[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xense-devel] vtpm_managerd problem with Infineon TPM 1.2


xense-devel-bounces@xxxxxxxxxxxxxxxxxxx wrote on 04/06/2007 04:03:21 AM:

> Hi Joseph,
>
> first of all, thank you and Vinnie for the patch!
> I did a fresh installation of my development partition and installed
> the patched Xen.
> So, the patch solves the earlier problem, but another one surfaced.
> When i start vtpm_manager i get this output after it has
> loaded/created the keys:
>
> ERROR[VTPM]: VTPM ERROR: Can't open /dev/vtpm for reading.
> ERROR[VTPM]: [Backend Listener]: Backend Listener can't read from
> ipc. Aborting...
> ....

Did you do 'modprobe tpmbk'? That should make /dev/vtpm available.

  Stefan


>
> I get this message again and again till i abort it:
>
> INFO[VTPM]: [BINFO[VTPM]: Child shutting down
> INFO[VTPM]: VTPM Manager shutting down for signal 2.
> INFO[VTPM]: Enveloping Input[624]: 0x2 c5 94 f9 e4 fa 88 e0 a4 8d 43
> a3 b1 35 ee 43 3d 5e 5e f 50 e1 51 7a 59 9f cb 70 a4 fb 3c b5 41 56
> ad 5d e2 37 3b a5
> ........
>  6a 96 5b 1e 6b da a5 f4 ea 22 98 10 b0 b1 c8 b2 7c 27 10 51 a3 da 0
> 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
> INFO[VTSP]: Binding 16 bytes of data.
> INFO[VTPM]: Saved 256 bytes of E(symkey) + 656 bytes of E(data)
> INFO[VTPM]: Enveloping Output[920]: 0x0 0 1 0 3a 85 a0 a2 7f cb 9a
> 1c 85 2b 6c ec 76 5c 2f 59 57 fd 16 94 1c c2 e a3 9b d1 b4 25 ca 4a
> f 5f 21 f2 2e 1f f4 ......
>  88 1c 13 35 47 d8 e b0 93 1a b5 d2 d f1 5e ed ea 7e 69 2e b4 c2 21
> f2 da 34 5c ea a5 6d f6
> INFO[VTPM]: Child shutting down
> INFO[VTPM]: Saved VTPM Manager state (status = 0, dmis = -1)
> INFO[TCS]: Calling TCS_CloseContext.
> INFO[VTPM]: Child shutting down
> ERROR[TCS]: TCSP_EvictKey Failed with return code TPM_BAD_ORDINAL
> ERROR[TCS]: Not all handles evicted from TPM.
> INFO[TCS]: Destructing TCS:
> INFO[TCS]: Calling TCS_CloseContext.
> INFO[VTPM]: VTPM Manager stopped.
>
>
> So i tried to solve the problem by clearing the ownership and
> deleting /var/vtpm/VTPM, but with the same result.
>
> The /dev/vtpm directory is empty now with the following access rights:
> drwxrwxr-x  2 root root        4096 Apr  5 22:15 vtpm
>
> lsmod shows me tpmbk running, as well as the tpm drivers:
> tpmbk                  17724  0 [permanent]
> tpm_tis                14592  0
> tpm_infineon           12312  0
> tpm                    18848  2 tpm_tis,tpm_infineon
> tpm_bios               10368  1 tpm
>
>
> Maybe that helps.
>
> Regards,
> Max
>

