xense-devel
Re: [Xense-devel] vtpm_managerd problem with Infineon TPM 1.2
xense-devel-bounces@xxxxxxxxxxxxxxxxxxx wrote on 04/06/2007
04:03:21 AM:
> Hi Joseph,
>
> first of all, thank you and Vinnie for the patch!
> I did a fresh installation of my development partition and installed
> the patched Xen.
> So, the patch solves the earlier problem, but another one surfaced.
> When i start vtpm_manager i get this output after it has
> loaded/created the keys:
>
> ERROR[VTPM]: VTPM ERROR: Can't open /dev/vtpm for reading.
> ERROR[VTPM]: [Backend Listener]: Backend Listener can't read from
> ipc. Aborting...
> ....
Did you do 'modprobe tpmbk'? That should make /dev/vtpm
available.
Stefan
>
> I get this message again and again till i abort it:
>
> INFO[VTPM]: [BINFO[VTPM]: Child shutting down
> INFO[VTPM]: VTPM Manager shutting down for signal 2.
> INFO[VTPM]: Enveloping Input[624]: 0x2 c5 94 f9 e4 fa 88 e0 a4 8d
43
> a3 b1 35 ee 43 3d 5e 5e f 50 e1 51 7a 59 9f cb 70 a4 fb 3c b5 41 56
> ad 5d e2 37 3b a5
> ........
> 6a 96 5b 1e 6b da a5 f4 ea 22 98 10 b0 b1 c8 b2 7c 27 10 51
a3 da 0
> 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
> INFO[VTSP]: Binding 16 bytes of data.
> INFO[VTPM]: Saved 256 bytes of E(symkey) + 656 bytes of E(data)
> INFO[VTPM]: Enveloping Output[920]: 0x0 0 1 0 3a 85 a0 a2 7f cb 9a
> 1c 85 2b 6c ec 76 5c 2f 59 57 fd 16 94 1c c2 e a3 9b d1 b4 25 ca 4a
> f 5f 21 f2 2e 1f f4 ......
> 88 1c 13 35 47 d8 e b0 93 1a b5 d2 d f1 5e ed ea 7e 69 2e b4
c2 21
> f2 da 34 5c ea a5 6d f6
> INFO[VTPM]: Child shutting down
> INFO[VTPM]: Saved VTPM Manager state (status = 0, dmis = -1)
> INFO[TCS]: Calling TCS_CloseContext.
> INFO[VTPM]: Child shutting down
> ERROR[TCS]: TCSP_EvictKey Failed with return code TPM_BAD_ORDINAL
> ERROR[TCS]: Not all handles evicted from TPM.
> INFO[TCS]: Destructing TCS:
> INFO[TCS]: Calling TCS_CloseContext.
> INFO[VTPM]: VTPM Manager stopped.
>
>
> So i tried to solve the problem by clearing the ownership and
> deleting /var/vtpm/VTPM, but with the same result.
>
> The /dev/vtpm directory is empty now with the following access rights:
> drwxrwxr-x 2 root root 4096 Apr 5
22:15 vtpm
>
> lsmod shows me tpmbk running, as well as the tpm drivers:
> tpmbk 17724
0 [permanent]
> tpm_tis 14592
0
> tpm_infineon 12312 0
> tpm
18848 2 tpm_tis,tpm_infineon
> tpm_bios 10368 1
tpm
>
>
> Maybe that helps.
>
> Regards,
> Max
>
> 2007/4/5, Cihula, Joseph <joseph.cihula@xxxxxxxxx>:
> Max and Burak,
>
> Sorry for the delay in responding (especially to Burak whose much
> earlier posting we missed). We don't have an Infineon TPM here
to test
> with, but the root cause of this error isn't specific to the TPM mfgr.
> and we did verify it on our v1.2 TPMs. Attached and inline is
a patch
> (including Vinnie's existing one) that should fix this problem. You
> should delete your /var/vtpm/VTPM file before re-running, but you
don't
> need to reset your owner.
>
> Let me know how it works. If this solves your problem then I
will work
> up an official patch that can support both v1.1b and v1.2 TPMs (this
> patch will only work with v1.2 TPMs).
>
> Vinnie Scarlata deserves all of the credit for root causing this and
> providing the fix.
