RE: [Xense-devel] vtpm_managerd problem

["Rozas, Carlos V" <carlos.v.rozas@xxxxxxxxx>]

We had an initial prototype that moved the vtpm manager and instances into a

separate security domain (called domS0). This allowed transparent operation

for existing and future TPM infrastructures in dom0 and a good direction long term.

For the short term, I don't see a good solution other than porting vtpm manager

to use trousers. If you're interested, I am sure Vin and Stefan can provide some

pointers..... 

 

Carlos

---

From: xense-devel-bounces@xxxxxxxxxxxxxxxxxxx [mailto:xense-devel-bounces@xxxxxxxxxxxxxxxxxxx] On Behalf Of Burak OÐUZ
Sent: Tuesday, December 05, 2006 1:12 PM
To: Stefan Berger
Cc: xense-devel@xxxxxxxxxxxxxxxxxxx
Subject: Re: [Xense-devel] vtpm_managerd problem

Burak OÐUZ <burakoguzs@xxxxxxxxx> wrote on 12/05/2006 11:25:26 AM:

>
>    Stefan
>
>
> ----------> I have compiled the xen kernel again and made 'modprobe
> tpmbk' but in the vtpm_managerd it gives the same error again.
>
> dungeon linux-2.6.16.29-xen # vtpm_managerd
> INFO[VTPM]: Starting VTPM.
> INFO[TCS]: Constructing new TCS:
> ERROR[TXDATA]: TPM open failedERROR in VTPM_Init_Manager at
> vtpm_manager.c:205 code: TPM_IOERROR.
> ERROR[VTPM]: Closing vtpmd due to error during startup
>
> But when I shutdown the trousers, the behaviour of the vtpm_managerdchanges:

Oh, you are running trousers in domain-0. I think you cannot do this since the vtpm manager will try to talk to /dev/tpm0 directly and trousers is blocking that device. vtpm_managerd would have to be changed to talk to the TPM indirectly through trousers.

    ----> Are there any options that I can use the vtpm_managerd with trousers? How can I manage vtpm_managerd run with trousers? Because I need trousers on domain-0.

>
> dungeon burak # vtpm_managerd
> INFO[VTPM]: Starting VTPM.
> INFO[TCS]: Constructing new TCS:
> INFO[TCS]: Calling TCS_OpenContext:
> INFO[VTSP]: OIAP.
> ERROR[VTPM]: Failed to load service data with error = TPM_IOERROR
> INFO[VTPM]: Failed to read manager file. Assuming first time initialization
> INFO[VTSP]: Reading Public EK.
> ERROR[TCS]: TCSP_ReadPubek Failed with return code TPM_DISABLED_CMD
> ERROR in VTSP_ReadPubek at vtsp.c:264 code: TPM_DISABLED_CMD.
> INFO[VTPM]: Failed to readEK meaning TPM has an owner. Creating Keys
> off exg SRK.
> INFO[VTSP]: OSAP.
> INFO[VTSP]: Creating new key of type 20.
> INFO[VTSP]: Creating Binding Key...
> ERROR[TCS]: TCSP_CreateWrapKey Failed with return code TPM_AUTHFAIL
> ERROR in VTSP_CreateWrapKey at vtsp.c:557 code: TPM_AUTHFAIL.
> ERROR in VTPM_Create_Manager at vtpm_manager.c:134 code: TPM_AUTHFAIL.
>
> I have checked that after modprobing the tpmbk there created vtpm device.
>
> dungeon linux-2.6.16.29-xen # ll /dev/vtpm
> crw-rw---- 1 root root 10, 225 Ara  5 17:57 /dev/vtpm
>
> Also it does not modprobe the tpm_xenu
>
> dungeon burak # modprobe tpm_xenu
> FATAL: Error inserting tpm_xenu (/lib/modules/2.6.16.29-
> xen/kernel/drivers/char/tpm/tpm_xenu.ko): Operation not permitted

Are you trying to do this in domain-0? The tpm_xenu does not work there.
You can use the domain-0 kernel in a user domain and if you copy the tpm_xenu module into the guest domain, then you should be able to do this.

       ------> OK.

After that you should be able to start the trouser in the guest domain.

   Stefan

    -----> Thanks again..



>
>
> What will be the problem?
>
> Thanks again
>
> Best Regards..
>
> --burak
>
> Everyone is raving about the all-new Yahoo! Mail beta.
> _______________________________________________
> Xense-devel mailing list
> Xense-devel@xxxxxxxxxxxxxxxxxxx
> http://lists.xensource.com/xense-devel
>
>
> Everyone is raving about the all-new Yahoo! Mail beta.

---

Any questions? Get answers on any topic at Yahoo! Answers. Try it now.

_______________________________________________
Xense-devel mailing list
Xense-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xense-devel