From: Erdem Bayer <ebayer@bayer.gen.tr>
To: xen-devel@lists.xensource.com
Subject: [Fwd: [Xense-devel] Save state of vtpm]
Date: Wed, 26 Mar 2008 06:42:47 +0200 [thread overview]
Message-ID: <47E9D447.5040302@bayer.gen.tr> (raw)
[-- Attachment #1: Type: text/plain, Size: 106 bytes --]
Hi
I am forwarding this message I sent to xense-devel for search of more help.
Kind regards
Erdem Bayer
[-- Attachment #2: [Xense-devel] Save state of vtpm.eml --]
[-- Type: message/rfc822, Size: 5562 bytes --]
From: Erdem Bayer <ebayer@bayer.gen.tr>
To: xense-devel@lists.xensource.com
Cc: "Emre Yüce" <emre.yuce@portakalteknoloji.com>
Subject: [Xense-devel] Save state of vtpm
Date: Tue, 25 Mar 2008 17:35:00 +0200
Message-ID: <47E91BA4.4060103@bayer.gen.tr>
Hi
When I start a domain with the option vtpm = [ 'instance=1, backend=0' ]
vtpm_manager on dom0 correctly starts a new vtpmd process with the
following options:
vtpmd clear pvm 1
I can accomplish all tpm operations on this vtpm from domU. I can see
the instance is recorded to vtpm database correctly:
cat /etc/xen/vtpm.db
#Database for VM to vTPM association
#1st column: domain name
#2nd column: TPM instance number
pardus-client 1
However when I restart or shutdown the domain and start again, vtpmd
starts a new vtpm instance with clear option again, which I think is
wrong. So all my previously created keys are lost on new instance,
because previous SRK key is lost.
So the most important question follows: How do I save state of a vtpm
across domU reboots?
I checked the code for this clear parameter, and my understanding is as
follows:
vtpm is based on tpm_emulator and tpm_emulator have 3 states:
deactivate, save, clear. Whenever I start a new domain, xen starts vtpm
with clear parameter.
vtpm_create_instance() creates a new vtpm instance and determines what
to do with it with the return value of vtpm_get_create_reason(), which
returns the value of xenbus/resume. vtpm_create_instance() then sends a
command to the tpm with a fifo about whether to resume or start a vtpm
instance. When the command sent is start, vtpm just clears all the PCR's
and keys on the existing vtpm instance.
Is this vtpm_resume something related to domain save/restore and
suspend/resume therefore completely irrelevant to the subject? (like the
backend driver restarted all frontend connections must be resumed) I
assume this because I saw the code about netfront and blkfront driver
codes, which includes this resume command sended with xenbus. But the
tpm frontend xenu driver does not include information abut this.
How do I save state of the vtpm across domU shutdowns?
Kind regards
Erdem Bayer
_______________________________________________
Xense-devel mailing list
Xense-devel@lists.xensource.com
http://lists.xensource.com/xense-devel
[-- Attachment #3: Type: text/plain, Size: 138 bytes --]
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel
reply other threads:[~2008-03-26 4:42 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=47E9D447.5040302@bayer.gen.tr \
--to=ebayer@bayer.gen.tr \
--cc=xen-devel@lists.xensource.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.