[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] vTPM issues



Timeouts have the standard values.
Good luck with installing 15.04.

On Thu, Jun 25, 2015 at 12:34 PM, Marcos Simà Picà <marcossp@xxxxxx> wrote:

Okay, /etc/tpm0 is present.

The timeout values are:

752000 2000000 752000 752000 [adjusted]


I have no problem actually upgrading to Ubuntu 15.04 if that might solve the problem.


Thanks a lot for your reply again.


De: Emil Condrea <emilcondrea@xxxxxxxxx>
Enviado: jueves, 25 de junio de 2015 11:22
Para: Marcos Simà PicÃ
Cc: xen-devel@xxxxxxxxxxxxx
Asunto: Re: [Xen-devel] vTPM issues
Â
Sorry, I misspelled, I meant /dev/tpm0 not /etc/tpm0
I remember that once I had this problem when almost all trousers commands
were returning internal software error in domU.
Can you check what are the timeout values?
cat /sys/devices/vtpm-0/timeouts

I remember that there was a bug in ubuntu 14.04 regarding tpm driver.
You could try 14.04.2. I am using Ubuntu 15.04 as domU guest and tpm comands
run succesfully.

On Thu, Jun 25, 2015 at 12:10 PM, Marcos Simà Picà <marcossp@xxxxxx> wrote:

Yes, I'm indeed using pv guests. After running #tcsd -f & I get:

TCSD TDDL ioctl: (25) Inappropriate ioctl for device
TCSD TDDL Falling back to Read/Write device support.
TCSD trousers 0.3.5git: TCSD up and running.


I don't know if the problem might be there. When I invoke tpm_takeownership -z -y -l debugÂit returns exactly the same messagesÂI sent in my previousÂemail.Â


On the other hand,Â/sys/devices/vtpm-0Âis present,ÂbutÂ/etc/tpm0 is not.


Thanks for your reply.



De: Emil Condrea <emilcondrea@xxxxxxxxx>
Enviado: jueves, 25 de junio de 2015 10:21
Para: Marcos Simà PicÃ
Cc: xen-devel@xxxxxxxxxxxxx; Xu, Quan
Asunto: Re: [Xen-devel] vTPM issues
Â
I guess you are using pv guests, I don't know exactly if Quan finished development for hvm.
I suggest to take a look at tcsd log:
pkill tcsd
tcsd -f &
tpm_takeownership -z -y -l debug
Also can you see if /sys/devices/vtpm-0 and /dev/tpm0 are present?

On Wed, Jun 24, 2015 at 6:16 PM, Marcos Simà Picà <marcossp@xxxxxx> wrote:

Hello everyone,


I would like to try the vTPM feature, but I'm having some issues. Basically, I followed the steps explained in https://mhsamsal.wordpress.com/2013/12/05/configuring-virtual-tpm-vtpm-for-xen-4-3-guest-virtual-machines/


I'm running Ubuntu 14.04 as Dom0 on a Dell optiplex-9020. I compiled Xen 4.5.0 from source. After creating vtpmmgr and vtpm stubdoms, and DomU, I can invoke tpm_version from DomU:


root@DomU:/home/xen# tpm_version
 TPM 1.2 Version Info:
 Chip Version: 1.2.0.7
 Spec Level: 2
 Errata Revision: 1
 TPM Vendor ID: ETHZ
 TPM Version: 01010000
 Manufacturer Info: 4554485a


I can also see the PCRs status by invoking cat /sys/class/misc/tpm0/device/pcrs, however, most of the commands return an error. When I invoke takeownership I get the following error:


root@DomU:/home/xen# tpm_takeownership -y -z -l debug
Tspi_Context_Create success
Tspi_Context_Connect success
Tspi_Context_GetTpmObject success
Tspi_GetPolicyObject success
Tspi_Policy_SetSecret success
Tspi_Context_CreateObject success
Tspi_GetPolicyObject success
Tspi_Policy_SetSecret success
Tspi_TPM_TakeOwnership failed: 0x00002004 - layer=tcs, code=0004 (4), Internal software error
Tspi_Context_CloseObject success
Tspi_Context_FreeMemory success
Tspi_Context_Close success


The same error is given when invoking tpm_getpubkey. I have already tried after clearing the TPM from BIOS, after having taken ownership and with ownership no taken with the same result when using the vTPM. I have also installed Xen 4.3.4, with the same result too.


In the end, I would like to use the vTPM to generate and use RSA keys for TLS session establishing (using the API provided with GnuTLS). SinceÂI cannot take ownership of the vTPM, the GnuTLS' tpmtool complains it doesn't find any SRK.


I really appreciate any help you can provide.


Best regards,

Marcos


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel




_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.