xense-devel
Re: [Xense-devel] vtpm_managerd problem with Infineon TPM 1.2
Hi Joseph,
first of all, thank you and Vinnie for the patch! I did a fresh installation of my development partition and installed the patched Xen. So, the patch solves the earlier problem, but another one surfaced. When i start vtpm_manager i get this output after it has loaded/created the keys:
ERROR[VTPM]: VTPM ERROR: Can't open /dev/vtpm for reading. ERROR[VTPM]: [Backend Listener]: Backend Listener can't read from ipc. Aborting... ....
I get this message again and again till i abort it:
INFO[VTPM]: [BINFO[VTPM]: Child shutting down INFO[VTPM]: VTPM Manager shutting down for signal 2. INFO[VTPM]: Enveloping Input[624]: 0x2 c5 94 f9 e4 fa 88 e0 a4 8d 43 a3 b1 35 ee 43 3d 5e 5e f 50 e1 51 7a 59 9f cb 70 a4 fb 3c b5 41 56 ad 5d e2 37 3b a5
........ 6a 96 5b 1e 6b da a5 f4 ea 22 98 10 b0 b1 c8 b2 7c 27 10 51 a3 da 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 INFO[VTSP]: Binding 16 bytes of data. INFO[VTPM]: Saved 256 bytes of E(symkey) + 656 bytes of E(data)
INFO[VTPM]: Enveloping Output[920]: 0x0 0 1 0 3a 85 a0 a2 7f cb 9a 1c 85 2b 6c ec 76 5c 2f 59 57 fd 16 94 1c c2 e a3 9b d1 b4 25 ca 4a f 5f 21 f2 2e 1f f4 ...... 88 1c 13 35 47 d8 e b0 93 1a b5 d2 d f1 5e ed ea 7e 69 2e b4 c2 21 f2 da 34 5c ea a5 6d f6
INFO[VTPM]: Child shutting down INFO[VTPM]: Saved VTPM Manager state (status = 0, dmis = -1) INFO[TCS]: Calling TCS_CloseContext. INFO[VTPM]: Child shutting down ERROR[TCS]: TCSP_EvictKey Failed with return code TPM_BAD_ORDINAL
ERROR[TCS]: Not all handles evicted from TPM. INFO[TCS]: Destructing TCS: INFO[TCS]: Calling TCS_CloseContext. INFO[VTPM]: VTPM Manager stopped.
So i tried to solve the problem by clearing the ownership and deleting /var/vtpm/VTPM, but with the same result.
The /dev/vtpm directory is empty now with the following access rights: drwxrwxr-x 2 root root 4096 Apr 5 22:15 vtpm
lsmod shows me tpmbk running, as well as the tpm drivers: tpmbk 17724 0 [permanent]
tpm_tis 14592 0 tpm_infineon 12312 0 tpm 18848 2 tpm_tis,tpm_infineon tpm_bios 10368 1 tpm
Maybe that helps.
Regards, Max
2007/4/5, Cihula, Joseph <joseph.cihula@xxxxxxxxx>:
Max and Burak,
Sorry for the delay in responding (especially to Burak whose much earlier posting we missed). We don't have an Infineon TPM here to test with, but the root cause of this error isn't specific to the TPM mfgr.
and we did verify it on our v1.2 TPMs. Attached and inline is a patch (including Vinnie's existing one) that should fix this problem. You should delete your /var/vtpm/VTPM file before re-running, but you don't
need to reset your owner.
Let me know how it works. If this solves your problem then I will work up an official patch that can support both v1.1b and v1.2 TPMs (this patch will only work with v1.2 TPMs).
Vinnie Scarlata deserves all of the credit for root causing this and providing the fix.
Joe
Patch:
diff -r 15ff55aab051 tools/vtpm_manager/manager/vtpm_manager.c --- a/tools/vtpm_manager/manager/vtpm_manager.c Mon Mar 05 15:15:03 2007
-0800 +++ b/tools/vtpm_manager/manager/vtpm_manager.c Thu Apr 05 10:23:46 2007 -0700 @@ -90,22 +90,19 @@ TPM_RESULT VTPM_Create_Manager(){ CRYPTO_INFO ek_cryptoInfo;
status = VTSP_ReadPubek(vtpm_globals->manager_tcs_handle,
&ek_cryptoInfo); - + // If we can read PubEK then there is no owner and we should take it. // We use the abilty to read the pubEK to flag that the TPM is owned. // FIXME: Change to just trying to take ownership and react to the
status if (status == TPM_SUCCESS) { - TPMTRYRETURN(VTSP_TakeOwnership(vtpm_globals->manager_tcs_handle, - (const TPM_AUTHDATA*)&vtpm_globals->owner_usage_auth,
- &SRK_AUTH, - &ek_cryptoInfo, - &vtpm_globals->keyAuth)); - - TPMTRYRETURN(VTSP_DisablePubekRead(vtpm_globals->manager_tcs_handle,
- (const TPM_AUTHDATA*)&vtpm_globals->owner_usage_auth, - &vtpm_globals->keyAuth)); - } else { - vtpmloginfo(VTPM_LOG_VTPM, "Failed to readEK meaning TPM has an
owner. Creating Keys off existing SRK.\n"); + status = VTSP_TakeOwnership(vtpm_globals->manager_tcs_handle, + (const TPM_AUTHDATA*)&vtpm_globals->owner_usage_auth,
+ &SRK_AUTH, + &ek_cryptoInfo, + &vtpm_globals->keyAuth); + } + if (status != TPM_SUCCESS) { + vtpmloginfo(VTPM_LOG_VTPM, "TPM has an owner. Creating Keys off
existing SRK.\n"); }
// Generate storage key's auth diff -r 15ff55aab051 tools/vtpm_manager/manager/vtsp.c --- a/tools/vtpm_manager/manager/vtsp.c Mon Mar 05 15:15:03 2007 -0800 +++ b/tools/vtpm_manager/manager/vtsp.c Thu Apr 05 10:24:01 2007 -0700
@@ -596,7 +596,7 @@ TPM_RESULT VTSP_LoadKey(const TCS_CONTEX vtpmloginfo(VTPM_LOG_VTSP, "Loading Key %s.\n", (!skipTPMLoad ? "into TPM" : "only into memory"));
TPM_RESULT status = TPM_SUCCESS;
- TPM_COMMAND_CODE command = TPM_ORD_LoadKey; + TPM_COMMAND_CODE command = TPM_ORD_LoadKey2;
BYTE *paramText=NULL; // Digest to make Auth. UINT32 paramTextSize; @@ -634,10 +634,9 @@ TPM_RESULT VTSP_LoadKey(const TCS_CONTEX
&phKeyHMAC) );
// Verify Auth - paramTextSize = BSG_PackList(paramText, 3, + paramTextSize = BSG_PackList(paramText, 2, BSG_TPM_RESULT, &status,
- BSG_TPM_COMMAND_CODE, &command, - BSG_TPM_HANDLE, newKeyHandle); + BSG_TPM_COMMAND_CODE, &command);
TPMTRYRETURN( VerifyAuth( paramText, paramTextSize,
parentAuth, auth, diff -r 15ff55aab051 tools/vtpm_manager/tcs/tcs.c --- a/tools/vtpm_manager/tcs/tcs.c Mon Mar 05 15:15:03 2007 -0800 +++ b/tools/vtpm_manager/tcs/tcs.c Thu Apr 05 10:24:12 2007 -0700
@@ -901,7 +901,7 @@ TPM_RESULT TCSP_LoadKeyByBlob(TCS_CONTEX // setup input/output parameters block TPM_TAG tag = TPM_TAG_RQU_AUTH1_COMMAND; UINT32 paramSize = 0; - TPM_COMMAND_CODE ordinal = TPM_ORD_LoadKey;
+ TPM_COMMAND_CODE ordinal = TPM_ORD_LoadKey2; TPM_RESULT returnCode = TPM_SUCCESS;
// setup the TPM driver input and output buffers diff -r 15ff55aab051 tools/vtpm_manager/util/tcg.h --- a/tools/vtpm_manager/util/tcg.h Mon Mar 05 15:15:03 2007 -0800