> 2007/4/5, Cihula, Joseph <joseph.cihula@xxxxxxxxx>:
> Max and Burak,
>
> Sorry for the delay in responding (especially to Burak whose much
> earlier posting we missed).  We don't have an Infineon TPM here to test
> with, but the root cause of this error isn't specific to the TPM mfgr.
> and we did verify it on our v1.2 TPMs.  Attached and inline is a patch
> (including Vinnie's existing one) that should fix this problem.  You
> should delete your /var/vtpm/VTPM file before re-running, but you don't
> need to reset your owner.
>
> Let me know how it works.  If this solves your problem then I will work
> up an official patch that can support both v1.1b and v1.2 TPMs (this
> patch will only work with v1.2 TPMs).
>
> Vinnie Scarlata deserves all of the credit for root causing this and
> providing the fix.
>
> Joe
>
> Patch:
>
> diff -r 15ff55aab051 tools/vtpm_manager/manager/vtpm_manager.c
> --- a/tools/vtpm_manager/manager/vtpm_manager.c Mon Mar 05 15:15:03 2007
> -0800
> +++ b/tools/vtpm_manager/manager/vtpm_manager.c Thu Apr 05 10:23:46 2007
> -0700
> @@ -90,22 +90,19 @@ TPM_RESULT VTPM_Create_Manager(){
>    CRYPTO_INFO ek_cryptoInfo;
>
>    status = VTSP_ReadPubek(vtpm_globals->manager_tcs_handle,
> &ek_cryptoInfo);
> -
> +
>    // If we can read PubEK then there is no owner and we should take it.
>    // We use the abilty to read the pubEK to flag that the TPM is owned.
>    // FIXME: Change to just trying to take ownership and react to the
> status
>    if (status == TPM_SUCCESS) {
> -    TPMTRYRETURN(VTSP_TakeOwnership(vtpm_globals->manager_tcs_handle,
> -                                   (const
> TPM_AUTHDATA*)&vtpm_globals->owner_usage_auth,
> -                                   &SRK_AUTH,
> -                                   &ek_cryptoInfo,
> -                                   &vtpm_globals->keyAuth));
> -
> -
> TPMTRYRETURN(VTSP_DisablePubekRead(vtpm_globals->manager_tcs_handle,
> -                                       (const
> TPM_AUTHDATA*)&vtpm_globals->owner_usage_auth,
> -                                       &vtpm_globals->keyAuth));
> -  } else {
> -    vtpmloginfo(VTPM_LOG_VTPM, "Failed to readEK meaning TPM has an
> owner. Creating Keys off existing SRK.\n");
> +    status = VTSP_TakeOwnership(vtpm_globals->manager_tcs_handle,
> +                               (const
> TPM_AUTHDATA*)&vtpm_globals->owner_usage_auth,
> +                               &SRK_AUTH,
> +                               &ek_cryptoInfo,
> +                               &vtpm_globals->keyAuth);
> +  }
> +  if (status != TPM_SUCCESS) {
> +    vtpmloginfo(VTPM_LOG_VTPM, "TPM has an owner. Creating Keys off
> existing SRK.\n");
>    }
>
>    // Generate storage key's auth
> diff -r 15ff55aab051 tools/vtpm_manager/manager/vtsp.c
> --- a/tools/vtpm_manager/manager/vtsp.c Mon Mar 05 15:15:03 2007 -0800
> +++ b/tools/vtpm_manager/manager/vtsp.c Thu Apr 05 10:24:01 2007 -0700
> @@ -596,7 +596,7 @@ TPM_RESULT VTSP_LoadKey(const TCS_CONTEX
>    vtpmloginfo(VTPM_LOG_VTSP, "Loading Key %s.\n", (!skipTPMLoad ? "into
> TPM" : "only into memory"));
>
>    TPM_RESULT status = TPM_SUCCESS;
> -  TPM_COMMAND_CODE command = TPM_ORD_LoadKey;
> +  TPM_COMMAND_CODE command = TPM_ORD_LoadKey2;
>
>    BYTE *paramText=NULL;        // Digest to make Auth.
>    UINT32 paramTextSize;
> @@ -634,10 +634,9 @@ TPM_RESULT VTSP_LoadKey(const TCS_CONTEX
>                                        &phKeyHMAC) );
>
>      // Verify Auth
> -    paramTextSize = BSG_PackList(paramText, 3,
> +    paramTextSize = BSG_PackList(paramText, 2,
>                                  BSG_TPM_RESULT, &status,
> -                                BSG_TPM_COMMAND_CODE, &command,
> -                                BSG_TPM_HANDLE, newKeyHandle);
> +                                BSG_TPM_COMMAND_CODE, &command);
>
>      TPMTRYRETURN( VerifyAuth( paramText, paramTextSize,
>                               parentAuth, auth,
> diff -r 15ff55aab051 tools/vtpm_manager/tcs/tcs.c
> --- a/tools/vtpm_manager/tcs/tcs.c      Mon Mar 05 15:15:03 2007 -0800
> +++ b/tools/vtpm_manager/tcs/tcs.c      Thu Apr 05 10:24:12 2007 -0700
> @@ -901,7 +901,7 @@ TPM_RESULT TCSP_LoadKeyByBlob(TCS_CONTEX
>    // setup input/output parameters block
>    TPM_TAG tag = TPM_TAG_RQU_AUTH1_COMMAND;
>    UINT32 paramSize = 0;
> -  TPM_COMMAND_CODE ordinal = TPM_ORD_LoadKey;
> +  TPM_COMMAND_CODE ordinal = TPM_ORD_LoadKey2;
>    TPM_RESULT returnCode = TPM_SUCCESS;
>
>    // setup the TPM driver input and output buffers
> diff -r 15ff55aab051 tools/vtpm_manager/util/tcg.h
> --- a/tools/vtpm_manager/util/tcg.h     Mon Mar 05 15:15:03 2007 -0800
> +++ b/tools/vtpm_manager/util/tcg.h     Thu Apr 05 10:24:24 2007 -0700
> @@ -250,6 +250,7 @@ typedef struct pack_constbuf_t {
> #define TPM_ORD_ReadManuMaintPub         (48UL + TPM_PROTECTED_ORDINAL)
> #define TPM_ORD_CertifyKey               (50UL + TPM_PROTECTED_ORDINAL)
> #define TPM_ORD_Sign                     (60UL + TPM_PROTECTED_ORDINAL)
> +#define TPM_ORD_LoadKey2                 (65UL + TPM_PROTECTED_ORDINAL)
> #define TPM_ORD_GetRandom                (70UL + TPM_PROTECTED_ORDINAL)
> #define TPM_ORD_StirRandom               (71UL + TPM_PROTECTED_ORDINAL)
> #define TPM_ORD_SelfTestFull             (80UL + TPM_PROTECTED_ORDINAL)
>
>
> ________________________________
>
>         From: xense-devel-bounces@xxxxxxxxxxxxxxxxxxx
> [mailto:xense-devel-bounces@xxxxxxxxxxxxxxxxxxx] On Behalf Of Maximilian
> Loy
>         Sent: Monday, March 26, 2007 4:40 AM
>         To: xense-devel@xxxxxxxxxxxxxxxxxxx
>         Subject: [Xense-devel] vtpm_managerd problem with Infineon TPM
> 1.2
>
>
>         Hi everybody,
>
>         i am having problems to get the vtpm_managerd (Xen 3.0.4.1) to
> work with the Infineon TPM 1.2 (platform is a HP nx6325).
>
>         I was having the BAD_ORDINAL problems like discussed earlier on
> this list, but i could solve them with applying the patch from:
>
> http://lists.xensource.com/archives/html/xense-devel/2006-12/msg00020.ht
> ml
>
>         This resulted in TPM_AUTHFAIL like in
>
> http://lists.xensource.com/archives/html/xense-devel/2006-12/msg00024.ht
> ml
>         giving me the following output after taking the ownership:
>         ...
>         INFO[VTSP]: Loading Key into TPM.
>         ERROR[TCS]: TCSP_LoadKeyByBlob Failed with return code
> TPM_AUTHFAIL
>         ERROR in VTSP_LoadKey at vtsp.c:634 code: TPM_AUTHFAIL.
>         ERROR in VTPM_Init_Manager at vtpm_manager.c:240 code:
> TPM_AUTHFAIL.
>         ERROR[VTPM]: Closing vtpmd due to error during startup.
>
>         Maybe it has something to do with the patch, as the line 634 in
> vtsp.c has been modified by it.
>
>         Any help would be very appreciated!
>
>         Best regards, Max
>

> _______________________________________________
> Xense-devel mailing list
> Xense-devel@xxxxxxxxxxxxxxxxxxx
> http://lists.xensource.com/xense-devel
_______________________________________________
Xense-devel mailing list
Xense-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xense-devel

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.