>
> Joe
>
> Patch:
>
> diff -r 15ff55aab051 tools/vtpm_manager/manager/vtpm_manager.c
> --- a/tools/vtpm_manager/manager/vtpm_manager.c Mon Mar 05 15:15:03
2007
> -0800
> +++ b/tools/vtpm_manager/manager/vtpm_manager.c Thu Apr 05 10:23:46
2007
> -0700
> @@ -90,22 +90,19 @@ TPM_RESULT VTPM_Create_Manager(){
> CRYPTO_INFO ek_cryptoInfo;
>
> status = VTSP_ReadPubek(vtpm_globals->manager_tcs_handle,
> &ek_cryptoInfo);
> -
> +
> // If we can read PubEK then there is no owner and we
should take it.
> // We use the abilty to read the pubEK to flag that the
TPM is owned.
> // FIXME: Change to just trying to take ownership and
react to the
> status
> if (status == TPM_SUCCESS) {
> - TPMTRYRETURN(VTSP_TakeOwnership(vtpm_globals->manager_tcs_handle,
> -
(const
> TPM_AUTHDATA*)&vtpm_globals->owner_usage_auth,
> -
&SRK_AUTH,
> -
&ek_cryptoInfo,
> -
&vtpm_globals->keyAuth));
> -
> -
> TPMTRYRETURN(VTSP_DisablePubekRead(vtpm_globals->manager_tcs_handle,
> -
(const
> TPM_AUTHDATA*)&vtpm_globals->owner_usage_auth,
> -
&vtpm_globals->keyAuth));
> - } else {
> - vtpmloginfo(VTPM_LOG_VTPM, "Failed to readEK meaning
TPM has an
> owner. Creating Keys off existing SRK.\n");
> + status = VTSP_TakeOwnership(vtpm_globals->manager_tcs_handle,
> +
(const
> TPM_AUTHDATA*)&vtpm_globals->owner_usage_auth,
> +
&SRK_AUTH,
> +
&ek_cryptoInfo,
> +
&vtpm_globals->keyAuth);
> + }
> + if (status != TPM_SUCCESS) {
> + vtpmloginfo(VTPM_LOG_VTPM, "TPM has an owner.
Creating Keys off
> existing SRK.\n");
> }
>
> // Generate storage key's auth
> diff -r 15ff55aab051 tools/vtpm_manager/manager/vtsp.c
> --- a/tools/vtpm_manager/manager/vtsp.c Mon Mar 05 15:15:03 2007 -0800
> +++ b/tools/vtpm_manager/manager/vtsp.c Thu Apr 05 10:24:01 2007 -0700
> @@ -596,7 +596,7 @@ TPM_RESULT VTSP_LoadKey(const TCS_CONTEX
> vtpmloginfo(VTPM_LOG_VTSP, "Loading Key %s.\n",
(!skipTPMLoad ? "into
> TPM" : "only into memory"));
>
> TPM_RESULT status = TPM_SUCCESS;
> - TPM_COMMAND_CODE command = TPM_ORD_LoadKey;
> + TPM_COMMAND_CODE command = TPM_ORD_LoadKey2;
>
> BYTE *paramText=NULL; // Digest
to make Auth.
> UINT32 paramTextSize;
> @@ -634,10 +634,9 @@ TPM_RESULT VTSP_LoadKey(const TCS_CONTEX
>
&phKeyHMAC)
);
>
> // Verify Auth
> - paramTextSize = BSG_PackList(paramText, 3,
> + paramTextSize = BSG_PackList(paramText, 2,
>
BSG_TPM_RESULT, &status,
> -
BSG_TPM_COMMAND_CODE, &command,
> -
BSG_TPM_HANDLE, newKeyHandle);
> +
BSG_TPM_COMMAND_CODE, &command);
>
> TPMTRYRETURN( VerifyAuth( paramText, paramTextSize,
>
parentAuth, auth,
> diff -r 15ff55aab051 tools/vtpm_manager/tcs/tcs.c
> --- a/tools/vtpm_manager/tcs/tcs.c Mon Mar 05
15:15:03 2007 -0800
> +++ b/tools/vtpm_manager/tcs/tcs.c Thu Apr 05
10:24:12 2007 -0700
> @@ -901,7 +901,7 @@ TPM_RESULT TCSP_LoadKeyByBlob(TCS_CONTEX
> // setup input/output parameters block
> TPM_TAG tag = TPM_TAG_RQU_AUTH1_COMMAND;
> UINT32 paramSize = 0;
> - TPM_COMMAND_CODE ordinal = TPM_ORD_LoadKey;
> + TPM_COMMAND_CODE ordinal = TPM_ORD_LoadKey2;
> TPM_RESULT returnCode = TPM_SUCCESS;
>
> // setup the TPM driver input and output buffers
> diff -r 15ff55aab051 tools/vtpm_manager/util/tcg.h
> --- a/tools/vtpm_manager/util/tcg.h Mon Mar 05 15:15:03
2007 -0800
> +++ b/tools/vtpm_manager/util/tcg.h Thu Apr 05 10:24:24
