some problem with XSM enable

some problem with XSM enable

[quan.xu]

[-- Attachment #1.1: Type: text/plain, Size: 801 bytes --]

 
hi community
when I want to enable XSM for vtpm, there are some problems in xen boot up.
Xen version  xen-4.3.0-rc2, dom0 is linux-3.7.10 without tpm drivers. I configure xen-source-tree/Config.mk
 
XSM_ENABLE ?= y
FLASK_ENABLE ?= $(XSM_ENABLE)
 
And make dist, make install
Then I make the policy in xen-source-tree:  make -C tools/flask/policy
 
When XSM is enabled, the xen boot-up stops at a lot of hex printout:
 
>>>> 
Fff82*********** Fff82***********  Fff82***********
~  ~  ~ ~ ~~ ~~ ~  ~  ~ ~ ~ ~ ~ ~~~~~~ ~~~~~~~~~~~~~ ~ 
000000000000000 000000000000000  0000000000000000
000000000000000 0000000000fff000  0000000000000000
<<<< 
I make sure if "XSM_ENABLE ?= n and  FLASK_ENABLE ?= $(XSM_ENABLE)", the xen can work properly.
 
Thanks 
 
Quan Xu 

[-- Attachment #1.2: Type: text/html, Size: 3775 bytes --]

[-- Attachment #2: Type: text/plain, Size: 125 bytes --]

_______________________________________________
Xen-users mailing list
Xen-users@lists.xen.org
http://lists.xen.org/xen-users

Re: some problem with XSM enable

[Daniel De Graaf]

On 06/03/2013 11:32 PM, quan.xu@aliyun.com wrote:
>
> hi community
> when I want to enable XSM for vtpm, there are some problems in xen boot up.
> Xen version  xen-4.3.0-rc2, dom0 is linux-3.7.10 without tpm drivers. I configure xen-source-tree/Config.mk
>
> XSM_ENABLE ?= y
> FLASK_ENABLE ?= $(XSM_ENABLE)
>
> And make dist, make install
> Then I make the policy in xen-source-tree:  make -C tools/flask/policy
>
> When XSM is enabled, the xen boot-up stops at a lot of hex printout:

This looks like a crash, in which case the interesting parts would be
above the hex - which you didn't copy very accurately.  If possible,
using a serial console will be helpful in getting the text without
needing to retype output.

The most important part is the value of RIP and the backtrace (if one
is present); log messages leading up to the crash may also be useful.

>>>>>
> Fff82*********** Fff82***********  Fff82***********
> ~  ~  ~ ~ ~~ ~~ ~  ~  ~ ~ ~ ~ ~ ~~~~~~ ~~~~~~~~~~~~~ ~
> 000000000000000 000000000000000  0000000000000000
> 000000000000000 0000000000fff000  0000000000000000
> <<<<
> I make sure if "XSM_ENABLE ?= n and  FLASK_ENABLE ?= $(XSM_ENABLE)", the xen can work properly.
>
> Thanks
>
> Quan Xu
>

xen-users dropped to BCC

-- 
Daniel De Graaf
National Security Agency

Re: some problem with XSM enable

[Xu, Quan]

Hi Gfaaf,
    Now I have fixed this issue. There are some problems with grub configuration. It should append  ' flask_enforcing=1' in xen kernel and Append 'module  /boot/xenpolicy.24' in grub.
	 As my try, XSM should be enabled first. Then you can enable vtpm as docs/misc/vtpm.txt. if XSM is NOT enabled, the vtpmmgr can NOT run. Also the 
let me update the vtpm.txt next week with further research. Also I want to involve vtpm Development. Make vTPM stable and improve vTPM capability and performance. 
    I am Quan Xu (quan.xu@intel.com), Intel engineer on Openstack cloud, Xen vt-d passthrough, Xen vtpm and OpenAttestation. 
    OpenAttestation is a open source project built on NSA's National Information Assurance Research Laboratory (NIARL) developed Host Integrity at Startup to 
measure and report status for host platforms which contain a Trusted Platform Module (TPM). Now I have pushed OpenAttestation to Ubuntu repo and redhat
rawhide repo, and has been integrated in Openstack to build Trusted computing pools.  It just supports dom0 or some other native host. We can make it happen to support trusted 
computing pools of virtual machines or further research...
 

Quan Xu 
Intel 



> -----Original Message-----
> From: Daniel De Graaf [mailto:dgdegra@tycho.nsa.gov]
> Sent: Tuesday, June 04, 2013 10:12 PM
> To: quan.xu@aliyun.com
> Cc: xen-devel@lists.xensource.com; Xu, Quan
> Subject: Re: [Xen-devel] some problem with XSM enable
> 
> On 06/03/2013 11:32 PM, quan.xu@aliyun.com wrote:
> >
> > hi community
> > when I want to enable XSM for vtpm, there are some problems in xen boot
> up.
> > Xen version  xen-4.3.0-rc2, dom0 is linux-3.7.10 without tpm drivers.
> > I configure xen-source-tree/Config.mk
> >
> > XSM_ENABLE ?= y
> > FLASK_ENABLE ?= $(XSM_ENABLE)
> >
> > And make dist, make install
> > Then I make the policy in xen-source-tree:  make -C tools/flask/policy
> >
> > When XSM is enabled, the xen boot-up stops at a lot of hex printout:
> 
> This looks like a crash, in which case the interesting parts would be above the
> hex - which you didn't copy very accurately.  If possible, using a serial console
> will be helpful in getting the text without needing to retype output.
> 
> The most important part is the value of RIP and the backtrace (if one is
> present); log messages leading up to the crash may also be useful.
> 
> >>>>>
> > Fff82*********** Fff82***********  Fff82*********** ~  ~  ~ ~ ~~ ~~ ~
> > ~  ~ ~ ~ ~ ~ ~~~~~~ ~~~~~~~~~~~~~ ~
> > 000000000000000 000000000000000  0000000000000000
> > 000000000000000 0000000000fff000  0000000000000000 <<<< I make sure
> if
> > "XSM_ENABLE ?= n and  FLASK_ENABLE ?= $(XSM_ENABLE)", the xen can
> work properly.
> >
> > Thanks
> >
> > Quan Xu
> >
> 
> xen-users dropped to BCC
> 
> --
> Daniel De Graaf
> National Security Agency