[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Xen-devel] vTPM setup problem on the emulator
|
On 01/10/2013 10:11 PM, Bei Guan wrote:
2013/1/10 Matthew Fioravante <matthew.fioravante@xxxxxxxxxx>
On 01/09/2013 09:17 PM, Bei Guan wrote:
Hi Matthew,Â
Thank you for your reply.
2013/1/10 Matthew
Fioravante <matthew.fioravante@xxxxxxxxxx>
On 01/09/2013 03:58 AM, gavin wrote:
Hi,
I tried to install the vTPM in
Xen-4.1.0 + Dom0 kernel 2.6.18.8 +
DomU kernel 2.6.18.8. The device is
TPM emulator.
However, IÂ encountered
several problems.
1. In DomU, I run "modprobe
tpm_xenu" successfully. But it
doesn't creates the /dev/tpm0 device
as our had expected. So, the
trousers cannot be started. An old
thread in Xen mail-list can do
this,( http://old-list-archives.xen.org/xense-devel/2006-12/msg00002.html)
but it helps little to me.
Is there any problem with my vTPM
front driver? The tpm related
modules and other info in DomU is
list here.
[root@gavin-pv ~]# lsmod | grep tpm
tpm_xenu 15752 0 [permanent]
tpm 17952 1 tpm_xenu
tpm_bios 10112 1 tpm
[root@gavin-pv ~]# tcsd -f
TCSD TDDL ERROR: Could not find a device to open!
Any relevant output in dmesg? Also does your
domu config file have a vtpm device
specified?
When I run "insmod tpm_xenu.ko" at the
first time in DomU, there is noÂspecial
message in dmesg except for this
"xen_tpm_fr: Initialising the vTPMÂdriver."
Then, I reload the tpm_xenu module after
removing it using "rmmod tpm_xenu.ko -f".
IÂget the following message in dmesg.
...
xen_tpm_fr: Initialising the vTPM driver.
kobject_add failed for vtpm with -EEXIST,
don't try to register things with the same
name in the same directory.
Â[<c01ea4ea>]
kobject_add+0x11a/0x1a0
Â[<c01ea691>]
kobject_register+0x21/0x50
Â[<c02400fd>]
bus_add_driver+0x7d/0x140
Â[<c02856f9>]
xenbus_register_driver_common+0x39/0x60
Â[<c0285740>]
xenbus_register_frontend+0x20/0x40
Â[<e1227050>] tpmif_init+0x50/0x62
[tpm_xenu]
Â[<c0143b08>]
sys_init_module+0x148/0x1b40
Â[<c01187fc>]
do_page_fault+0x10c/0xc6f
Â[<c010845e>]
do_syscall_trace+0x1ee/0x205
Â[<c01059bf>] syscall_call+0x7/0xb
In the DomUconfig file, I use vtpm =
['backend=0'].
But there is no vtpm device in Dom0 and
DomU. See the following info.
The domU is PVM correct? You can also try just compiling in
tpm_xenu instead of using it as a module.
Yes, it's DomU.
Now, I try vTPM in Xen-4.0.2, Dom0 and DomU are still with
kernel 2.6.18.8. I can get the device /dev/tpm0 in DomU after
modprobe tpm_xenu.
(Perhaps this problem has something to do with the hardware
and the Xen version)
However, When I run tcsd in DomU, there is an error:
TCSD resetting mode of /usr/local/var/lib/tpm from 40755
to: 700
TCSD TDDL ioctl: (25) Inappropriate ioctl for device
TCSD TDDL Falling back to Read/Write device support.
TCSD TCS ERROR: TCS GetCapability failed with result =
0x9
Is this because vtpm_managerd is not running in Dom0 or
physical TPM does not work well in Dom0?
What does the output of the vtpm say? You have to have the manager
running before you start the domU otherwise it wont work.
Â
Dom0:
[root@localhost fc8_new]# ls
/sys/devices/xen-backend/
console-3-0 Âpower Âuevent Âvbd-3-2049
Âvfb-3-0 Âvif-3-0 Âvkbd-3-0
DomU:
[root@gavin-pv tpm]# ls /sys/devices/xen
power Âuevent Âvbd-2049 Âvfb-0 Âvif-0
Âvkbd-0
Â
2. In Dom0, I run "modprobe tpmd_dev"
and "modprobe tpmbk" also successfully
and I can get the devices /dev/tpm,
/dev/tpm0, and /dev/vtpm. However, I
cannot start the tpm emulator (#
./tpmd -f clear pvm 1) and vtpm
manager (# vtpm_managerd). The related
info and output error from Dom0 is
also list here.
So you want to use the TPM emulator on dom0
instead of a physical TPM?
Yes, I try to use TPM emulator right now.
In fact, there is a physical TPM chip in my
laptop. But I'm not sure how to make it work in
fedora8. So, when the vTPM works well on
emulator, I will try to abandon the emulator and
use the physical TPM.
In that case you might want to make sure the TPM is
disabled in the BIOS if you want to use the emulator. Your
dom0 kernel might have tpm drivers built in which could
cause a possible conflict with the emulator.
Using the tpm emulator in dom0 has its own collection of
issues. You might want to get the physical tpm working first
and then play with vtpms. We used TPM successfully on Fedora
8.
Try this:
Reboot your machine and get into the bios. Clear the TPM and
then activiate it. You might not have that option to clear
if its disabled, in that case just activiate it. In fedora
install trousers and tpm_tools. Start tcsd and try
tpm_version or some other command to ensure your TPM is
working. If not, make sure all of the TPM drivers are either
compiled into the kernel or loaded as modules.
Now, I try to use physical TPM directly instead of an
emulator. I try to make the physical TPM work firstly. I
didÂwhat you suggested above, but I still encountered some
problems.
The TPM relevant modules in Dom0 are loaded like this.
modprobe tpm_bios
modprobeÂtpm
modprobeÂtpm_tis force=1
Then, I got the /dev/tpm0.
However, I cannot start tcsd andÂvtpm_managerdÂin Dom0. The
output is as the following.
[root@localhost Xen]# tcsd -f
TCSD TDDL ioctl: (25) Inappropriate ioctl for device
TCSD TDDL Falling back to Read/Write device support.
TCSD TDDL ERROR: read from device /dev/tpm0 failed:
Input/output error
TCSD TCS ERROR: TCS GetCapability failed with result =
0x1087
[root@localhost vtpm_manager]# vtpm_managerd
INFO[VTPM]: Starting VTPM.
INFO[TCS]: Constructing new TCS:
INFO[TCS]: Calling TCS_OpenContext:
ERROR[TXDATA]: read() failed*** ERRORDIE in
TDDL_TransmitData at transmit.c: 89
ERROR in VTPM_Init_Manager at vtpm_manager.c:215 code:
TPM_FAIL.
ERROR[VTPM]: Closing vtpmd due to error during startup.
I searched in google for a while, but I still cannot
resolve it.Â
Do you have any suggestionsÂon these problems? Thanks in
advance.
You can't run tcsd and vtpm manager at the same time. Only use tcsd
to test if your tpm if working and then kill the process and disable
it from starting on boot (chkconfig tcsd off). Make sure tcsd is not
already running in the background before you try running it yourself
(ps -ef | grep tcsd). If you try 2 instances of tcsd it will fail.
Â
Â
I see you listed /dev/tpm and /dev/tpm0. I
believe the old manager is hard coded to use
the second one. Is tpmd creating both?
Yes. When modprobe the tpmd_dev module,
these two devices are created.
Thanks again.
Â
[root@localhost tpmd]# lsmod | grep tpm
tpmd_dev 10416 0
tpmbk 19516 0 [permanent]
[root@localhost tpmd]# ./tpmd
-f clear pvm 1
VTPMD[0]: tpmd.c:766: Info:
starting TPM Emulator daemon
VTPMD[0]: tpmd.c:369: Info:
parsing options
VTPMD[1]: tpmd.c:478: Info:
openening random device
/dev/urandom
VTPMD[1]: tpmd.c:621: Info:
staring main loop
Loading NVM.
Error in read_from_ file:301
VTPMD[1]: ../tpm/tpm_data.c:83:
Info: initializing TPM data to
default values
VTPMD[1]: ../tpm/tpm_startup.c:30:
Info: TPM_Init()
VTPMD[1]:
../tpm/tpm_testing.c:242: Info:
TPM_SelfTestFull()
VTPMD[1]:
../tpm/tpm_testing.c:260: Info:
Self-Test succeeded
VTPMD[1]: ../tpm/tpm_startup.c:44:
Info: TPM_Startup(1)
VTPMD[1]: tpmd.c:661: Error:
Failed to open devices to listen
to guest.
[root@localhost vtpm]#
vtpm_managerd
INFO[VTPM]: Starting VTPM.
INFO[TCS]: Constructing new TCS:
ERROR[TXDATA]: TPM open
failedERROR in VTPM_Init_Manager
at vtpm_manager.c:205 code:
TPM_IOERROR.
ERROR[VTPM]: Closing vtpmd due to
error during startup.
Thanks in advance for your any
reply.
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel
Keep in mind that the old vTPM system is deprecated and I
can only provide limited support. If you can't get it to
work I would suggest pulling the latest xen-unstable and my
latest patch set on here and trying to use that.
Well, it's very nice. I think maybe I need to try it later.
--
|
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel
|
