Re: vTPM setup problem on the emulator

[Matthew Fioravante <matthew.fioravante@jhuapl.edu>]

[-- Attachment #1.1.1: Type: text/plain, Size: 6314 bytes --]

On 01/09/2013 09:17 PM, Bei Guan wrote:
> Hi Matthew,
>
> Thank you for your reply.
>
>
>
> 2013/1/10 Matthew Fioravante <matthew.fioravante@jhuapl.edu 
> <mailto:matthew.fioravante@jhuapl.edu>>
>
>     On 01/09/2013 03:58 AM, gavin wrote:
>>     Hi,
>>
>>     I tried to install the vTPM in Xen-4.1.0 + Dom0 kernel 2.6.18.8 +
>>     DomU kernel 2.6.18.8. The device is TPM emulator.
>>     However, I encountered several problems.
>>
>>     1. In DomU, I run "modprobe tpm_xenu" successfully. But it
>>     doesn't creates the /dev/tpm0 device as our had expected. So, the
>>     trousers cannot be started. An old thread in Xen mail-list can do
>>     this,(http://old-list-archives.xen.org/xense-devel/2006-12/msg00002.html)
>>     but it helps little to me.
>>     Is there any problem with my vTPM front driver? The tpm related
>>     modules and other info in DomU is list here.
>>     *[root@gavin-pv ~]# lsmod | grep tpm*
>>     tpm_xenu               15752  0 [permanent]
>>     tpm                        17952  1 tpm_xenu
>>     tpm_bios               10112  1 tpm
>>     *[root@gavin-pv ~]# tcsd -f*
>>     TCSD TDDL ERROR: Could not find a device to open!
>     Any relevant output in dmesg? Also does your domu config file have
>     a vtpm device specified?
>
>
> When I run "insmod tpm_xenu.ko" at the first time in DomU, there is 
> no special message in dmesg except for this "xen_tpm_fr: Initialising 
> the vTPM driver."
> Then, I reload the tpm_xenu module after removing it using "rmmod 
> tpm_xenu.ko -f". I get the following message in dmesg.
> ...
> xen_tpm_fr: Initialising the vTPM driver.
> kobject_add failed for vtpm with -EEXIST, don't try to register things 
> with the same
> name in the same directory.
>  [<c01ea4ea>] kobject_add+0x11a/0x1a0
>  [<c01ea691>] kobject_register+0x21/0x50
>  [<c02400fd>] bus_add_driver+0x7d/0x140
>  [<c02856f9>] xenbus_register_driver_common+0x39/0x60
>  [<c0285740>] xenbus_register_frontend+0x20/0x40
>  [<e1227050>] tpmif_init+0x50/0x62 [tpm_xenu]
>  [<c0143b08>] sys_init_module+0x148/0x1b40
>  [<c01187fc>] do_page_fault+0x10c/0xc6f
>  [<c010845e>] do_syscall_trace+0x1ee/0x205
>  [<c01059bf>] syscall_call+0x7/0xb
>
> In the DomUconfig file, I use vtpm = ['backend=0'].
> But there is no vtpm device in Dom0 and DomU. See the following info.
The domU is PVM correct? You can also try just compiling in tpm_xenu 
instead of using it as a module.
>
> Dom0:
> [root@localhost fc8_new]# ls /sys/devices/xen-backend/
> console-3-0  power  uevent  vbd-3-2049  vfb-3-0  vif-3-0  vkbd-3-0
>
> DomU:
> [root@gavin-pv tpm]# ls /sys/devices/xen
> power  uevent  vbd-2049  vfb-0  vif-0  vkbd-0
>
>
>>     2. In Dom0, I run "modprobe tpmd_dev" and "modprobe tpmbk" also
>>     successfully and I can get the devices /dev/tpm, /dev/tpm0, and
>>     /dev/vtpm. However, I cannot start the tpm emulator (# ./tpmd -f
>>     clear pvm 1) and vtpm manager (# vtpm_managerd). The related info
>>     and output error from Dom0 is also list here.
>     So you want to use the TPM emulator on dom0 instead of a physical
>     TPM?
>
> Yes, I try to use TPM emulator right now.
> In fact, there is a physical TPM chip in my laptop. But I'm not sure 
> how to make it work in fedora8. So, when the vTPM works well on 
> emulator, I will try to abandon the emulator and use the physical TPM.
In that case you might want to make sure  the TPM is disabled in the 
BIOS if you want to use the emulator. Your dom0 kernel might have tpm 
drivers built in which could cause a possible conflict with the emulator.

