|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-devel] [xen-unstable bisection] complete build-i386
branch xen-unstable
xen branch xen-unstable
job build-i386
test xen-build
Tree: qemu git://xenbits.xen.org/staging/qemu-xen-unstable.git
Tree: qemuu git://xenbits.xen.org/staging/qemu-upstream-unstable.git
Tree: xen git://xenbits.xen.org/xen.git
*** Found and reproduced problem changeset ***
Bug is in tree: xen git://xenbits.xen.org/xen.git
Bug introduced: 5c3705c900581af6f30be124ab8fb64603bdca03
Bug not present: 0b182202fef8ebfc093a00ead9414a683eb8807c
commit 5c3705c900581af6f30be124ab8fb64603bdca03
Author: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>
Date: Mon Apr 21 13:22:57 2014 -0400
vtpmmgr: add TPM group support
This is a complete rewrite of the disk format and key hierarchy for the
TPM Manager. The new format supports multiple groups of vTPMs which
define the permitted configurations where a given vTPM's keys are
available, allowing upgrades of critical components while retaining the
secrecy of cryptographic keys.
New features of the TPM Manager are explained in the README and in the
definitions of the management commands in vtpm_manager.h.
New features for vTPMs:
1. The size of the state blob for a vTPM is expanded from 52 to 64
bytes in order to support future vTPMs using SHA-2/3 instead of SHA-1.
2. vTPMs can obtain a quote from the physical TPM with certain
resettable PCRs set to include information about the vTPM. This can be
used by a vTPM to provide evidence of its integrity, including the
secrecy of its EK, and for deep quotes.
Some additional changes made by this rewrite that may impact existing
users:
1. The value of WELLKNOWN_OWNER_AUTH was incorrect for the physical TPM;
the convention is to use all zero bits for well-known authentication
values, not all one bits.
2. Randomly generating the owner auth value for the physical TPM is no
longer supported, as it prevents later creation or certification of
AIKs (which the old manager did not support).
3. The vTPM Manager needs to be provisioned with a PCR composite and an
upgrade authority's public key before it will save data across boots.
The current implementation still has some limitations:
* 5 valid system PCR selections per group
* The vTPM Manager's disk can use at most 2MB of space
* The vTPM domain's build hash is always set to null/zero
Most of the code relating to upgrade and rollback protection is
currently stubbed out, but future versions can add:
* Support for using the TPM's monotonic counter to prevent rollback
of vTPM data by taking and restoring disk snapshots
* Masking the master disk encryption key using a value stored in the
TPM's NVRAM so that revocation of old data is possible without
relying on all previously authorized software stacks to respect the
monotonic counter's value
Signed-off-by: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>
Acked-by: Ian Campbell <ian.campbell@xxxxxxxxxx>
For bisection revision-tuple graph see:
http://www.chiark.greenend.org.uk/~xensrcts/results/bisect.xen-unstable.build-i386.xen-build.html
Revision IDs in each graph node refer, respectively, to the Trees above.
----------------------------------------
Searching for failure / basis pass:
25984 fail [host=moss-bug] / 25960 [host=grain-weevil] 25954
[host=grain-weevil] 25945 [host=lace-bug] 25938 [host=grain-weevil] 25931
[host=lace-bug] 25923 [host=field-cricket] 25919 ok.
Failure / basis pass flights: 25984 / 25919
Tree: qemu git://xenbits.xen.org/staging/qemu-xen-unstable.git
Tree: qemuu git://xenbits.xen.org/staging/qemu-upstream-unstable.git
Tree: xen git://xenbits.xen.org/xen.git
Latest 7f5b3c338e0f8938ba575dec18255dcbee0c2ee2
65fc9b78ba3d868a26952db0d8e51cecf01d47b4
c7ee02d23fde573f0bb145610c984b64d71d20cb
Basis pass 7f5b3c338e0f8938ba575dec18255dcbee0c2ee2
65fc9b78ba3d868a26952db0d8e51cecf01d47b4
01feb234d0cb3bff248694d99397fb63a9757490
Generating revisions with ./adhoc-revtuple-generator
git://xenbits.xen.org/staging/qemu-xen-unstable.git#7f5b3c338e0f8938ba575dec18255dcbee0c2ee2-7f5b3c338e0f8938ba575dec18255dcbee0c2ee2
git://xenbits.xen.org/staging/qemu-upstream-unstable.git#65fc9b78ba3d868a26952db0d8e51cecf01d47b4-65fc9b78ba3d868a26952db0d8e51cecf01d47b4
git://xenbits.xen.org/xen.git#01feb234d0cb3bff248694d99397fb63a9757490-c7ee02d23fde573f0bb145610c984b64d71d20cb
Cloning into bare repository /export/home/osstest/repos/xen...
Cloning into bare repository /export/home/osstest/repos/xen...
Loaded 1001 nodes in revision graph
Searching for test results:
25905 [host=lace-bug]
25915 [host=grain-weevil]
25917 [host=lace-bug]
25912 [host=field-cricket]
25919 pass 7f5b3c338e0f8938ba575dec18255dcbee0c2ee2
65fc9b78ba3d868a26952db0d8e51cecf01d47b4
01feb234d0cb3bff248694d99397fb63a9757490
25923 [host=field-cricket]
25991 pass 7f5b3c338e0f8938ba575dec18255dcbee0c2ee2
65fc9b78ba3d868a26952db0d8e51cecf01d47b4
cda12fa0cee7023878598ff8ced3613b57576ce3
26002 pass 7f5b3c338e0f8938ba575dec18255dcbee0c2ee2
65fc9b78ba3d868a26952db0d8e51cecf01d47b4
0b182202fef8ebfc093a00ead9414a683eb8807c
25954 [host=grain-weevil]
25931 [host=lace-bug]
25975 pass 7f5b3c338e0f8938ba575dec18255dcbee0c2ee2
65fc9b78ba3d868a26952db0d8e51cecf01d47b4
01feb234d0cb3bff248694d99397fb63a9757490
25938 [host=grain-weevil]
25992 pass 7f5b3c338e0f8938ba575dec18255dcbee0c2ee2
65fc9b78ba3d868a26952db0d8e51cecf01d47b4
a0453db0c6ead85e0e2143c133268bcc5a017f73
25960 [host=grain-weevil]
25945 [host=lace-bug]
25982 fail 7f5b3c338e0f8938ba575dec18255dcbee0c2ee2
65fc9b78ba3d868a26952db0d8e51cecf01d47b4
bf70db7cea3794cf2f3c8d714b460bba86b04791
26003 fail 7f5b3c338e0f8938ba575dec18255dcbee0c2ee2
65fc9b78ba3d868a26952db0d8e51cecf01d47b4
5c3705c900581af6f30be124ab8fb64603bdca03
25974 fail 7f5b3c338e0f8938ba575dec18255dcbee0c2ee2
65fc9b78ba3d868a26952db0d8e51cecf01d47b4
208ae82a265c065b7f39ca38b4ba25c14d2df0f0
25984 fail 7f5b3c338e0f8938ba575dec18255dcbee0c2ee2
65fc9b78ba3d868a26952db0d8e51cecf01d47b4
c7ee02d23fde573f0bb145610c984b64d71d20cb
25967 pass 7f5b3c338e0f8938ba575dec18255dcbee0c2ee2
65fc9b78ba3d868a26952db0d8e51cecf01d47b4
8cfc8e520679e029bed51ccc2540a136fc0fbd9b
25983 fail 7f5b3c338e0f8938ba575dec18255dcbee0c2ee2
65fc9b78ba3d868a26952db0d8e51cecf01d47b4
5ff49ec44b0fa74b624fe2291e563a858c606087
26004 pass 7f5b3c338e0f8938ba575dec18255dcbee0c2ee2
65fc9b78ba3d868a26952db0d8e51cecf01d47b4
0b182202fef8ebfc093a00ead9414a683eb8807c
25973 [host=lace-bug]
25966 fail 7f5b3c338e0f8938ba575dec18255dcbee0c2ee2
65fc9b78ba3d868a26952db0d8e51cecf01d47b4
bf70db7cea3794cf2f3c8d714b460bba86b04791
25995 pass 7f5b3c338e0f8938ba575dec18255dcbee0c2ee2
65fc9b78ba3d868a26952db0d8e51cecf01d47b4
0b182202fef8ebfc093a00ead9414a683eb8807c
26005 fail 7f5b3c338e0f8938ba575dec18255dcbee0c2ee2
65fc9b78ba3d868a26952db0d8e51cecf01d47b4
5c3705c900581af6f30be124ab8fb64603bdca03
25985 fail 7f5b3c338e0f8938ba575dec18255dcbee0c2ee2
65fc9b78ba3d868a26952db0d8e51cecf01d47b4
208ae82a265c065b7f39ca38b4ba25c14d2df0f0
25997 pass 7f5b3c338e0f8938ba575dec18255dcbee0c2ee2
65fc9b78ba3d868a26952db0d8e51cecf01d47b4
01feb234d0cb3bff248694d99397fb63a9757490
25989 fail 7f5b3c338e0f8938ba575dec18255dcbee0c2ee2
65fc9b78ba3d868a26952db0d8e51cecf01d47b4
5c3705c900581af6f30be124ab8fb64603bdca03
25998 fail 7f5b3c338e0f8938ba575dec18255dcbee0c2ee2
65fc9b78ba3d868a26952db0d8e51cecf01d47b4
c7ee02d23fde573f0bb145610c984b64d71d20cb
26001 fail 7f5b3c338e0f8938ba575dec18255dcbee0c2ee2
65fc9b78ba3d868a26952db0d8e51cecf01d47b4
5c3705c900581af6f30be124ab8fb64603bdca03
Searching for interesting versions
Result found: flight 25919 (pass), for basis pass
Result found: flight 25984 (fail), for basis failure
Repro found: flight 25997 (pass), for basis pass
Repro found: flight 25998 (fail), for basis failure
0 revisions at 7f5b3c338e0f8938ba575dec18255dcbee0c2ee2
65fc9b78ba3d868a26952db0d8e51cecf01d47b4
0b182202fef8ebfc093a00ead9414a683eb8807c
No revisions left to test, checking graph state.
