From mboxrd@z Thu Jan 1 00:00:00 1970 From: Erdem Bayer Subject: Re: [Xense-devel] Infineon vtpm problem Date: Fri, 29 Feb 2008 13:04:56 +0200 Message-ID: <47C7E6D8.20404@bayer.gen.tr> References: Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-devel-bounces@lists.xensource.com Errors-To: xen-devel-bounces@lists.xensource.com To: Stefan Berger Cc: xen-devel@lists.xensource.com, xense-devel@lists.xensource.com List-Id: xen-devel@lists.xenproject.org Hi For the record, the patch you sent to the xen-devel list (http://lists.xensource.com/archives/html/xen-devel/2008-02/msg01092.html) eliminated the problem. Thank you very much for your time and effort. Erdem Bayer Stefan Berger wrote On 28-02-2008 22:02: > > xen-devel-bounces@lists.xensource.com wrote on 02/28/2008 03:42:07 AM: > > > Hi > > > > I have looked through some source code and have the following questions: > > > > 1) > > in tools/vtpm/vtpm/tpm/tpm_storage.c > > > > TPM_RESULT TPM_LoadKey2(TPM_KEY_HANDLE parentHandle, TPM_KEY *inKey, > > TPM_AUTH *auth1, TPM_KEY_HANDLE *inkeyHandle) > > { > > info("TPM_LoadKey2() is currently emulated by TPM_LoadKey()"); > > return TPM_LoadKey(parentHandle, inKey, auth1, inkeyHandle); > > } > > > > So TPM_LoadKey2 is actually a wrapper around TPM_LoadKey() with exactly > > same parameters. My question is if they are using same parameters why > > one fails while the other succeeds? > > It's (for example) the return path that's different. TPM_LoadKey2() > does NOT calculate the HMAC over the key's handle. And that's actually > the source of the bug. > > > > > And why is it necessary to wrap the TPM_LoadKey function with exactly > > same call? Any pointers would be highly appreciated. > > > Here's a link to a fairly recent version of the specification. > > https://www.trustedcomputinggroup.org/specs/TPM/mainP3Commandsrev103.zip > > > > > 2) > > in tools/vtpm/vtpm/tpm/tpm_commands.h > > > > * Description: ([TPM_Part3], Section 10.5) > > > > What is this TPM_Part3 document mentioned here and where can I locate > > it? Is this the document named "TPM Main Part3 IBM Commands" written by > > Ken Goldman and you? If that is correct, I have Revision 10 of this > > document dated 25 April 2005 and that document does not have Section > > 10.5. Is there a more recent version that I am not aware of? > > No, this is not referring to that document. It's referring to the one > link above. > > > > > 3) Is this problem specific to TPM hardware (ie only infinion tpm) or > > xen version? > > It's a bug in the TPM emulator. > > This patch here does the trick. When I have some time I'll try to > prepare a patch for the patch that the Xen build process applies on > top of the tpm emulator code. I'll also send it to the maintainer(s) > of the tpm emualtor. > > --- ./tpm_emulator/tpm/tpm_cmd_handler.c 2008-02-27 > 16:35:41.000000000 -0500 > +++ vtpm/tpm/tpm_cmd_handler.c 2008-02-28 14:43:28.000000000 -0500 > @@ -94,12 +94,18 @@ void tpm_compute_out_param_digest(TPM_CO > sha1_ctx_t sha1; > UINT32 res = CPU_TO_BE32(rsp->result); > UINT32 ord = CPU_TO_BE32(ordinal); > + UINT32 offset = 0; > > /* compute SHA1 hash */ > sha1_init(&sha1); > sha1_update(&sha1, (BYTE*)&res, 4); > sha1_update(&sha1, (BYTE*)&ord, 4); > - sha1_update(&sha1, rsp->param, rsp->paramSize); > + if (ordinal == TPM_ORD_LoadKey2) { > + offset = 4; > + } > + if (rsp->paramSize - offset > 0) { > + sha1_update(&sha1, rsp->param + offset, rsp->paramSize - offset); > + } > sha1_final(&sha1, rsp->auth1->digest); > if (rsp->auth2 != NULL) memcpy(rsp->auth2->digest, > rsp->auth1->digest, sizeof(rsp->auth1->digest)); > > Please try it. > > > > > > 4) You said you used some tools to trace and alter tss behaviour. What > > is this tool and how can I obtain it? > > It's not a publicly available tool. It's basically forming the TPM > commands directly and writes them to /dev/tpm0 and so circumvents the > TSS stack. > > Stefan > > > > > > Thanks for your time > > Erdem Bayer > > > > Stefan Berger wrote On 28-02-2008 04:47: > > > > > > xense-devel-bounces@lists.xensource.com wrote on 02/27/2008 > 04:02:41 PM: > > > > > > > Hi > > > > > > > > I have checked out the 0.3.2cvs version of trousers and finally > get the > > > > tsstest working with very few differences from when it is run under > > > > non-xen host. My previous attempts was on 0.3.1 (stable). > > > > > > > > However when run tpm_sealdata, I still get > > > > > > > > Tspi_Key_LoadKey failed: 0x00003113 - layer=tsp, code=0113 (275), > > > > Authorization failed. > > > > > > So, I just tried this and I ran into the same problem. I then used > > > some tools that let me control whether to use TPM_LoadKey() or > > > TPM_LoadKey2(). Loading a key with TPM_LoadKey2() failed due to HMAC > > > authorization failing, TPM_LoadKey() worked. From what I saw is that > > > the TSS is using TPM_LoadKey2() and the TPM implementation then > states > > > that TPM_LoadKey2() is emulated using TPM_LoadKey(). Well, it > seems to > > > be a bug in the TPM_LoadKey2() implementation. > > > > > > > > > > > This reminds me that maybe I am using vtpm wrong way. Is there a > > > > document about how to use vtpm? > > > > > > > No, you are using it correctly. > > > > > > Stefan > > > > > > > > > > > > > Here is what I do from sratch: > > > > > > > > 1. Clear and reactivate TPM from bios. > > > > 2. Run vtpm_managerd in dom0 and let it continue running on console. > > > > 3. Boot domU with vif statement in config file. > > > > 4. Run tcsd -f on domU and let it continue running on console. > > > > > > > > From now on every tpm operation I run on domU returns an error. > > > > > > > > Operations tried on domU > > > > > > > > 1. I tried tpm_takeownership with success (although I see an > error on > > > > tcsd -f output, I assume it is normal because I see exact same error > > > > when I run takeownership from non-xen host and actually prove > ownership > > > > taken by using sealdata successfully) but when I try > tpm_sealdata I get > > > > above error. > > > > > > > > 2. After starting from scratch, I tried tpm_sealdata without > first try > > > > to take ownership. This time there is a different output: > > > > > > > > Enter SRK password: > > > > Tspi_Key_CreateKey failed: 0x00000003 - layer=tpm, code=0003 > (3), Bad > > > > Parameter > > > > > > > > I think I am not able to use vtpm because probably I am not > doing the > > > > right sequence of actions on domU. So if there is a document > about vtpm > > > > usage, please point me to it. > > > > > > > > And here is another question: > > > > > > > > I never run tpm_takeownership on dom0. Whenever I start from > scratch I > > > > let the vtpm_managerd to take ownership of tpm. However, I do > not know > > > > the owner or srk password it uses. When I use vtpm on domU and > asked > > > for > > > > the srk pasword, which password should I enter? Also, should I take > > > > ownership of vtpm on domU every time I booted it? How do I save > > > state of > > > > the vtpm for a domain across boots? > > > > > > > > Thanks for time. > > > > Erdem Bayer > > > > > > > > > > > > Stefan Berger wrote On 27-02-2008 05:59: > > > > > > > > > > xense-devel-bounces@lists.xensource.com wrote on 02/26/2008 > > > 06:28:01 PM: > > > > > > > > > > > Hi > > > > > > > > > > > > I have successfully applied the patch mentioned here > > > > > > > > > > > > > > > (http://lists.xensource.com/archives/html/xense-devel/2007-04/msg00005.html > > > > ) > > > > > > > > > > > to the xen v. 3.1.3 on an HP nx8325 with Infineon TPM. > > > > > > > > > > > > I cleared the tpm, deleted /var/vtpm/VTPM file and rebooted. > > > > > > > > > > > > After reboot, vtpm_managerd runs ok. (output is attched to the > > > mail.) > > > > > > > > > > > > I created a pv vm with the option vtpm = ['instance=1, > > > backend=0'] The > > > > > > vm boots fine. > > > > > > > > > > > > I installed trousers-0.3.1 and tpm-tools-1.3.1 from sources on > > > the vm. > > > > > > > > > > > > I run tcsd -f on the vm. (output is attched to the mail.) > > > > > > > > > > > > I checkout and run the trousers test suite. 10 tests passed > with 230 > > > > > > failed. (Is this expected?) > > > > > > > > > > > > > > > It is likely that this (v)TPM implementation has quite a few > bugs, > > > but > > > > > I would not expect that many errors. > > > > > > > > > > > > > > > > > When I try tpm_takeownership on the vm, the command runs fine. > > > > > (Although > > > > > > a strange warning appers on tcsd output which is attched). > > > > > > > > > > This error may be related to older versions of the TPM device > driver > > > > > having used an ioctl interface for sending/receiving commands > to/from > > > > > the TPM and the TSS still tries this interface first. This > should not > > > > > be a reason for the errors you are seeing. > > > > > > > > > > > > > > > > > But when I try tpm_sealdata < foo on the vm I get the following > > > error. > > > > > > > > > > > > Tspi_Key_LoadKey failed: 0x00003113 - layer=tsp, code=0113 > (275), > > > > > > Authorization failed > > > > > > > > > > > > But other tpm_version runs fine on vm. > > > > > > > > > > > > tpm-test:~# tpm_version > > > > > > TPM 1.2 Version Info: > > > > > > Chip Version: 1.2.0.4 > > > > > > Spec Level: 2 > > > > > > Errata Revision: 94 > > > > > > TPM Vendor ID: > > > > > > TPM Version: 01010000 > > > > > > Manufacturer Info: 4554485a > > > > > > > > > > > > Also this quote is from Xen User's Guide: > > > > > > > > > > > > "Similarly, the TPM frontend driver must be compiled for the > kernel > > > > > > trying to use TPM functionality. Its driver can be selected > in the > > > > > > kernel configuration section Device Driver / Character > Devices / TPM > > > > > > Devices. Along with that the TPM driver for the built-in TPM > must be > > > > > > selected." > > > > > > > > > > > > According to my understanding driver for the built-in TPM > must be > > > > > > selected on the kernel where TPM frontend driver is used. Am I > > > correct > > > > > > about this assumption? (The problem is tpm_infineon driver can > > > not be > > > > > > > > > > The driver for the built-in Infineon TPM must be built into > Domain-0, > > > > > the TPM frontend driver in the guest domain and the backend driver > > > > > also into Domain-0. This has probably been done correctly since > > > > > otherwise the vTPM would not work at all. > > > > > > > > > > > > > > > > selected on an unpriviledged kernel, it can only be selected > on a > > > > > > priviledged kernel) > > > > > > > > > > > > Am I missing something here? Why do I get auth errors? > > > > > > > > > > > > > > > Did you try to run the same sequence of comands (tpm commands, > test > > > > > suite etc.) on a plain Linux kernel with the TSS stack against the > > > > > built-in Infineone TPM? From what I remember, the test suite > for the > > > > > TSS stack either tries to set a specific TPM owner password or it > > > must > > > > > previously have been set to it by the user, otherwise many > > > > > authentication errors will occur. > > > > > > > > > > Stefan > > > > > > > > > > > > > > > > > Thanks in advance. > > > > > > > > > > > > Erdem Bayer > > > > > > [attachment "vtpm_managerd.out" deleted by Stefan > Berger/Watson/IBM] > > > > > > [attachment "tcsd.out" deleted by Stefan Berger/Watson/IBM] > > > > > > _______________________________________________ > > > > > > Xense-devel mailing list > > > > > > Xense-devel@lists.xensource.com > > > > > > http://lists.xensource.com/xense-devel > > > > > > > > _______________________________________________ > > > > Xense-devel mailing list > > > > Xense-devel@lists.xensource.com > > > > http://lists.xensource.com/xense-devel > > > > _______________________________________________ > > Xen-devel mailing list > > Xen-devel@lists.xensource.com > > http://lists.xensource.com/xen-devel