 Home |
Products |
Support |
Community |
News |
xense-devel
RE: [Xense-devel] vtpm_managerd problem
| To: | "Rozas, Carlos V" <carlos.v.rozas@xxxxxxxxx> |
|---|---|
| Subject: | RE: [Xense-devel] vtpm_managerd problem |
| From: | Stefan Berger <stefanb@xxxxxxxxxx> |
| Date: | Wed, 6 Dec 2006 10:42:39 -0500 |
| Cc: | xense-devel@xxxxxxxxxxxxxxxxxxx |
| Delivery-date: | Wed, 06 Dec 2006 07:42:49 -0800 |
| Envelope-to: | www-data@xxxxxxxxxxxxxxxxxx |
| In-reply-to: | <5FD5754DDBA0B1499B5A0B4BB5419485293314@xxxxxxxxxxxxxxxxxxxxxxxxxxxx> |
| List-help: | <mailto:xense-devel-request@lists.xensource.com?subject=help> |
| List-id: | "A discussion list for those developing security enhancements for Xen." <xense-devel.lists.xensource.com> |
| List-post: | <mailto:xense-devel@lists.xensource.com> |
| List-subscribe: | <http://lists.xensource.com/cgi-bin/mailman/listinfo/xense-devel>, <mailto:xense-devel-request@lists.xensource.com?subject=subscribe> |
| List-unsubscribe: | <http://lists.xensource.com/cgi-bin/mailman/listinfo/xense-devel>, <mailto:xense-devel-request@lists.xensource.com?subject=unsubscribe> |
| Sender: | xense-devel-bounces@xxxxxxxxxxxxxxxxxxx |
|
Carlos, is either you or Vinnie maintaining the vtpm manager? Stefan "Rozas, Carlos V" <carlos.v.rozas@xxxxxxxxx> wrote on 12/05/2006 04:34:31 PM: > We had an initial prototype that moved the vtpm manager and instances into a > separate security domain (called domS0). This allowed transparent operation > for existing and future TPM infrastructures in dom0 and a good > direction long term. > For the short term, I don't see a good solution other than porting > vtpm manager > to use trousers. If you're interested, I am sure Vin and Stefan can > provide some > pointers..... > > Carlos > > From: xense-devel-bounces@xxxxxxxxxxxxxxxxxxx [mailto:xense-devel- > bounces@xxxxxxxxxxxxxxxxxxx] On Behalf Of Burak OÐUZ > Sent: Tuesday, December 05, 2006 1:12 PM > To: Stefan Berger > Cc: xense-devel@xxxxxxxxxxxxxxxxxxx > Subject: Re: [Xense-devel] vtpm_managerd problem > > > > Burak OÐUZ <burakoguzs@xxxxxxxxx> wrote on 12/05/2006 11:25:26 AM: > > > > > Stefan > > > > > > ----------> I have compiled the xen kernel again and made 'modprobe > > tpmbk' but in the vtpm_managerd it gives the same error again. > > > > dungeon linux-2.6.16.29-xen # vtpm_managerd > > INFO[VTPM]: Starting VTPM. > > INFO[TCS]: Constructing new TCS: > > ERROR[TXDATA]: TPM open failedERROR in VTPM_Init_Manager at > > vtpm_manager.c:205 code: TPM_IOERROR. > > ERROR[VTPM]: Closing vtpmd due to error during startup > > > > But when I shutdown the trousers, the behaviour of the > vtpm_managerdchanges: > > Oh, you are running trousers in domain-0. I think you cannot do this > since the vtpm manager will try to talk to /dev/tpm0 directly and > trousers is blocking that device. vtpm_managerd would have to be > changed to talk to the TPM indirectly through trousers. > > ----> Are there any options that I can use the vtpm_managerd > with trousers? How can I manage vtpm_managerd run with trousers? > Because I need trousers on domain-0. > > > > > dungeon burak # vtpm_managerd > > INFO[VTPM]: Starting VTPM. > > INFO[TCS]: Constructing new TCS: > > INFO[TCS]: Calling TCS_OpenContext: > > INFO[VTSP]: OIAP. > > ERROR[VTPM]: Failed to load service data with error = TPM_IOERROR > > INFO[VTPM]: Failed to read manager file. Assuming first time initialization > > INFO[VTSP]: Reading Public EK. > > ERROR[TCS]: TCSP_ReadPubek Failed with return code TPM_DISABLED_CMD > > ERROR in VTSP_ReadPubek at vtsp.c:264 code: TPM_DISABLED_CMD. > > INFO[VTPM]: Failed to readEK meaning TPM has an owner. Creating Keys > > off exg SRK. > > INFO[VTSP]: OSAP. > > INFO[VTSP]: Creating new key of type 20. > > INFO[VTSP]: Creating Binding Key... > > ERROR[TCS]: TCSP_CreateWrapKey Failed with return code TPM_AUTHFAIL > > ERROR in VTSP_CreateWrapKey at vtsp.c:557 code: TPM_AUTHFAIL. > > ERROR in VTPM_Create_Manager at vtpm_manager.c:134 code: TPM_AUTHFAIL. > > > > I have checked that after modprobing the tpmbk there created vtpm device. > > > > dungeon linux-2.6.16.29-xen # ll /dev/vtpm > > crw-rw---- 1 root root 10, 225 Ara 5 17:57 /dev/vtpm > > > > Also it does not modprobe the tpm_xenu > > > > dungeon burak # modprobe tpm_xenu > > FATAL: Error inserting tpm_xenu (/lib/modules/2.6.16.29- > > xen/kernel/drivers/char/tpm/tpm_xenu.ko): Operation not permitted > > Are you trying to do this in domain-0? The tpm_xenu does not work there. > You can use the domain-0 kernel in a user domain and if you copy the > tpm_xenu module into the guest domain, then you should be able to do this. > > ------> OK. > > After that you should be able to start the trouser in the guest domain. > > Stefan > > -----> Thanks again.. > > > > > > > > > What will be the problem? > > > > Thanks again > > > > Best Regards.. > > > > --burak > > > > Everyone is raving about the all-new Yahoo! Mail beta. > > _______________________________________________ > > Xense-devel mailing list > > Xense-devel@xxxxxxxxxxxxxxxxxxx > > http://lists.xensource.com/xense-devel > > > > > > Everyone is raving about the all-new Yahoo! Mail beta. > > > Any questions? Get answers on any topic at Yahoo! Answers. Try it now. _______________________________________________ Xense-devel mailing list Xense-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xense-devel |
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | [Xense-devel] Vtpm_manager getting TPM_NOSPACE, Osborn, Justin D. |
|---|---|
| Next by Date: | RE: [Xense-devel] vtpm_managerd problem, Scarlata, Vincent R |
| Previous by Thread: | RE: [Xense-devel] vtpm_managerd problem, Rozas, Carlos V |
| Next by Thread: | Re: [Xense-devel] vtpm_managerd problem, Burak OÐUZ |
| Indexes: | [Date] [Thread] [Top] [All Lists] |
