From mboxrd@z Thu Jan 1 00:00:00 1970 From: Erdem Bayer Subject: [Fwd: [Xense-devel] Save state of vtpm] Date: Wed, 26 Mar 2008 06:42:47 +0200 Message-ID: <47E9D447.5040302@bayer.gen.tr> Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="------------060102050708040506060700" Return-path: List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-devel-bounces@lists.xensource.com Errors-To: xen-devel-bounces@lists.xensource.com To: xen-devel@lists.xensource.com List-Id: xen-devel@lists.xenproject.org This is a multi-part message in MIME format. --------------060102050708040506060700 Content-Type: text/plain; charset=ISO-8859-9; format=flowed Content-Transfer-Encoding: 7bit Hi I am forwarding this message I sent to xense-devel for search of more help. Kind regards Erdem Bayer --------------060102050708040506060700 Content-Type: message/rfc822; name="[Xense-devel] Save state of vtpm.eml" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="[Xense-devel] Save state of vtpm.eml" Return-Path: xense-devel-bounces@lists.xensource.com Received: from meltem.ieee.metu.edu.tr (LHLO meltem.ieee.metu.edu.tr) (144.122.166.68) by meltem.ieee.metu.edu.tr with LMTP; Tue, 25 Mar 2008 17:38:36 +0200 (EET) Received: from localhost (localhost [127.0.0.1]) by meltem.ieee.metu.edu.tr (Postfix) with ESMTP id 043E7209BE for ; Tue, 25 Mar 2008 17:38:36 +0200 (EET) X-Virus-Scanned: amavisd-new at X-Spam-Flag: NO X-Spam-Score: -2.57 X-Spam-Level: X-Spam-Status: No, score=-2.57 tagged_above=-10 required=6.6 tests=[AWL=0.029, BAYES_00=-2.599] Received: from meltem.ieee.metu.edu.tr ([127.0.0.1]) by localhost (meltem.ieee.metu.edu.tr [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9v66eSlJSQpS for ; Tue, 25 Mar 2008 17:38:18 +0200 (EET) Received: from lists.xensource.com (vm04-bcn-london.deploy.xenoserver.org [217.147.82.229]) by meltem.ieee.metu.edu.tr (Postfix) with ESMTP id AC36720966 for ; Tue, 25 Mar 2008 17:38:15 +0200 (EET) Received: from localhost ([127.0.0.1] helo=lists.xensource.com) by host-192-168-0-1-bcn-london with esmtp (Exim 4.50) id 1JeBLF-00004w-6E; Tue, 25 Mar 2008 15:45:37 +0000 Received: from [192.168.0.10] (helo=lists.xensource.com) by host-192-168-0-1-bcn-london with esmtp (Exim 4.50) id 1JeBLB-0008Tt-El for xense-devel@lists.xensource.com; Tue, 25 Mar 2008 15:45:33 +0000 Received: from meltem.ieee.metu.edu.tr ([144.122.166.68]) by lists.xensource.com with esmtp (Exim 4.50) id 1JeBL5-0004PI-LC for xense-devel@lists.xensource.com; Tue, 25 Mar 2008 15:45:31 +0000 Received: from localhost (localhost [127.0.0.1]) by meltem.ieee.metu.edu.tr (Postfix) with ESMTP id C763E209BE; Tue, 25 Mar 2008 17:37:57 +0200 (EET) X-Virus-Scanned: amavisd-new at Received: from meltem.ieee.metu.edu.tr ([127.0.0.1]) by localhost (meltem.ieee.metu.edu.tr [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZriaoiXXFpgi; Tue, 25 Mar 2008 17:37:34 +0200 (EET) Received: from [192.168.46.129] (unknown [85.109.49.212]) by meltem.ieee.metu.edu.tr (Postfix) with ESMTP id 4A17620971; Tue, 25 Mar 2008 17:37:33 +0200 (EET) Message-ID: <47E91BA4.4060103@bayer.gen.tr> Date: Tue, 25 Mar 2008 17:35:00 +0200 From: Erdem Bayer User-Agent: Thunderbird 2.0.0.12 (X11/20071115) MIME-Version: 1.0 To: xense-devel@lists.xensource.com Content-Type: text/plain; charset=ISO-8859-9; format=flowed Content-Transfer-Encoding: 7bit X-SA-Exim-Connect-IP: 144.122.166.68 X-SA-Exim-Mail-From: ebayer@bayer.gen.tr X-SA-Exim-Version: 4.2.1 (built Mon, 27 Mar 2006 13:42:28 +0200) X-SA-Exim-Scanned: Yes (on lists.xensource.com) Cc: =?ISO-8859-9?Q?Emre_Y=FCce?= Subject: [Xense-devel] Save state of vtpm X-BeenThere: xense-devel@lists.xensource.com X-Mailman-Version: 2.1.5 Precedence: list List-Id: "A discussion list for those developing security enhancements for Xen." List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xense-devel-bounces@lists.xensource.com Errors-To: xense-devel-bounces@lists.xensource.com Hi When I start a domain with the option vtpm = [ 'instance=1, backend=0' ] vtpm_manager on dom0 correctly starts a new vtpmd process with the following options: vtpmd clear pvm 1 I can accomplish all tpm operations on this vtpm from domU. I can see the instance is recorded to vtpm database correctly: cat /etc/xen/vtpm.db #Database for VM to vTPM association #1st column: domain name #2nd column: TPM instance number pardus-client 1 However when I restart or shutdown the domain and start again, vtpmd starts a new vtpm instance with clear option again, which I think is wrong. So all my previously created keys are lost on new instance, because previous SRK key is lost. So the most important question follows: How do I save state of a vtpm across domU reboots? I checked the code for this clear parameter, and my understanding is as follows: vtpm is based on tpm_emulator and tpm_emulator have 3 states: deactivate, save, clear. Whenever I start a new domain, xen starts vtpm with clear parameter. vtpm_create_instance() creates a new vtpm instance and determines what to do with it with the return value of vtpm_get_create_reason(), which returns the value of xenbus/resume. vtpm_create_instance() then sends a command to the tpm with a fifo about whether to resume or start a vtpm instance. When the command sent is start, vtpm just clears all the PCR's and keys on the existing vtpm instance. Is this vtpm_resume something related to domain save/restore and suspend/resume therefore completely irrelevant to the subject? (like the backend driver restarted all frontend connections must be resumed) I assume this because I saw the code about netfront and blkfront driver codes, which includes this resume command sended with xenbus. But the tpm frontend xenu driver does not include information abut this. How do I save state of the vtpm across domU shutdowns? Kind regards Erdem Bayer _______________________________________________ Xense-devel mailing list Xense-devel@lists.xensource.com http://lists.xensource.com/xense-devel --------------060102050708040506060700 Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel --------------060102050708040506060700--