Joseph @ 2007-07-26 20:53 UTC (permalink / raw)
  To: Luke, xen-devel

Luke <> scribbled on Thursday, July 26, 2007 7:57 AM:
> Looking through the code in
> tools/vtpm_manager/manager/vtpm_manager.c, I see that when you start
> the vtpm_manager for the first time, that it takes ownership of the
> TPM and sets the password to be 20 unprintable ascii characters (0xff
> 20 times). 
> 
> This seems to work fine, but later, I want to create a key with the
>  TPM. I've made a file using python, using:
> 
> a = ""
> for i in range(20):
> 	a = a + "\xff"
> open("ascii_file","w").write(a)
> 
> when I use that as the password, I still get TPM_AUTHFAIL.
> This is using the createkey utility found at:
>
http://domino.research.ibm.com/comm/research_projects.nsf/pages/gsal.TCG
.html/$FILE/tpm-3.2.0.tar.gz
> 
> It's pretty straightforward, so I'm wondering if I'm not understanding
> how the SRK password gets set in actuality.
> 
> Any ideas on what I might be doing wrong/how to fix this?

>From looking at the createkey utility source, it appears that it creates
a SHA-1 hash of the SRK auth provided on the command line.  The vTPM
Manager does not SHA the SRK auth.  So I think that you will need to add
another option to createkey that takes a provided auth as-is and then
try your file of all ff's.

> Specifically, should vtpm_managerd take an SRK password as a
>  parameter? This seems much more sane.  Does this exist already, and
> I've just missed it?

vTPM Manager is not intended to run alongside other TPM applications.
It does not use a TSS, and so it would not work well to try and use the
TPM simulataneously.  Similarly, it is not the expected use model that
once you have started using vTPM Manager that you will stop it, do some
things with the TPM, and then run it again.

Can you describe how you would like to use the TPM and vTPM?

> 
> Apologies if this is more xen-user than xen-devel.
> 
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@lists.xensource.com
> http://lists.xensource.com/xen-devel

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: vtpm_managerd and default passwords
  2007-07-26 20:53 ` Cihula, Joseph
@ 2007-07-31  2:30   ` Luke St.Clair
  2007-07-31 17:41     ` Luke
  0 siblings, 1 reply; 4+ messages in thread
From: Luke St.Clair @ 2007-07-31  2:30 UTC (permalink / raw)
  To: xen-devel


On Jul 26, 2007, at 4:53 PM, Cihula, Joseph wrote:

>
>> From looking at the createkey utility source, it appears that it  
>> creates
> a SHA-1 hash of the SRK auth provided on the command line.  The vTPM
> Manager does not SHA the SRK auth.  So I think that you will need  
> to add
> another option to createkey that takes a provided auth as-is and then
> try your file of all ff's.
>
>> Specifically, should vtpm_managerd take an SRK password as a
>>  parameter? This seems much more sane.  Does this exist already, and
>> I've just missed it?
>
> vTPM Manager is not intended to run alongside other TPM applications.
> It does not use a TSS, and so it would not work well to try and use  
> the
> TPM simulataneously.  Similarly, it is not the expected use model that
> once you have started using vTPM Manager that you will stop it, do  
> some
> things with the TPM, and then run it again.
>
> Can you describe how you would like to use the TPM and vTPM?

My goal is to be able to do all of the following, though no two need  
to occur simultaneously

1) Run vtpm_managerd
2) create tpm keys in the dom0
3) create vtpm keys in the domu

Fixing the createkey worked like a charm in the dom0.

I still get TPM IOErrors in the domU though.

Can keys still be created using the VTPM?  Do they persist over  
multiple vtpm_managerd sessions?

If keys can be created, can anyone give an idea of how to do so?

-- 
Luke

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: vtpm_managerd and default passwords
  2007-07-31  2:30   ` Luke St.Clair
@ 2007-07-31 17:41     ` Luke
  0 siblings, 0 replies; 4+ messages in thread
From: Luke @ 2007-07-31 17:41 UTC (permalink / raw)
  To: xen-devel

Luke St.Clair wrote:
> 
> On Jul 26, 2007, at 4:53 PM, Cihula, Joseph wrote:
> 
>>
>>> From looking at the createkey utility source, it appears that it creates
>> a SHA-1 hash of the SRK auth provided on the command line.  The vTPM
>> Manager does not SHA the SRK auth.  So I think that you will need to add
>> another option to createkey that takes a provided auth as-is and then
>> try your file of all ff's.
>>
>>> Specifically, should vtpm_managerd take an SRK password as a
>>>  parameter? This seems much more sane.  Does this exist already, and
>>> I've just missed it?
>>
>> vTPM Manager is not intended to run alongside other TPM applications.
>> It does not use a TSS, and so it would not work well to try and use the
>> TPM simulataneously.  Similarly, it is not the expected use model that
>> once you have started using vTPM Manager that you will stop it, do some
>> things with the TPM, and then run it again.
>>
>> Can you describe how you would like to use the TPM and vTPM?
> 
> My goal is to be able to do all of the following, though no two need to
> occur simultaneously
> 
> 1) Run vtpm_managerd
> 2) create tpm keys in the dom0
> 3) create vtpm keys in the domu
> 
> Fixing the createkey worked like a charm in the dom0.
> 
> I still get TPM IOErrors in the domU though.
> 
> Can keys still be created using the VTPM?  Do they persist over multiple
> vtpm_managerd sessions?
> 
> If keys can be created, can anyone give an idea of how to do so?

The solution was quite simple - I simply hadn't taken ownership of the
virtual TPM from within the domU.

It is fixed now, and works quite well.  I've yet to check persistence
over sessions, but at least key creation/loading is working.

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2007-07-31 17:41 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2007-07-26 14:56 vtpm_managerd and default passwords Luke
2007-07-26 20:53 ` Cihula, Joseph
2007-07-31  2:30   ` Luke St.Clair
2007-07-31 17:41     ` Luke

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.