Result found: flight 25995 (pass), for last pass
Result found: flight 26001 (fail), for first failure
Repro found: flight 26002 (pass), for last pass
Repro found: flight 26003 (fail), for first failure
Repro found: flight 26004 (pass), for last pass
Repro found: flight 26005 (fail), for first failure
*** Found and reproduced problem changeset ***
Bug is in tree: xen git://xenbits.xen.org/xen.git
Bug introduced: 5c3705c900581af6f30be124ab8fb64603bdca03
Bug not present: 0b182202fef8ebfc093a00ead9414a683eb8807c
Cloning into bare repository /export/home/osstest/repos/xen...
commit 5c3705c900581af6f30be124ab8fb64603bdca03
Author: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>
Date: Mon Apr 21 13:22:57 2014 -0400
vtpmmgr: add TPM group support
This is a complete rewrite of the disk format and key hierarchy for the
TPM Manager. The new format supports multiple groups of vTPMs which
define the permitted configurations where a given vTPM's keys are
available, allowing upgrades of critical components while retaining the
secrecy of cryptographic keys.
New features of the TPM Manager are explained in the README and in the
definitions of the management commands in vtpm_manager.h.
New features for vTPMs:
1. The size of the state blob for a vTPM is expanded from 52 to 64
bytes in order to support future vTPMs using SHA-2/3 instead of SHA-1.
2. vTPMs can obtain a quote from the physical TPM with certain
resettable PCRs set to include information about the vTPM. This can be
used by a vTPM to provide evidence of its integrity, including the
secrecy of its EK, and for deep quotes.
Some additional changes made by this rewrite that may impact existing
users:
1. The value of WELLKNOWN_OWNER_AUTH was incorrect for the physical TPM;
the convention is to use all zero bits for well-known authentication
values, not all one bits.
2. Randomly generating the owner auth value for the physical TPM is no
longer supported, as it prevents later creation or certification of
AIKs (which the old manager did not support).
3. The vTPM Manager needs to be provisioned with a PCR composite and an
upgrade authority's public key before it will save data across boots.
The current implementation still has some limitations:
* 5 valid system PCR selections per group
* The vTPM Manager's disk can use at most 2MB of space
* The vTPM domain's build hash is always set to null/zero
Most of the code relating to upgrade and rollback protection is
currently stubbed out, but future versions can add:
* Support for using the TPM's monotonic counter to prevent rollback
of vTPM data by taking and restoring disk snapshots
* Masking the master disk encryption key using a value stored in the
TPM's NVRAM so that revocation of old data is possible without
relying on all previously authorized software stacks to respect the
monotonic counter's value
Signed-off-by: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>
Acked-by: Ian Campbell <ian.campbell@xxxxxxxxxx>
Revision graph left in
/home/xc_osstest/results/bisect.xen-unstable.build-i386.xen-build.{dot,ps,png,html}.
----------------------------------------
26005: tolerable ALL FAIL
flight 26005 xen-unstable real-bisect [real]
http://www.chiark.greenend.org.uk/~xensrcts/logs/26005/
Failures :-/ but no regressions.
Tests which did not succeed,
including tests which could not be run:
build-i386 4 xen-build fail baseline untested
jobs:
build-i386 fail
------------------------------------------------------------
sg-report-flight on osstest.cam.xci-test.com
logs: /home/xc_osstest/logs
images: /home/xc_osstest/images
Logs, config files, etc. are available at
http://www.chiark.greenend.org.uk/~xensrcts/logs
Test harness code can be found at
http://xenbits.xensource.com/gitweb?p=osstest.git;a=summary
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |