|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] Questions about the usage of the vTPM implemented in Xen 4.3
Hello Ian, I am using the "xl" toolstack. I have included the configuration and screen logs of the vTPM-Mgr stub domain, vTPM stub domain and DomU. As you can see in the logs, I have enabled the vTPM Mgr and vTPM stub domains once. Then I have enabled the DomU two consecutive times without disconnecting the stub domains (in all the cases issuing the command "xl create -c /var/xen/configuration.cfg). When the DomU shuts down (after issuing a poweroff command with an ssh connection) the vTPM stub domain does not stop. Instead the following entries appear on its log: Tpmback:Info Frontend 14/0 disconnected^M Failed to read /local/domain/14/device/vtpm/0/state.^M Tpmback:Info Frontend 14/0 disconnected^M and later, when the DomU is started again: Tpmback:Info Frontend 15/0 connected^M In addition, one can see that the measurements performed by the "pv-grub" differ from the first to the second boot of the DomU (since the vTPM domain instance has been kept alive): [root@localhost ~]# cat /sys/class/misc/tpm0/device/pcrs ... PCR-04: 5A 4D CA AA C4 90 19 78 9A CB 7A C9 87 A6 08 A8 7C A2 7B DB PCR-05: E5 6C FC F9 65 D2 D0 FC 7A 24 7F 42 66 28 D5 F9 D3 10 EF 72 ... [root@localhost ~]# cat /sys/class/misc/tpm0/device/pcrs ... PCR-04: BB 67 AA F3 9E B6 4B 8F 7E 76 57 7A 16 14 FB 0C B2 57 DF 69 PCR-05: C0 A5 04 68 85 93 1B CD AE 61 F7 DA 49 ED 72 9E 2E D7 06 F0 ... Does anybody know if this is the expected behaviour? Can this be changed? Thanks! Jordi. On 02/10/2014 03:27 PM, Ian Campbell wrote: > CCing the vTPM maintainer. > > On Wed, 2014-02-05 at 17:52 +0100, Jordi Cucurull Juan wrote: >> Dear all, >> >> I have recently configured a Xen 4.3 server with the vTPM enabled and a >> guest virtual machine that takes advantage of it. After playing a bit >> with it, I have a few questions: >> >> 1.According to the documentation, to shutdown the vTPM stubdom it is >> only needed to normally shutdown the guest VM. Theoretically, the vTPM >> stubdom automatically shuts down after this. Nevertheless, if I shutdown >> the guest the vTPM stubdom continues active and, moreover, I can start >> the machine again and the values of the vTPM are the last ones there >> were in the previous instance of the guest. Is this normal? > I don't know much about vTPM but this seems odd to me. Which toolstack > are you using? Can you provide details of your config and logs from both > the startup and shutdown etc please. > > I've no clue about #2 or #3 I'm afraid. > >> 2.In the documentation it is recommended to avoid accessing the physical >> TPM from Dom0 at the same time than the vTPM Manager stubdom. >> Nevertheless, I currently have the IMA and the Trousers enabled in Dom0 >> without any apparent issue. Why is not recommended directly accessing >> the physical TPM of Dom0? >> >> 3.If it is not recommended to directly accessing the physical TPM in >> Dom0, which is the advisable way to check the integrity of this domain? >> With solutions such as TBOOT and IntelTXT? >> >> Best regards, >> Jordi. >> >> >> >> _______________________________________________ >> Xen-devel mailing list >> Xen-devel@xxxxxxxxxxxxx >> http://lists.xen.org/xen-devel > Attachment:
conf-domu.cfg Attachment:
conf-vtpm.cfg Attachment:
conf-vtpmmgr.cfg Attachment:
enable-domu.log.gz Attachment:
enable-vtpm.log.gz Attachment:
enable-vtpmmgr.log.gz _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |