[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] IMA DOMU Kernel with VTPM

On 11/08/2013 08:18 PM, Karthick R wrote:

The VTPM patch is from https://lkml.org/lkml/2013/7/1/540, not the one
specified in the previous mail. Sorry about that.


On Fri, Nov 8, 2013 at 8:13 PM, Karthick R
<karthick.ramachandran@xxxxxxxxx>wrote:


Hi,

I have custom compiled  the linux-konrad-xen (3.10.0+) with VTPM patch
from (http://lists.xen.org/archives/html/xen-devel/2013-03/msg01923.html)
as DomU kernel. It has the following configuration:

CONFIG_XEN=y
CONFIG_TCG_TPM=y
CONFIG_TCG_XEN=y
CONFIG_IMA=y

When I boot the above DomU kernel *WITHOUT* ima_tcb=1, DomU boots
properly.

However, when I enable IMA (through extras="ima_tcb=1" in domu.cfg), the
booting hangs at

[info] Using makefile-style concurrent boot in runlevel S.

Could anyone point me in a direction where I can debug this?


This is past the point where userspace is up and working; you should be able
to add debugging output to your init scripts or the dispatcher script that
outputs that message. The exact method for doing this is distro-dependent and
should be independent of xen/vtpm issues.

You may want to look at what loads your real IMA-TCB policy (to replace the
initial measure-everything policy) or tcsd/trousers; nothing else should be
waiting on a TPM.

You could also add debug output in the driver or check that the vTPM is not
stuck processing a command (and causing the kernel to time out on extends).


I have vtpmmgr and domu-vtpm running in different VMS and each of them get
messages from when DomU boots. This is confirmed by


Saved hash and key for vtpm <uuid>


in vtpmmgr and


vtpmblk.c Info: Wrote 6992 bytes to NVM persistent storage


in domu-vtpm.

I am using Xen 4.3.1-rc1.

Any help will be really appreciated.


Thanks!

--
Karthick Ramachandran




--
Daniel De Graaf
National Security Agency

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxx
http://lists.xen.org/xen-users

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.