[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [Xense-devel] vtpm_managerd problem with Infineon TPM 1.2
Hopefully if you unload tpmbk, delete your current /dev/vtpm entry, and
then re- modprobe tpmbk it will create the proper entry for
you.
It also looks like there is one more v1.1b
command in the code (TPM_EvictKey). Since the basic v1.2 patch worked for
you, I will generate a patch that can handle both versions and fix the
TPM_EvictKey usage in the v1.2 path of this new patch (rather than sending out
another v1.2 only patch).
Joe
xense-devel-bounces@xxxxxxxxxxxxxxxxxxx wrote
on 04/06/2007 02:53:48 PM:
>
> > So, the patch solves the
earlier problem, but another one surfaced.
> > When i start
vtpm_manager i get this output after it has
> > loaded/created the
keys:
> >
> > ERROR[VTPM]: VTPM ERROR: Can't open
/dev/vtpm for reading.
> > ERROR[VTPM]: [Backend Listener]: Backend
Listener can't read from
> > ipc. Aborting...
> > ....
>
> Did you do 'modprobe tpmbk'? That should make /dev/vtpm
available.
>
> I did, and lsmod
shows me tpmbk running, as well as the tpm drivers:
> tpmbk
17724 0
[permanent]
> tpm_tis
14592 0
> tpm_infineon
12312 0
> tpm
18848 2 tpm_tis,tpm_infineon
> tpm_bios
10368 1 tpm
>
>
Although the /dev/vtpm directory exists, it is completly empty. Is
>
this normal?
/dev/vtpm is a character
device, not a directory.
'ls /dev/vtpm'
should show something like this:
crw------- 1 root root 10, 225 Apr 6 11:50
/dev/vtpm
Stefan
>
>
Regards,
> Max
>
>
> >
> > I get this message again and again till i abort
it:
> >
> > INFO[VTPM]: [BINFO[VTPM]: Child shutting
down
> > INFO[VTPM]: VTPM Manager shutting down for signal 2.
>
> INFO[VTPM]: Enveloping Input[624]: 0x2 c5 94 f9 e4 fa 88 e0 a4 8d
43
> > a3 b1 35 ee 43 3d 5e 5e f 50 e1 51 7a 59 9f cb 70 a4 fb 3c b5
41 56
> > ad 5d e2 37 3b a5
> > ........
> >
6a 96 5b 1e 6b da a5 f4 ea 22 98 10 b0 b1 c8 b2 7c 27 10 51 a3 da
0
> > 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
> > INFO[VTSP]:
Binding 16 bytes of data.
> > INFO[VTPM]: Saved 256 bytes of
E(symkey) + 656 bytes of E(data)
> > INFO[VTPM]: Enveloping
Output[920]: 0x0 0 1 0 3a 85 a0 a2 7f cb 9a
> > 1c 85 2b 6c ec 76 5c
2f 59 57 fd 16 94 1c c2 e a3 9b d1 b4 25 ca 4a
> > f 5f 21 f2 2e 1f
f4 ......
> > 88 1c 13 35 47 d8 e b0 93 1a b5 d2 d f1 5e ed ea
7e 69 2e b4 c2 21
> > f2 da 34 5c ea a5 6d f6
> >
INFO[VTPM]: Child shutting down
> > INFO[VTPM]: Saved VTPM Manager
state (status = 0, dmis = -1)
> > INFO[TCS]: Calling
TCS_CloseContext.
> > INFO[VTPM]: Child shutting down
> >
ERROR[TCS]: TCSP_EvictKey Failed with return code TPM_BAD_ORDINAL
>
> ERROR[TCS]: Not all handles evicted from TPM.
> > INFO[TCS]:
Destructing TCS:
> > INFO[TCS]: Calling TCS_CloseContext.
>
> INFO[VTPM]: VTPM Manager stopped.
> >
> >
>
> So i tried to solve the problem by clearing the ownership and
>
> deleting /var/vtpm/VTPM, but with the same result.
> >
>
> The /dev/vtpm directory is empty now with the following access
rights:
> > drwxrwxr-x 2 root root
4096 Apr 5 22:15 vtpm
> >
> > lsmod shows me
tpmbk running, as well as the tpm drivers:
> > tpmbk
17724 0 [permanent]
> > tpm_tis
14592 0
> > tpm_infineon
12312 0
> > tpm
18848 2 tpm_tis,tpm_infineon
>
> tpm_bios 10368 1
tpm
> >
> >
> > Maybe that helps.
> >
> > Regards,
> > Max
> >
>
> >
2007/4/5, Cihula, Joseph <joseph.cihula@xxxxxxxxx>:
> > Max
and Burak,
> >
> > Sorry for the delay in responding
(especially to Burak whose much
> > earlier posting we missed).
We don't have an Infineon TPM here to test
> > with, but the
root cause of this error isn't specific to the TPM mfgr.
> > and we
did verify it on our v1.2 TPMs. Attached and inline is a patch
>
> (including Vinnie's existing one) that should fix this problem.
You
> > should delete your /var/vtpm/VTPM file before
re-running, but you don't
> > need to reset your owner.
> >
> > Let me know how it works. If this solves your problem then
I will work
> > up an official patch that can support both v1.1b and
v1.2 TPMs (this
> > patch will only work with v1.2 TPMs).
>
>
> > Vinnie Scarlata deserves all of the credit for root causing
this and
> > providing the fix.
> >
> >
Joe
> >
> > Patch:
> >
> > diff -r
15ff55aab051 tools/vtpm_manager/manager/vtpm_manager.c
> > ---
a/tools/vtpm_manager/manager/vtpm_manager.c Mon Mar 05 15:15:03 2007
>
> -0800
> > +++ b/tools/vtpm_manager/manager/vtpm_manager.c Thu
Apr 05 10:23:46 2007
> > -0700
> > @@ -90,22 +90,19 @@
TPM_RESULT VTPM_Create_Manager(){
> > CRYPTO_INFO
ek_cryptoInfo;
> >
> > status =
VTSP_ReadPubek(vtpm_globals->manager_tcs_handle,
> >
&ek_cryptoInfo);
> > -
> > +
> >
// If we can read PubEK then there is no owner and we should take
it.
> > // We use the abilty to read the pubEK to flag
that the TPM is owned.
> > // FIXME: Change to just
trying to take ownership and react to the
> > status
> >
if (status == TPM_SUCCESS) {
> > -
TPMTRYRETURN(VTSP_TakeOwnership(vtpm_globals->manager_tcs_handle,
>
> -
(const
> >
TPM_AUTHDATA*)&vtpm_globals->owner_usage_auth,
> > -
&SRK_AUTH,
> > -
&ek_cryptoInfo,
> > -
&vtpm_globals->keyAuth));
> >
-
> > -
> >
TPMTRYRETURN(VTSP_DisablePubekRead(vtpm_globals->manager_tcs_handle,
> > -
(const
> >
TPM_AUTHDATA*)&vtpm_globals->owner_usage_auth,
> > -
&vtpm_globals->keyAuth));
> > - } else {
> > -
vtpmloginfo(VTPM_LOG_VTPM, "Failed to readEK meaning TPM has an
> > owner. Creating Keys off existing SRK.\n");
> > +
status =
VTSP_TakeOwnership(vtpm_globals->manager_tcs_handle,
> > +
(const
> >
TPM_AUTHDATA*)&vtpm_globals->owner_usage_auth,
> > +
&SRK_AUTH,
> > +
&ek_cryptoInfo,
> > +
&vtpm_globals->keyAuth);
> > + }
> > + if
(status != TPM_SUCCESS) {
> > +
vtpmloginfo(VTPM_LOG_VTPM, "TPM has an owner. Creating Keys off
>
> existing SRK.\n");
> > }
> >
> >
// Generate storage key's auth
> > diff -r 15ff55aab051
tools/vtpm_manager/manager/vtsp.c
> > ---
a/tools/vtpm_manager/manager/vtsp.c Mon Mar 05 15:15:03 2007 -0800
>
> +++ b/tools/vtpm_manager/manager/vtsp.c Thu Apr 05 10:24:01 2007 -0700
> > @@ -596,7 +596,7 @@ TPM_RESULT VTSP_LoadKey(const
TCS_CONTEX
> > vtpmloginfo(VTPM_LOG_VTSP, "Loading Key
%s.\n", (!skipTPMLoad ? "into
> > TPM" : "only into
memory"));
> >
> > TPM_RESULT status =
TPM_SUCCESS;
> > - TPM_COMMAND_CODE command =
TPM_ORD_LoadKey;
> > + TPM_COMMAND_CODE command =
TPM_ORD_LoadKey2;
> >
> > BYTE
*paramText=NULL; // Digest to make Auth.
