|
|
|
|
|
|
|
|
|
|
xen-users
[Xen-users] Not able to get Virtual TPM working with Xen,
Hi All,
Please read the following steps involved in installing and configuring
my Xen box with V-TPM enabled, which I am not able to make it work.
Host Linux Distro - CentOS 4.1
Guest Linux distros - Centos 4.1, SUSE
TPM module - TPM emulator
Downloads:
gmp-4.1.4
xen-instable-src.tgz (downloaded on 29/9/2005)
bridge-utils-1.0.6.tar.gz
compiled and installed gmp-4.1.4 and bridge-utils.
Now coming to Xen..
Configured Dom0 kernel with TPM BE enabled, and with TPM hardware
support, National semiconductor TPM and ATMEL TPM inerfaces as modules.
Configured DomU kernel with TPM FE enabled, TPM support for xen and Xen TPM interface.
Compiled and installed the newly configured kernels.
Installing TPM emulator:
cd ../tools/vtpm
make
make insatll
This will download TPM emulator version 0.2 and applies following patches,
--------------------------------
tpm_emulator-0.2b-x86_64.patch
vtpm.patch
--------------------------------
and also this will create "vtpmd"
now..
cd tpm_emulator
#make
#make insatll
This would create /dev/tpm0.
And also creates tpm_emulator module
#modinfo tpm_emulator //gives the following
-----------------------------------
[root@localhost log]# modinfo tpm_emulator
filename: /lib/modules/2.6.12-xen0/extra/tpm_emulator.ko
license: GPL
author: Mario Strasser <mast@xxxxxxx>
description: Trusted Platform Module (TPM) Emulator
parmtype: startup:s
parm:
startup: Sets the startup mode of the TPM. Possible values are 'clear',
'save' (default) and 'deactivated.
parmtype: storage_file:s
parm:
storage_file: Sets the persistent-data storage file of the TPM.
vermagic: 2.6.12-xen0 preempt 686 gcc-3.4
depends:
vermagic: 2.6.12-xen0 preempt 686 gcc-3.4
depends:
-----------------------------------------
Now compiled the vtpm_manager to get the "vtpm_managerd" by
cd ../tools/vtpm_manager
#make
#make install
reBooted to my Xen.
Ran
#xend start
xend started without any problems.
tested DomU by creating a domain with SUSE. it started fine. so I shutdown this VM.
did
#modprobe tpm_emulator statrup="clean"
To check whether the TPM emulator is loaded fine or not, downloaded the TPM drivers and tools from IBM site:
http://www.research.ibm.com/gsal/tcpa/tpm-1.1b.tar.gz
compiled and used the following command
#./tcpa_demo
---------------------------------------------
[root@localhost examples]# ./tcpa_demo
TPM successfully reset
TPM version 1.2.0.0
24 PCR registers are available
PCR-00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR-01: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR-02: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR-03: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR-04: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR-05: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR-06: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR-07: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR-08: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR-09: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR-10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR-11: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR-12: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR-13: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR-14: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR-15: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR-16: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR-17: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR-18: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR-19: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR-20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR-21: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR-22: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR-23: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
5 Key slots are available
Key Handle 1000000 loaded
Key Handle 1000001 loaded
Key Handle 1000002 loaded
Key Handle 1000003 loaded
Key Handle 1000004 loaded
[root@localhost examples]
-------------------------------------------------------------------
Now started vtpm_managerd
#vtpm_managerd
----------------------------------------------------
INFO[VTPM]: Starting VTPM.
INFO[TCS]: Constructing new TCS:
INFO[TCS]: Calling TCS_OpenContext:
INFO[VTSP]: OIAP.
ERROR[VTPM]: Failed to load service data with error = TPM_IOERROR
INFO[VTPM]: Attempting Pubek Read. NOTE: Failure is ok.
INFO[VTSP]: Reading Public EK.
ERROR[TCS]: TCSP_ReadPubek Failed with return code TPM_DISABLED_CMD
ERROR in VTSP_ReadPubek at vtsp.c:229 code: TPM_DISABLED_CMD.
INFO[VTSP]: OSAP.
INFO[VTSP]: Creating new key of type 20.
INFO[VTSP]: Creating Binding Key...
INFO[VTPM]: Finished initialized new VTPM service (Status = 0).
INFO[VTSP]: Loading Key.
INFO[VTPM]: Creating new DMI instance 0 attached on domain 0.
INFO[TCS]: Calling TCS_OpenContext:
INFO[VTPM]: [1]: Waiting for Guest requests & ctrl messages.
ERROR[VTPM]: [1]: Can't open inbound fh.
INFO[VTPM]: [2]: Waiting for DMI messages.
---------------------------------------------------
Now My question is, is this supposed to stop at "INFO[VTPM]: [2]: Waiting for DMI messages."
I dont have a machine with onboard TPM, so thats the reason Iam using a TPM emulator, but emulator seems to be working fine.
I start my VM and login to it,
and do a
cat /sys/devices/vtpm/pcrs
--------------------------------------------------------
cat: /sys/devices/vtpm/pcrs: No such file or directory
-bash-3.00# cd /sys/devices/vtpm/
-bash-3.00# ls
cancel caps pcrs pubek
-bash-3.00#
--------------------------------------------------------
VM cofiguration file
----------------------------------------------
kernel = "/boot/vmlinuz-2.6-xenU"
memory = 128
name = "centos"
nics = 1
dhcp = "dhcp"
disk = ['file:/downloads/Images/centos.4-1.img,sda1,w', 'file:/downloads/Images/centos.swap,sda2,w']
root = "/dev/sda1 ro"
vtpm = [ 'instance=1,backend=0' ]
vif = [ 'backend=0']
-----------------------------------------------------
This should be showing me all the 24 PCR registers, are there any
issues with the drivers, or my installation procedure has some
problem???? Please correct me if i have made some mistake in
installation
HELP.....
Regards,
Sharath
_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
|
<Prev in Thread] |
Current Thread |
[Next in Thread> |
- [Xen-users] Not able to get Virtual TPM working with Xen,,
Sharath Babu <=
|
|
|
|
|