2007 -0700
> @@ -250,6 +250,7 @@ typedef struct pack_constbuf_t {
> #define TPM_ORD_ReadManuMaintPub (48UL
+ TPM_PROTECTED_ORDINAL)
> #define TPM_ORD_CertifyKey
(50UL + TPM_PROTECTED_ORDINAL)
> #define TPM_ORD_Sign
(60UL + TPM_PROTECTED_ORDINAL)
> +#define TPM_ORD_LoadKey2
(65UL + TPM_PROTECTED_ORDINAL)
> #define TPM_ORD_GetRandom
(70UL + TPM_PROTECTED_ORDINAL)
> #define TPM_ORD_StirRandom
(71UL + TPM_PROTECTED_ORDINAL)
> #define TPM_ORD_SelfTestFull
(80UL + TPM_PROTECTED_ORDINAL)
>
>
> ________________________________
>
> From: xense-devel-bounces@xxxxxxxxxxxxxxxxxxx
> [mailto:xense-devel-bounces@xxxxxxxxxxxxxxxxxxx] On Behalf Of Maximilian
> Loy
> Sent: Monday, March 26, 2007 4:40 AM
> To: xense-devel@xxxxxxxxxxxxxxxxxxx
> Subject: [Xense-devel] vtpm_managerd problem
with Infineon TPM
> 1.2
>
>
> Hi everybody,
>
> i am having problems to get the vtpm_managerd
(Xen 3.0.4.1) to
> work with the Infineon TPM 1.2 (platform is a HP nx6325).
>
> I was having the BAD_ORDINAL problems
like discussed earlier on
> this list, but i could solve them with applying the patch from:
>
> http://lists.xensource.com/archives/html/xense-devel/2006-12/msg00020.ht
> ml
>
> This resulted in TPM_AUTHFAIL like in
>
> http://lists.xensource.com/archives/html/xense-devel/2006-12/msg00024.ht
> ml
> giving me the following output after taking
the ownership:
> ...
> INFO[VTSP]: Loading Key into TPM.
> ERROR[TCS]: TCSP_LoadKeyByBlob Failed
with return code
> TPM_AUTHFAIL
> ERROR in VTSP_LoadKey at vtsp.c:634 code:
TPM_AUTHFAIL.
> ERROR in VTPM_Init_Manager at vtpm_manager.c:240
code:
> TPM_AUTHFAIL.
> ERROR[VTPM]: Closing vtpmd due to error
during startup.
>
> Maybe it has something to do with the
patch, as the line 634 in
> vtsp.c has been modified by it.
>
> Any help would be very appreciated!
>
> Best regards, Max
>
> _______________________________________________
> Xense-devel mailing list
> Xense-devel@xxxxxxxxxxxxxxxxxxx
> http://lists.xensource.com/xense-devel
_______________________________________________
Xense-devel mailing list
Xense-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xense-devel
|
<Prev in Thread] |
Current Thread |
[Next in Thread>
|
- RE: [Xense-devel] vtpm_managerd problem with Infineon TPM 1.2, Cihula, Joseph
- Re: [Xense-devel] vtpm_managerd problem with Infineon TPM 1.2, Maximilian Loy
- Re: [Xense-devel] vtpm_managerd problem with Infineon TPM 1.2,
Stefan Berger <=
- Re: [Xense-devel] vtpm_managerd problem with Infineon TPM 1.2, Maximilian Loy
- Re: [Xense-devel] vtpm_managerd problem with Infineon TPM 1.2, Stefan Berger
- RE: [Xense-devel] vtpm_managerd problem with Infineon TPM 1.2, Cihula, Joseph
- Re: [Xense-devel] vtpm_managerd problem with Infineon TPM 1.2, Maximilian Loy
- Re: [Xense-devel] vtpm_managerd problem with Infineon TPM 1.2, Stefan Berger
- Re: [Xense-devel] vtpm_managerd problem with Infineon TPM 1.2, Maximilian Loy
- RE: [Xense-devel] vtpm_managerd problem with Infineon TPM 1.2, Cihula, Joseph
- Re: [Xense-devel] vtpm_managerd problem with Infineon TPM 1.2, Maximilian Loy
- RE: [Xense-devel] vtpm_managerd problem with Infineon TPM 1.2, Cihula, Joseph
- Re: [Xense-devel] vtpm_managerd problem with Infineon TPM 1.2, Maximilian Loy
|
|
|