>
> UINT32 paramTextSize;
> > @@ -634,10 +634,9 @@
TPM_RESULT VTSP_LoadKey(const TCS_CONTEX
> >
&phKeyHMAC) );
> >
> > // Verify Auth
> > -
paramTextSize = BSG_PackList(paramText, 3,
> > +
paramTextSize = BSG_PackList(paramText, 2,
> >
BSG_TPM_RESULT, &status,
> > -
BSG_TPM_COMMAND_CODE, &command,
> > -
BSG_TPM_HANDLE, newKeyHandle);
> >
+
BSG_TPM_COMMAND_CODE, &command);
>
>
> > TPMTRYRETURN( VerifyAuth( paramText,
paramTextSize,
> >
parentAuth,
auth,
> > diff -r 15ff55aab051 tools/vtpm_manager/tcs/tcs.c
>
> --- a/tools/vtpm_manager/tcs/tcs.c Mon Mar 05
15:15:03 2007 -0800
> > +++ b/tools/vtpm_manager/tcs/tcs.c
Thu Apr 05 10:24:12 2007 -0700
> > @@ -901,7 +901,7 @@
TPM_RESULT TCSP_LoadKeyByBlob(TCS_CONTEX
> > // setup
input/output parameters block
> > TPM_TAG tag =
TPM_TAG_RQU_AUTH1_COMMAND;
> > UINT32 paramSize =
0;
> > - TPM_COMMAND_CODE ordinal = TPM_ORD_LoadKey;
>
> + TPM_COMMAND_CODE ordinal = TPM_ORD_LoadKey2;
> >
TPM_RESULT returnCode = TPM_SUCCESS;
> >
> >
// setup the TPM driver input and output buffers
> > diff -r
15ff55aab051 tools/vtpm_manager/util/tcg.h
> > ---
a/tools/vtpm_manager/util/tcg.h Mon Mar 05 15:15:03 2007 -0800
> > +++ b/tools/vtpm_manager/util/tcg.h Thu Apr 05
10:24:24 2007 -0700
> > @@ -250,6 +250,7 @@ typedef struct
pack_constbuf_t {
> > #define TPM_ORD_ReadManuMaintPub
(48UL + TPM_PROTECTED_ORDINAL)
> > #define
TPM_ORD_CertifyKey (50UL +
TPM_PROTECTED_ORDINAL)
> > #define TPM_ORD_Sign
(60UL +
TPM_PROTECTED_ORDINAL)
> > +#define TPM_ORD_LoadKey2
(65UL +
TPM_PROTECTED_ORDINAL)
> > #define TPM_ORD_GetRandom
(70UL + TPM_PROTECTED_ORDINAL)
> > #define TPM_ORD_StirRandom
(71UL + TPM_PROTECTED_ORDINAL)
> > #define
TPM_ORD_SelfTestFull (80UL +
TPM_PROTECTED_ORDINAL)
> >
> >
> >
________________________________
> >
> >
From: xense-devel-bounces@xxxxxxxxxxxxxxxxxxx
> >
[mailto:xense-devel-bounces@xxxxxxxxxxxxxxxxxxx] On Behalf Of
Maximilian
> > Loy
> > Sent:
Monday, March 26, 2007 4:40 AM
> > To:
xense-devel@xxxxxxxxxxxxxxxxxxx
> >
Subject: [Xense-devel] vtpm_managerd problem with Infineon TPM
> >
1.2
> >
> >
> > Hi
everybody,
> >
> > i am having
problems to get the vtpm_managerd (Xen 3.0.4.1) to
> > work with the
Infineon TPM 1.2 (platform is a HP nx6325).
> >
> >
I was having the BAD_ORDINAL problems like discussed
earlier on
> > this list, but i could solve them with applying the
patch from:
> >
> >
http://lists.xensource.com/archives/html/xense-devel/2006-12/msg00020.ht
> > ml
> >
> > This
resulted in TPM_AUTHFAIL like in
> >
> >
http://lists.xensource.com/archives/html/xense-devel/2006-12/msg00024.ht
> > ml
> > giving me the
following output after taking the ownership:
> >
...
> > INFO[VTSP]: Loading Key
into TPM.
> > ERROR[TCS]:
TCSP_LoadKeyByBlob Failed with return code
> > TPM_AUTHFAIL
>
> ERROR in VTSP_LoadKey at vtsp.c:634 code:
TPM_AUTHFAIL.
> > ERROR in
VTPM_Init_Manager at vtpm_manager.c:240 code:
> >
TPM_AUTHFAIL.
> > ERROR[VTPM]: Closing
vtpmd due to error during startup.
> >
> >
Maybe it has something to do with the patch, as the line 634
in
> > vtsp.c has been modified by it.
> >
> >
Any help would be very appreciated!
> >
> > Best regards, Max
> >
> >
_______________________________________________
> > Xense-devel
mailing list
> > Xense-devel@xxxxxxxxxxxxxxxxxxx
> >
http://lists.xensource.com/xense-devel
>
_______________________________________________
> Xense-devel mailing
list
> Xense-devel@xxxxxxxxxxxxxxxxxxx
>
http://lists.xensource.com/xense-devel
_______________________________________________
Xense-devel mailing list
Xense-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xense-devel
|