+++ b/tools/vtpm_manager/util/tcg.h Thu Apr 05 10:24:24 2007 -0700 @@ -250,6 +250,7 @@ typedef struct pack_constbuf_t { #define TPM_ORD_ReadManuMaintPub (48UL + TPM_PROTECTED_ORDINAL) #define TPM_ORD_CertifyKey (50UL + TPM_PROTECTED_ORDINAL)
#define TPM_ORD_Sign (60UL + TPM_PROTECTED_ORDINAL) +#define TPM_ORD_LoadKey2 (65UL + TPM_PROTECTED_ORDINAL) #define TPM_ORD_GetRandom (70UL + TPM_PROTECTED_ORDINAL)
#define TPM_ORD_StirRandom (71UL + TPM_PROTECTED_ORDINAL) #define TPM_ORD_SelfTestFull (80UL + TPM_PROTECTED_ORDINAL)
________________________________
From:
xense-devel-bounces@xxxxxxxxxxxxxxxxxxx [mailto:xense-devel-bounces@xxxxxxxxxxxxxxxxxxx] On Behalf Of Maximilian Loy Sent: Monday, March 26, 2007 4:40 AM
To: xense-devel@xxxxxxxxxxxxxxxxxxx Subject: [Xense-devel] vtpm_managerd problem with Infineon TPM 1.2
Hi everybody,
i am having problems to get the vtpm_managerd (Xen 3.0.4.1) to work with the Infineon TPM 1.2 (platform is a HP nx6325).
I was having the BAD_ORDINAL problems like discussed earlier on
this list, but i could solve them with applying the patch from:
http://lists.xensource.com/archives/html/xense-devel/2006-12/msg00020.ht
ml
This resulted in TPM_AUTHFAIL like in
http://lists.xensource.com/archives/html/xense-devel/2006-12/msg00024.ht
ml giving me the following output after taking the ownership: ... INFO[VTSP]: Loading Key into TPM. ERROR[TCS]: TCSP_LoadKeyByBlob Failed with return code TPM_AUTHFAIL
ERROR in VTSP_LoadKey at vtsp.c:634 code: TPM_AUTHFAIL. ERROR in VTPM_Init_Manager at vtpm_manager.c:240 code: TPM_AUTHFAIL. ERROR[VTPM]: Closing vtpmd due to error during startup.
Maybe it has something to do with the patch, as the line 634 in vtsp.c has been modified by it.
Any help would be very appreciated!
Best regards, Max
_______________________________________________
Xense-devel mailing list
Xense-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xense-devel
|
<Prev in Thread] |
Current Thread |
[Next in Thread>
|
- RE: [Xense-devel] vtpm_managerd problem with Infineon TPM 1.2, Cihula, Joseph
- Re: [Xense-devel] vtpm_managerd problem with Infineon TPM 1.2,
Maximilian Loy <=
- Re: [Xense-devel] vtpm_managerd problem with Infineon TPM 1.2, Stefan Berger
- Re: [Xense-devel] vtpm_managerd problem with Infineon TPM 1.2, Maximilian Loy
- Re: [Xense-devel] vtpm_managerd problem with Infineon TPM 1.2, Stefan Berger
- RE: [Xense-devel] vtpm_managerd problem with Infineon TPM 1.2, Cihula, Joseph
- Re: [Xense-devel] vtpm_managerd problem with Infineon TPM 1.2, Maximilian Loy
- Re: [Xense-devel] vtpm_managerd problem with Infineon TPM 1.2, Stefan Berger
- Re: [Xense-devel] vtpm_managerd problem with Infineon TPM 1.2, Maximilian Loy
- RE: [Xense-devel] vtpm_managerd problem with Infineon TPM 1.2, Cihula, Joseph
- Re: [Xense-devel] vtpm_managerd problem with Infineon TPM 1.2, Maximilian Loy
- RE: [Xense-devel] vtpm_managerd problem with Infineon TPM 1.2, Cihula, Joseph
|
|
|