Using the tpm emulator in dom0 has its own collection of issues. You 
might want to get the physical tpm working first and then play with 
vtpms. We used TPM successfully on Fedora 8.

Try this:
Reboot your machine and get into the bios. Clear the TPM and then 
activiate it. You might not have that option to clear if its disabled, 
in that case just activiate it. In fedora install trousers and 
tpm_tools. Start tcsd and try tpm_version or some other command to 
ensure your TPM is working. If not, make sure all of the TPM drivers are 
either compiled into the kernel or loaded as modules.
>
>
>     I see you listed /dev/tpm and /dev/tpm0. I believe the old manager
>     is hard coded to use the second one. Is tpmd creating both?
>
> Yes. When modprobe the tpmd_dev module, these two devices are created.
>
>
> Thanks again.
>
>
>
>>     *[root@localhost tpmd]# lsmod | grep tpm*
>>     tpmd_dev               10416  0
>>     tpmbk                     19516  0 [permanent]
>>     *[root@localhost tpmd]# ./tpmd -f clear pvm 1*
>>     VTPMD[0]: tpmd.c:766: Info: starting TPM Emulator daemon
>>     VTPMD[0]: tpmd.c:369: Info: parsing options
>>     VTPMD[1]: tpmd.c:478: Info: openening random device /dev/urandom
>>     VTPMD[1]: tpmd.c:621: Info: staring main loop
>>     Loading NVM.
>>     Error in read_from_file:301
>>     VTPMD[1]: ../tpm/tpm_data.c:83: Info: initializing TPM data to
>>     default values
>>     VTPMD[1]: ../tpm/tpm_startup.c:30: Info: TPM_Init()
>>     VTPMD[1]: ../tpm/tpm_testing.c:242: Info: TPM_SelfTestFull()
>>     VTPMD[1]: ../tpm/tpm_testing.c:260: Info: Self-Test succeeded
>>     VTPMD[1]: ../tpm/tpm_startup.c:44: Info: TPM_Startup(1)
>>     VTPMD[1]: tpmd.c:661: Error: Failed to open devices to listen to
>>     guest.
>
>
>>
>>     *[root@localhost vtpm]# vtpm_managerd*
>>     INFO[VTPM]: Starting VTPM.
>>     INFO[TCS]: Constructing new TCS:
>>     ERROR[TXDATA]: TPM open failedERROR in VTPM_Init_Manager at
>>     vtpm_manager.c:205 code:
>>     TPM_IOERROR.
>>     ERROR[VTPM]: Closing vtpmd due to error during startup.
>>
>>
>>     Thanks in advance for your any reply.
>>
>>     --
>>     Best Regards,
>>     Gavin
>>
>>
>
>
>     _______________________________________________
>     Xen-devel mailing list
>     Xen-devel@lists.xen.org <mailto:Xen-devel@lists.xen.org>
>     http://lists.xen.org/xen-devel
>
>
>

Keep in mind that the old vTPM system is deprecated and I can only 
provide limited support. If you can't get it to work I would suggest 
pulling the latest xen-unstable and my latest patch set on here and 
trying to use that.

[-- Attachment #1.1.2: Type: text/html, Size: 13923 bytes --]

[-- Attachment #1.2: S/MIME Cryptographic Signature --]
[-- Type: application/pkcs7-signature, Size: 1459 bytes --]

[-- Attachment #2: Type: text/plain, Size: 126 bytes --]

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel