* vTPM issues
@ 2015-06-24 15:16 Marcos Simó Picó
2015-06-25 8:21 ` Emil Condrea
0 siblings, 1 reply; 7+ messages in thread
From: Marcos Simó Picó @ 2015-06-24 15:16 UTC (permalink / raw)
To: xen-devel
[-- Attachment #1.1: Type: text/plain, Size: 1946 bytes --]
Hello everyone,
I would like to try the vTPM feature, but I'm having some issues. Basically, I followed the steps explained in https://mhsamsal.wordpress.com/2013/12/05/configuring-virtual-tpm-vtpm-for-xen-4-3-guest-virtual-machines/
I'm running Ubuntu 14.04 as Dom0 on a Dell optiplex-9020. I compiled Xen 4.5.0 from source. After creating vtpmmgr and vtpm stubdoms, and DomU, I can invoke tpm_version from DomU:
root@DomU:/home/xen# tpm_version
TPM 1.2 Version Info:
Chip Version: 1.2.0.7
Spec Level: 2
Errata Revision: 1
TPM Vendor ID: ETHZ
TPM Version: 01010000
Manufacturer Info: 4554485a
I can also see the PCRs status by invoking cat /sys/class/misc/tpm0/device/pcrs, however, most of the commands return an error. When I invoke takeownership I get the following error:
root@DomU:/home/xen# tpm_takeownership -y -z -l debug
Tspi_Context_Create success
Tspi_Context_Connect success
Tspi_Context_GetTpmObject success
Tspi_GetPolicyObject success
Tspi_Policy_SetSecret success
Tspi_Context_CreateObject success
Tspi_GetPolicyObject success
Tspi_Policy_SetSecret success
Tspi_TPM_TakeOwnership failed: 0x00002004 - layer=tcs, code=0004 (4), Internal software error
Tspi_Context_CloseObject success
Tspi_Context_FreeMemory success
Tspi_Context_Close success
The same error is given when invoking tpm_getpubkey. I have already tried after clearing the TPM from BIOS, after having taken ownership and with ownership no taken with the same result when using the vTPM. I have also installed Xen 4.3.4, with the same result too.
In the end, I would like to use the vTPM to generate and use RSA keys for TLS session establishing (using the API provided with GnuTLS). Since I cannot take ownership of the vTPM, the GnuTLS' tpmtool complains it doesn't find any SRK.
I really appreciate any help you can provide.
Best regards,
Marcos
[-- Attachment #1.2: Type: text/html, Size: 5567 bytes --]
[-- Attachment #2: Type: text/plain, Size: 126 bytes --]
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: vTPM issues
2015-06-24 15:16 vTPM issues Marcos Simó Picó
@ 2015-06-25 8:21 ` Emil Condrea
2015-06-25 9:10 ` Marcos Simó Picó
0 siblings, 1 reply; 7+ messages in thread
From: Emil Condrea @ 2015-06-25 8:21 UTC (permalink / raw)
To: Marcos Simó Picó; +Cc: Xu, Quan, xen-devel
[-- Attachment #1.1: Type: text/plain, Size: 2561 bytes --]
I guess you are using pv guests, I don't know exactly if Quan finished
development for hvm.
I suggest to take a look at tcsd log:
pkill tcsd
tcsd -f &
tpm_takeownership -z -y -l debug
Also can you see if /sys/devices/vtpm-0 and /dev/tpm0 are present?
On Wed, Jun 24, 2015 at 6:16 PM, Marcos Simó Picó <marcossp@kth.se> wrote:
> Hello everyone,
>
>
> I would like to try the vTPM feature, but I'm having some issues.
> Basically, I followed the steps explained in
> https://mhsamsal.wordpress.com/2013/12/05/configuring-virtual-tpm-vtpm-for-xen-4-3-guest-virtual-machines/
>
>
> I'm running Ubuntu 14.04 as Dom0 on a Dell optiplex-9020. I compiled Xen
> 4.5.0 from source. After creating vtpmmgr and vtpm stubdoms, and DomU, I
> can invoke tpm_version from DomU:
>
>
> root@DomU:/home/xen# tpm_version
> TPM 1.2 Version Info:
> Chip Version: 1.2.0.7
> Spec Level: 2
> Errata Revision: 1
> TPM Vendor ID: ETHZ
> TPM Version: 01010000
> Manufacturer Info: 4554485a
>
>
> I can also see the PCRs status by invoking cat
> /sys/class/misc/tpm0/device/pcrs, however, most of the commands return an
> error. When I invoke takeownership I get the following error:
>
>
> root@DomU:/home/xen# tpm_takeownership -y -z -l debug
> Tspi_Context_Create success
> Tspi_Context_Connect success
> Tspi_Context_GetTpmObject success
> Tspi_GetPolicyObject success
> Tspi_Policy_SetSecret success
> Tspi_Context_CreateObject success
> Tspi_GetPolicyObject success
> Tspi_Policy_SetSecret success
> Tspi_TPM_TakeOwnership failed: 0x00002004 - layer=tcs, code=0004 (4),
> Internal software error
> Tspi_Context_CloseObject success
> Tspi_Context_FreeMemory success
> Tspi_Context_Close success
>
>
> The same error is given when invoking tpm_getpubkey. I have already
> tried after clearing the TPM from BIOS, after having taken ownership and
> with ownership no taken with the same result when using the vTPM. I have
> also installed Xen 4.3.4, with the same result too.
>
>
> In the end, I would like to use the vTPM to generate and use RSA keys
> for TLS session establishing (using the API provided with GnuTLS). Since I
> cannot take ownership of the vTPM, the GnuTLS' tpmtool complains it doesn't
> find any SRK.
>
>
> I really appreciate any help you can provide.
>
>
> Best regards,
>
> Marcos
>
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@lists.xen.org
> http://lists.xen.org/xen-devel
>
>
[-- Attachment #1.2: Type: text/html, Size: 3747 bytes --]
[-- Attachment #2: Type: text/plain, Size: 126 bytes --]
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: vTPM issues
2015-06-25 8:21 ` Emil Condrea
@ 2015-06-25 9:10 ` Marcos Simó Picó
2015-06-25 9:22 ` Emil Condrea
0 siblings, 1 reply; 7+ messages in thread
From: Marcos Simó Picó @ 2015-06-25 9:10 UTC (permalink / raw)
To: Emil Condrea; +Cc: Xu, Quan, xen-devel
[-- Attachment #1.1: Type: text/plain, Size: 3191 bytes --]
Yes, I'm indeed using pv guests. After running #tcsd -f & I get:
TCSD TDDL ioctl: (25) Inappropriate ioctl for device
TCSD TDDL Falling back to Read/Write device support.
TCSD trousers 0.3.5git: TCSD up and running.
I don't know if the problem might be there. When I invoke tpm_takeownership -z -y -l debug it returns exactly the same messages I sent in my previous email.
On the other hand, /sys/devices/vtpm-0 is present, but /etc/tpm0 is not.
Thanks for your reply.
________________________________
De: Emil Condrea <emilcondrea@gmail.com>
Enviado: jueves, 25 de junio de 2015 10:21
Para: Marcos Simó Picó
Cc: xen-devel@lists.xen.org; Xu, Quan
Asunto: Re: [Xen-devel] vTPM issues
I guess you are using pv guests, I don't know exactly if Quan finished development for hvm.
I suggest to take a look at tcsd log:
pkill tcsd
tcsd -f &
tpm_takeownership -z -y -l debug
Also can you see if /sys/devices/vtpm-0 and /dev/tpm0 are present?
On Wed, Jun 24, 2015 at 6:16 PM, Marcos Simó Picó <marcossp@kth.se<mailto:marcossp@kth.se>> wrote:
Hello everyone,
I would like to try the vTPM feature, but I'm having some issues. Basically, I followed the steps explained in https://mhsamsal.wordpress.com/2013/12/05/configuring-virtual-tpm-vtpm-for-xen-4-3-guest-virtual-machines/
I'm running Ubuntu 14.04 as Dom0 on a Dell optiplex-9020. I compiled Xen 4.5.0 from source. After creating vtpmmgr and vtpm stubdoms, and DomU, I can invoke tpm_version from DomU:
root@DomU:/home/xen# tpm_version
TPM 1.2 Version Info:
Chip Version: 1.2.0.7
Spec Level: 2
Errata Revision: 1
TPM Vendor ID: ETHZ
TPM Version: 01010000
Manufacturer Info: 4554485a
I can also see the PCRs status by invoking cat /sys/class/misc/tpm0/device/pcrs, however, most of the commands return an error. When I invoke takeownership I get the following error:
root@DomU:/home/xen# tpm_takeownership -y -z -l debug
Tspi_Context_Create success
Tspi_Context_Connect success
Tspi_Context_GetTpmObject success
Tspi_GetPolicyObject success
Tspi_Policy_SetSecret success
Tspi_Context_CreateObject success
Tspi_GetPolicyObject success
Tspi_Policy_SetSecret success
Tspi_TPM_TakeOwnership failed: 0x00002004 - layer=tcs, code=0004 (4), Internal software error
Tspi_Context_CloseObject success
Tspi_Context_FreeMemory success
Tspi_Context_Close success
The same error is given when invoking tpm_getpubkey. I have already tried after clearing the TPM from BIOS, after having taken ownership and with ownership no taken with the same result when using the vTPM. I have also installed Xen 4.3.4, with the same result too.
In the end, I would like to use the vTPM to generate and use RSA keys for TLS session establishing (using the API provided with GnuTLS). Since I cannot take ownership of the vTPM, the GnuTLS' tpmtool complains it doesn't find any SRK.
I really appreciate any help you can provide.
Best regards,
Marcos
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org<mailto:Xen-devel@lists.xen.org>
http://lists.xen.org/xen-devel
[-- Attachment #1.2: Type: text/html, Size: 8074 bytes --]
[-- Attachment #2: Type: text/plain, Size: 126 bytes --]
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: vTPM issues
2015-06-25 9:10 ` Marcos Simó Picó
@ 2015-06-25 9:22 ` Emil Condrea
2015-06-25 9:34 ` Marcos Simó Picó
0 siblings, 1 reply; 7+ messages in thread
From: Emil Condrea @ 2015-06-25 9:22 UTC (permalink / raw)
To: Marcos Simó Picó; +Cc: xen-devel
[-- Attachment #1.1: Type: text/plain, Size: 3933 bytes --]
Sorry, I misspelled, I meant /dev/tpm0 not /etc/tpm0
I remember that once I had this problem when almost all trousers commands
were returning internal software error in domU.
Can you check what are the timeout values?
cat /sys/devices/vtpm-0/timeouts
I remember that there was a bug in ubuntu 14.04 regarding tpm driver.
You could try 14.04.2. I am using Ubuntu 15.04 as domU guest and tpm comands
run succesfully.
On Thu, Jun 25, 2015 at 12:10 PM, Marcos Simó Picó <marcossp@kth.se> wrote:
> Yes, I'm indeed using pv guests. After running #tcsd -f & I get:
>
> TCSD TDDL ioctl: (25) Inappropriate ioctl for device
> TCSD TDDL Falling back to Read/Write device support.
> TCSD trousers 0.3.5git: TCSD up and running.
>
>
> I don't know if the problem might be there. When I invoke
> tpm_takeownership -z -y -l debug it returns exactly the same messages I
> sent in my previous email.
>
>
> On the other hand, /sys/devices/vtpm-0 is present, but /etc/tpm0 is not.
>
>
> Thanks for your reply.
>
>
> ------------------------------
> *De:* Emil Condrea <emilcondrea@gmail.com>
> *Enviado:* jueves, 25 de junio de 2015 10:21
> *Para:* Marcos Simó Picó
> *Cc:* xen-devel@lists.xen.org; Xu, Quan
> *Asunto:* Re: [Xen-devel] vTPM issues
>
> I guess you are using pv guests, I don't know exactly if Quan finished
> development for hvm.
> I suggest to take a look at tcsd log:
> pkill tcsd
> tcsd -f &
> tpm_takeownership -z -y -l debug
> Also can you see if /sys/devices/vtpm-0 and /dev/tpm0 are present?
>
> On Wed, Jun 24, 2015 at 6:16 PM, Marcos Simó Picó <marcossp@kth.se> wrote:
>
>> Hello everyone,
>>
>>
>> I would like to try the vTPM feature, but I'm having some issues.
>> Basically, I followed the steps explained in
>> https://mhsamsal.wordpress.com/2013/12/05/configuring-virtual-tpm-vtpm-for-xen-4-3-guest-virtual-machines/
>>
>>
>> I'm running Ubuntu 14.04 as Dom0 on a Dell optiplex-9020. I compiled
>> Xen 4.5.0 from source. After creating vtpmmgr and vtpm stubdoms, and DomU,
>> I can invoke tpm_version from DomU:
>>
>>
>> root@DomU:/home/xen# tpm_version
>> TPM 1.2 Version Info:
>> Chip Version: 1.2.0.7
>> Spec Level: 2
>> Errata Revision: 1
>> TPM Vendor ID: ETHZ
>> TPM Version: 01010000
>> Manufacturer Info: 4554485a
>>
>>
>> I can also see the PCRs status by invoking cat
>> /sys/class/misc/tpm0/device/pcrs, however, most of the commands return an
>> error. When I invoke takeownership I get the following error:
>>
>>
>> root@DomU:/home/xen# tpm_takeownership -y -z -l debug
>> Tspi_Context_Create success
>> Tspi_Context_Connect success
>> Tspi_Context_GetTpmObject success
>> Tspi_GetPolicyObject success
>> Tspi_Policy_SetSecret success
>> Tspi_Context_CreateObject success
>> Tspi_GetPolicyObject success
>> Tspi_Policy_SetSecret success
>> Tspi_TPM_TakeOwnership failed: 0x00002004 - layer=tcs, code=0004 (4),
>> Internal software error
>> Tspi_Context_CloseObject success
>> Tspi_Context_FreeMemory success
>> Tspi_Context_Close success
>>
>>
>> The same error is given when invoking tpm_getpubkey. I have already
>> tried after clearing the TPM from BIOS, after having taken ownership and
>> with ownership no taken with the same result when using the vTPM. I have
>> also installed Xen 4.3.4, with the same result too.
>>
>>
>> In the end, I would like to use the vTPM to generate and use RSA keys
>> for TLS session establishing (using the API provided with GnuTLS). Since I
>> cannot take ownership of the vTPM, the GnuTLS' tpmtool complains it doesn't
>> find any SRK.
>>
>>
>> I really appreciate any help you can provide.
>>
>>
>> Best regards,
>>
>> Marcos
>>
>> _______________________________________________
>> Xen-devel mailing list
>> Xen-devel@lists.xen.org
>> http://lists.xen.org/xen-devel
>>
>>
>
[-- Attachment #1.2: Type: text/html, Size: 6024 bytes --]
[-- Attachment #2: Type: text/plain, Size: 126 bytes --]
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: vTPM issues
2015-06-25 9:22 ` Emil Condrea
@ 2015-06-25 9:34 ` Marcos Simó Picó
2015-06-25 9:52 ` Emil Condrea
0 siblings, 1 reply; 7+ messages in thread
From: Marcos Simó Picó @ 2015-06-25 9:34 UTC (permalink / raw)
To: Emil Condrea; +Cc: xen-devel
[-- Attachment #1.1: Type: text/plain, Size: 4229 bytes --]
Okay, /etc/tpm0 is present.
The timeout values are:
752000 2000000 752000 752000 [adjusted]
I have no problem actually upgrading to Ubuntu 15.04 if that might solve the problem.
Thanks a lot for your reply again.
________________________________
De: Emil Condrea <emilcondrea@gmail.com>
Enviado: jueves, 25 de junio de 2015 11:22
Para: Marcos Simó Picó
Cc: xen-devel@lists.xen.org
Asunto: Re: [Xen-devel] vTPM issues
Sorry, I misspelled, I meant /dev/tpm0 not /etc/tpm0
I remember that once I had this problem when almost all trousers commands
were returning internal software error in domU.
Can you check what are the timeout values?
cat /sys/devices/vtpm-0/timeouts
I remember that there was a bug in ubuntu 14.04 regarding tpm driver.
You could try 14.04.2. I am using Ubuntu 15.04 as domU guest and tpm comands
run succesfully.
On Thu, Jun 25, 2015 at 12:10 PM, Marcos Simó Picó <marcossp@kth.se<mailto:marcossp@kth.se>> wrote:
Yes, I'm indeed using pv guests. After running #tcsd -f & I get:
TCSD TDDL ioctl: (25) Inappropriate ioctl for device
TCSD TDDL Falling back to Read/Write device support.
TCSD trousers 0.3.5git: TCSD up and running.
I don't know if the problem might be there. When I invoke tpm_takeownership -z -y -l debug it returns exactly the same messages I sent in my previous email.
On the other hand, /sys/devices/vtpm-0 is present, but /etc/tpm0 is not.
Thanks for your reply.
________________________________
De: Emil Condrea <emilcondrea@gmail.com<mailto:emilcondrea@gmail.com>>
Enviado: jueves, 25 de junio de 2015 10:21
Para: Marcos Simó Picó
Cc: xen-devel@lists.xen.org<mailto:xen-devel@lists.xen.org>; Xu, Quan
Asunto: Re: [Xen-devel] vTPM issues
I guess you are using pv guests, I don't know exactly if Quan finished development for hvm.
I suggest to take a look at tcsd log:
pkill tcsd
tcsd -f &
tpm_takeownership -z -y -l debug
Also can you see if /sys/devices/vtpm-0 and /dev/tpm0 are present?
On Wed, Jun 24, 2015 at 6:16 PM, Marcos Simó Picó <marcossp@kth.se<mailto:marcossp@kth.se>> wrote:
Hello everyone,
I would like to try the vTPM feature, but I'm having some issues. Basically, I followed the steps explained in https://mhsamsal.wordpress.com/2013/12/05/configuring-virtual-tpm-vtpm-for-xen-4-3-guest-virtual-machines/
I'm running Ubuntu 14.04 as Dom0 on a Dell optiplex-9020. I compiled Xen 4.5.0 from source. After creating vtpmmgr and vtpm stubdoms, and DomU, I can invoke tpm_version from DomU:
root@DomU:/home/xen# tpm_version
TPM 1.2 Version Info:
Chip Version: 1.2.0.7
Spec Level: 2
Errata Revision: 1
TPM Vendor ID: ETHZ
TPM Version: 01010000
Manufacturer Info: 4554485a
I can also see the PCRs status by invoking cat /sys/class/misc/tpm0/device/pcrs, however, most of the commands return an error. When I invoke takeownership I get the following error:
root@DomU:/home/xen# tpm_takeownership -y -z -l debug
Tspi_Context_Create success
Tspi_Context_Connect success
Tspi_Context_GetTpmObject success
Tspi_GetPolicyObject success
Tspi_Policy_SetSecret success
Tspi_Context_CreateObject success
Tspi_GetPolicyObject success
Tspi_Policy_SetSecret success
Tspi_TPM_TakeOwnership failed: 0x00002004 - layer=tcs, code=0004 (4), Internal software error
Tspi_Context_CloseObject success
Tspi_Context_FreeMemory success
Tspi_Context_Close success
The same error is given when invoking tpm_getpubkey. I have already tried after clearing the TPM from BIOS, after having taken ownership and with ownership no taken with the same result when using the vTPM. I have also installed Xen 4.3.4, with the same result too.
In the end, I would like to use the vTPM to generate and use RSA keys for TLS session establishing (using the API provided with GnuTLS). Since I cannot take ownership of the vTPM, the GnuTLS' tpmtool complains it doesn't find any SRK.
I really appreciate any help you can provide.
Best regards,
Marcos
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org<mailto:Xen-devel@lists.xen.org>
http://lists.xen.org/xen-devel
[-- Attachment #1.2: Type: text/html, Size: 10044 bytes --]
[-- Attachment #2: Type: text/plain, Size: 126 bytes --]
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: vTPM issues
2015-06-25 9:34 ` Marcos Simó Picó
@ 2015-06-25 9:52 ` Emil Condrea
2015-06-25 19:18 ` Marcos Simó Picó
0 siblings, 1 reply; 7+ messages in thread
From: Emil Condrea @ 2015-06-25 9:52 UTC (permalink / raw)
To: Marcos Simó Picó; +Cc: xen-devel
[-- Attachment #1.1: Type: text/plain, Size: 4716 bytes --]
Timeouts have the standard values.
Good luck with installing 15.04.
On Thu, Jun 25, 2015 at 12:34 PM, Marcos Simó Picó <marcossp@kth.se> wrote:
> Okay, /etc/tpm0 is present.
>
> The timeout values are:
>
> 752000 2000000 752000 752000 [adjusted]
>
>
> I have no problem actually upgrading to Ubuntu 15.04 if that might solve
> the problem.
>
>
> Thanks a lot for your reply again.
> ------------------------------
> *De:* Emil Condrea <emilcondrea@gmail.com>
> *Enviado:* jueves, 25 de junio de 2015 11:22
> *Para:* Marcos Simó Picó
> *Cc:* xen-devel@lists.xen.org
> *Asunto:* Re: [Xen-devel] vTPM issues
>
> Sorry, I misspelled, I meant /dev/tpm0 not /etc/tpm0
> I remember that once I had this problem when almost all trousers commands
> were returning internal software error in domU.
> Can you check what are the timeout values?
> cat /sys/devices/vtpm-0/timeouts
>
> I remember that there was a bug in ubuntu 14.04 regarding tpm driver.
> You could try 14.04.2. I am using Ubuntu 15.04 as domU guest and tpm
> comands
> run succesfully.
>
> On Thu, Jun 25, 2015 at 12:10 PM, Marcos Simó Picó <marcossp@kth.se>
> wrote:
>
>> Yes, I'm indeed using pv guests. After running #tcsd -f & I get:
>>
>> TCSD TDDL ioctl: (25) Inappropriate ioctl for device
>> TCSD TDDL Falling back to Read/Write device support.
>> TCSD trousers 0.3.5git: TCSD up and running.
>>
>>
>> I don't know if the problem might be there. When I invoke
>> tpm_takeownership -z -y -l debug it returns exactly the same messages I
>> sent in my previous email.
>>
>>
>> On the other hand, /sys/devices/vtpm-0 is present, but /etc/tpm0 is not.
>>
>>
>> Thanks for your reply.
>>
>>
>> ------------------------------
>> *De:* Emil Condrea <emilcondrea@gmail.com>
>> *Enviado:* jueves, 25 de junio de 2015 10:21
>> *Para:* Marcos Simó Picó
>> *Cc:* xen-devel@lists.xen.org; Xu, Quan
>> *Asunto:* Re: [Xen-devel] vTPM issues
>>
>> I guess you are using pv guests, I don't know exactly if Quan finished
>> development for hvm.
>> I suggest to take a look at tcsd log:
>> pkill tcsd
>> tcsd -f &
>> tpm_takeownership -z -y -l debug
>> Also can you see if /sys/devices/vtpm-0 and /dev/tpm0 are present?
>>
>> On Wed, Jun 24, 2015 at 6:16 PM, Marcos Simó Picó <marcossp@kth.se>
>> wrote:
>>
>>> Hello everyone,
>>>
>>>
>>> I would like to try the vTPM feature, but I'm having some issues.
>>> Basically, I followed the steps explained in
>>> https://mhsamsal.wordpress.com/2013/12/05/configuring-virtual-tpm-vtpm-for-xen-4-3-guest-virtual-machines/
>>>
>>>
>>> I'm running Ubuntu 14.04 as Dom0 on a Dell optiplex-9020. I compiled
>>> Xen 4.5.0 from source. After creating vtpmmgr and vtpm stubdoms, and DomU,
>>> I can invoke tpm_version from DomU:
>>>
>>>
>>> root@DomU:/home/xen# tpm_version
>>> TPM 1.2 Version Info:
>>> Chip Version: 1.2.0.7
>>> Spec Level: 2
>>> Errata Revision: 1
>>> TPM Vendor ID: ETHZ
>>> TPM Version: 01010000
>>> Manufacturer Info: 4554485a
>>>
>>>
>>> I can also see the PCRs status by invoking cat
>>> /sys/class/misc/tpm0/device/pcrs, however, most of the commands return an
>>> error. When I invoke takeownership I get the following error:
>>>
>>>
>>> root@DomU:/home/xen# tpm_takeownership -y -z -l debug
>>> Tspi_Context_Create success
>>> Tspi_Context_Connect success
>>> Tspi_Context_GetTpmObject success
>>> Tspi_GetPolicyObject success
>>> Tspi_Policy_SetSecret success
>>> Tspi_Context_CreateObject success
>>> Tspi_GetPolicyObject success
>>> Tspi_Policy_SetSecret success
>>> Tspi_TPM_TakeOwnership failed: 0x00002004 - layer=tcs, code=0004 (4),
>>> Internal software error
>>> Tspi_Context_CloseObject success
>>> Tspi_Context_FreeMemory success
>>> Tspi_Context_Close success
>>>
>>>
>>> The same error is given when invoking tpm_getpubkey. I have already
>>> tried after clearing the TPM from BIOS, after having taken ownership and
>>> with ownership no taken with the same result when using the vTPM. I have
>>> also installed Xen 4.3.4, with the same result too.
>>>
>>>
>>> In the end, I would like to use the vTPM to generate and use RSA keys
>>> for TLS session establishing (using the API provided with GnuTLS). Since I
>>> cannot take ownership of the vTPM, the GnuTLS' tpmtool complains it doesn't
>>> find any SRK.
>>>
>>>
>>> I really appreciate any help you can provide.
>>>
>>>
>>> Best regards,
>>>
>>> Marcos
>>>
>>> _______________________________________________
>>> Xen-devel mailing list
>>> Xen-devel@lists.xen.org
>>> http://lists.xen.org/xen-devel
>>>
>>>
>>
>
[-- Attachment #1.2: Type: text/html, Size: 7594 bytes --]
[-- Attachment #2: Type: text/plain, Size: 126 bytes --]
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: vTPM issues
2015-06-25 9:52 ` Emil Condrea
@ 2015-06-25 19:18 ` Marcos Simó Picó
0 siblings, 0 replies; 7+ messages in thread
From: Marcos Simó Picó @ 2015-06-25 19:18 UTC (permalink / raw)
To: Emil Condrea; +Cc: xen-devel
[-- Attachment #1.1: Type: text/plain, Size: 4658 bytes --]
It worked straight away on Ubuntu 15.04.
Thanks a lot for your advice.
On 25 Jun 2015, at 11:52, Emil Condrea <emilcondrea@gmail.com<mailto:emilcondrea@gmail.com>> wrote:
Timeouts have the standard values.
Good luck with installing 15.04.
On Thu, Jun 25, 2015 at 12:34 PM, Marcos Simó Picó <marcossp@kth.se<mailto:marcossp@kth.se>> wrote:
Okay, /etc/tpm0 is present.
The timeout values are:
752000 2000000 752000 752000 [adjusted]
I have no problem actually upgrading to Ubuntu 15.04 if that might solve the problem.
Thanks a lot for your reply again.
________________________________
De: Emil Condrea <emilcondrea@gmail.com<mailto:emilcondrea@gmail.com>>
Enviado: jueves, 25 de junio de 2015 11:22
Para: Marcos Simó Picó
Cc: xen-devel@lists.xen.org<mailto:xen-devel@lists.xen.org>
Asunto: Re: [Xen-devel] vTPM issues
Sorry, I misspelled, I meant /dev/tpm0 not /etc/tpm0
I remember that once I had this problem when almost all trousers commands
were returning internal software error in domU.
Can you check what are the timeout values?
cat /sys/devices/vtpm-0/timeouts
I remember that there was a bug in ubuntu 14.04 regarding tpm driver.
You could try 14.04.2. I am using Ubuntu 15.04 as domU guest and tpm comands
run succesfully.
On Thu, Jun 25, 2015 at 12:10 PM, Marcos Simó Picó <marcossp@kth.se<mailto:marcossp@kth.se>> wrote:
Yes, I'm indeed using pv guests. After running #tcsd -f & I get:
TCSD TDDL ioctl: (25) Inappropriate ioctl for device
TCSD TDDL Falling back to Read/Write device support.
TCSD trousers 0.3.5git: TCSD up and running.
I don't know if the problem might be there. When I invoke tpm_takeownership -z -y -l debug it returns exactly the same messages I sent in my previous email.
On the other hand, /sys/devices/vtpm-0 is present, but /etc/tpm0 is not.
Thanks for your reply.
________________________________
De: Emil Condrea <emilcondrea@gmail.com<mailto:emilcondrea@gmail.com>>
Enviado: jueves, 25 de junio de 2015 10:21
Para: Marcos Simó Picó
Cc: xen-devel@lists.xen.org<mailto:xen-devel@lists.xen.org>; Xu, Quan
Asunto: Re: [Xen-devel] vTPM issues
I guess you are using pv guests, I don't know exactly if Quan finished development for hvm.
I suggest to take a look at tcsd log:
pkill tcsd
tcsd -f &
tpm_takeownership -z -y -l debug
Also can you see if /sys/devices/vtpm-0 and /dev/tpm0 are present?
On Wed, Jun 24, 2015 at 6:16 PM, Marcos Simó Picó <marcossp@kth.se<mailto:marcossp@kth.se>> wrote:
Hello everyone,
I would like to try the vTPM feature, but I'm having some issues. Basically, I followed the steps explained in https://mhsamsal.wordpress.com/2013/12/05/configuring-virtual-tpm-vtpm-for-xen-4-3-guest-virtual-machines/
I'm running Ubuntu 14.04 as Dom0 on a Dell optiplex-9020. I compiled Xen 4.5.0 from source. After creating vtpmmgr and vtpm stubdoms, and DomU, I can invoke tpm_version from DomU:
root@DomU:/home/xen# tpm_version
TPM 1.2 Version Info:
Chip Version: 1.2.0.7
Spec Level: 2
Errata Revision: 1
TPM Vendor ID: ETHZ
TPM Version: 01010000
Manufacturer Info: 4554485a
I can also see the PCRs status by invoking cat /sys/class/misc/tpm0/device/pcrs, however, most of the commands return an error. When I invoke takeownership I get the following error:
root@DomU:/home/xen# tpm_takeownership -y -z -l debug
Tspi_Context_Create success
Tspi_Context_Connect success
Tspi_Context_GetTpmObject success
Tspi_GetPolicyObject success
Tspi_Policy_SetSecret success
Tspi_Context_CreateObject success
Tspi_GetPolicyObject success
Tspi_Policy_SetSecret success
Tspi_TPM_TakeOwnership failed: 0x00002004 - layer=tcs, code=0004 (4), Internal software error
Tspi_Context_CloseObject success
Tspi_Context_FreeMemory success
Tspi_Context_Close success
The same error is given when invoking tpm_getpubkey. I have already tried after clearing the TPM from BIOS, after having taken ownership and with ownership no taken with the same result when using the vTPM. I have also installed Xen 4.3.4, with the same result too.
In the end, I would like to use the vTPM to generate and use RSA keys for TLS session establishing (using the API provided with GnuTLS). Since I cannot take ownership of the vTPM, the GnuTLS' tpmtool complains it doesn't find any SRK.
I really appreciate any help you can provide.
Best regards,
Marcos
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org<mailto:Xen-devel@lists.xen.org>
http://lists.xen.org/xen-devel
[-- Attachment #1.2: Type: text/html, Size: 9905 bytes --]
[-- Attachment #2: Type: text/plain, Size: 126 bytes --]
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2015-06-25 19:18 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2015-06-24 15:16 vTPM issues Marcos Simó Picó
2015-06-25 8:21 ` Emil Condrea
2015-06-25 9:10 ` Marcos Simó Picó
2015-06-25 9:22 ` Emil Condrea
2015-06-25 9:34 ` Marcos Simó Picó
2015-06-25 9:52 ` Emil Condrea
2015-06-25 19:18 ` Marcos Simó Picó
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.