Re: regarding vtpm setup

[Daniel De Graaf <dgdegra@tycho.nsa.gov>]

On 03/04/2014 08:46 AM, George Dunlap wrote:
> On Tue, Mar 4, 2014 at 11:32 AM, Aastha Mehta <aasthakm@gmail.com> wrote:
>> Hello,
>>
>> On 1 March 2014 19:43, Aastha Mehta <aasthakm@gmail.com> wrote:
>>> Hello,
>>>
>>> I am trying to setup vtpmmgr and vtpm on the latest custom built
>>> xen-4.4 and I am following the steps provided at this link -
>>> http://xenbits.xen.org/docs/unstable/misc/vtpm.txt
>>>
>>> When I create the vtpmmgr domain, following is a snippet of the output
>>> that I see:
>>>
>>> ******************* BLKFRONT for device/vbd/768 **********
>>> backend at /local/domain/0/backend/qdisk/2/768
>>> Failed to read /local/domain/0/backend/qdisk/2/768/feature-barrier.
>>> 32768 sectors of 512 bytes
>>> **************************
>>>
>>> and xl dmesg shows the following:
>>> (XEN) event_channel.c:271:d0 EVTCHNOP failure: domain 2, error -22
>>> (XEN) event_channel.c:271:d0 EVTCHNOP failure: domain 2, error -22

This seems to be an error due to a mismatch in the event channel domain
that is being expected as the backend for some device. Can you share the
domain .cfg contents?

>>>
>>> Next, when I create vtpm domain, following is the snippet of the
>>> output on the vtpm console:
>>>
>>> ******************* BLKFRONT for device/vbd/768 **********
>>> backend at /local/domain/0/backend/qdisk/3/768
>>> Failed to read /local/domain/0/backend/qdisk/3/768/feature-barrier.
>>> 16384 sectors of 512 bytes
>>> **************************
>>> vtpm_cmd.c:155: Info: Requesting Encryption key from backend
>>> vtpm_cmd.c:164: Error: VTPM_LoadHashKey() failed with error code (3)
>>> vtpm_cmd.c:175: Error: VTPM_LoadHashKey failed
>>> tpm_data.c:120: Info: initializing TPM data to default values

This is expected on the first run: no keys are available yet.

>>>
>>> This is the vtpmmgr output:
>>>
>>> Tpmback:Info Frontend 3/0 connected
>>> INFO[VTPM]: Passthrough: TPM_GetRandom
>>> INFO[VTPM]: Waiting for commands from vTPM's:
>>> INFO[VTPM]: Passthrough: TPM_GetRandom
>>> INFO[VTPM]: Waiting for commands from vTPM's:
>>> ERROR[VTPM]: LoadKey failure: Unrecognized uuid!
>>> c606b894-14e7-44db-bdcc-4ae05d686784
>>> ERROR[VTPM]: Failed to load key
>>> ERROR in vtpmmgr_LoadHashKey at vtpm_cmd_handler.c:78 code: TPM_BAD_PARAMETER.

Similarly, on the first use of a vTPM, this is expected.

>>> INFO[VTPM]: Waiting for commands from vTPM's:
>>> INFO[VTPM]: Registered vtpm c606b894-14e7-44db-bdcc-4ae05d686784
>>> INFO[VTPM]: Generating a new symmetric key
>>> INFO[VTPM]: Binding encrypted key
>>> INFO[TPM]: TPM_Bind
>>> INFO[VTPM]: Encrypting the uuid table
>>> INFO[TPM]: TPM_Bind
>>> INFO[VTPM]: Saved hash and key for vtpm c606b894-14e7-44db-bdcc-4ae05d686784
>>> INFO[VTPM]: Waiting for commands from vTPM's:
>>> INFO[TPM]: TPM_Bind
>>> INFO[VTPM]: Saved hash and key for vtpm c606b894-14e7-44db-bdcc-4ae05d686784
>>> INFO[VTPM]: Waiting for commands from vTPM's:
>>>
>>>
>>> This is the xl dmesg output:
>>> (d3) ============= Init TPM BACK ================
>>> (d3) Thread "tpmback-listener": pointer: 0x2000802fb0, stack: 0x130000
>>> (d3) ============= Init TPM Front ================
>>> (d3) Tpmfront:Info Waiting for backend connection..
>>> (d2) Tpmback:Info Frontend 3/0 connected
>>> (d3) Tpmfront:Info Backend Connected
>>> (d3) Tpmfront:Info Initialization Completed successfully
>>> (d3) ******************* BLKFRONT for device/vbd/768 **********
>>> (d3) backend at /local/domain/0/backend/qdisk/3/768
>>> (d3) Failed to read /local/domain/0/backend/qdisk/3/768/feature-barrier.
>>> (d3) 16384 sectors of 512 bytes
>>> (d3) **************************
>>> (d3) blk_open(device/vbd/768) -> 3
>>>
>>>
>>> Finally, when I try to create the guest domain, I again see the
>>> following error in xl dmesg:
>>>
>>> (XEN) event_channel.c:271:d0 EVTCHNOP failure: domain 4, error -22
>>> (XEN) event_channel.c:271:d0 EVTCHNOP failure: domain 4, error -22
>>> (XEN) event_channel.c:271:d0 EVTCHNOP failure: domain 4, error -22

This might indicate that these errors are caused by xl and not mini-os;
are you trying to use a driver domain that is not running?

>>> (d4) mapping kernel into physical memory
>>> (d4) about to get started...
>>> (d3) Tpmback:Info Frontend 4/0 connected
>>>
>>> I have the following config parameters in the dom0 and domU kernels
>>> (ubuntu 12.04):
>>>
>>> dom0 (kernel 3.13.2):
>>> CONFIG_TCG_TPM=y
>>> CONFIG_TCG_XEN=m
>>>
>>> domU (kernel 3.13.5):
>>> CONFIG_TCG_TPM=y
>>> CONFIG_TCG_XEN=y
>>>
>>> I believe the setup is not working correctly. Could someone let me
>>> know what is wrong? Please let me know if I must provide any further
>>> details.

Have you tested to see if the vTPM shows up in the guest? If so, can you use it?

What do the Xenstore entries for the vtpm devices look like (from xenstore-ls)?

Do the event channels there match with the event channel dump (xl debug-key e)?

>>>
>>> Thanks in advance.
>>>
>>> Regards,
>>> Aastha Mehta.
>>
>> A gentle reminder on this query. Please let me know if this query
>> belongs to the xen-users list and if I should post there.
>
> Daniel, any ideas?
>
> (Also, Aastha: pinging is good practice, but most developers only work
> on the weekdays, so AFAICT it's only been one working day since they
> might have seen your initial message.)
>
>   -George

PS: Due to the interference of snow, I only saw this thread today.

-- 
Daniel De Graaf
National Security Agency