vTPM issues

vTPM issues

[Marcos Simó Picó]

[-- Attachment #1.1: Type: text/plain, Size: 1946 bytes --]

Hello everyone,


I would like to try the vTPM feature, but I'm having some issues. Basically, I followed the steps explained in https://mhsamsal.wordpress.com/2013/12/05/configuring-virtual-tpm-vtpm-for-xen-4-3-guest-virtual-machines/


I'm running Ubuntu 14.04 as Dom0 on a Dell optiplex-9020. I compiled Xen 4.5.0 from source. After creating vtpmmgr and vtpm stubdoms, and DomU, I can invoke tpm_version from DomU:


root@DomU:/home/xen# tpm_version
  TPM 1.2 Version Info:
  Chip Version:        1.2.0.7
  Spec Level:          2
  Errata Revision:     1
  TPM Vendor ID:       ETHZ
  TPM Version:         01010000
  Manufacturer Info:   4554485a


I can also see the PCRs status by invoking cat /sys/class/misc/tpm0/device/pcrs, however, most of the commands return an error. When I invoke takeownership I get the following error:


root@DomU:/home/xen# tpm_takeownership -y -z -l debug
Tspi_Context_Create success
Tspi_Context_Connect success
Tspi_Context_GetTpmObject success
Tspi_GetPolicyObject success
Tspi_Policy_SetSecret success
Tspi_Context_CreateObject success
Tspi_GetPolicyObject success
Tspi_Policy_SetSecret success
Tspi_TPM_TakeOwnership failed: 0x00002004 - layer=tcs, code=0004 (4), Internal software error
Tspi_Context_CloseObject success
Tspi_Context_FreeMemory success
Tspi_Context_Close success


The same error is given when invoking tpm_getpubkey. I have already tried after clearing the TPM from BIOS, after having taken ownership and with ownership no taken with the same result when using the vTPM. I have also installed Xen 4.3.4, with the same result too.


In the end, I would like to use the vTPM to generate and use RSA keys for TLS session establishing (using the API provided with GnuTLS). Since I cannot take ownership of the vTPM, the GnuTLS' tpmtool complains it doesn't find any SRK.


I really appreciate any help you can provide.


Best regards,

Marcos

[-- Attachment #1.2: Type: text/html, Size: 5567 bytes --]

[-- Attachment #2: Type: text/plain, Size: 126 bytes --]

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel

Re: vTPM issues

[Emil Condrea]

[-- Attachment #1.1: Type: text/plain, Size: 2561 bytes --]

I guess you are using pv guests, I don't know exactly if Quan finished
development for hvm.
I suggest to take a look at tcsd log:
pkill tcsd
tcsd -f &
tpm_takeownership -z -y -l debug
Also can you see if /sys/devices/vtpm-0 and /dev/tpm0 are present?

On Wed, Jun 24, 2015 at 6:16 PM, Marcos Simó Picó <marcossp@kth.se> wrote:

>  Hello everyone,
>
>
>  I would like to try the vTPM feature, but I'm having some issues.
> Basically, I followed the steps explained in
> https://mhsamsal.wordpress.com/2013/12/05/configuring-virtual-tpm-vtpm-for-xen-4-3-guest-virtual-machines/
>
>
>  I'm running Ubuntu 14.04 as Dom0 on a Dell optiplex-9020. I compiled Xen
> 4.5.0 from source. After creating vtpmmgr and vtpm stubdoms, and DomU, I
> can invoke tpm_version from DomU:
>
>
>  root@DomU:/home/xen# tpm_version
>   TPM 1.2 Version Info:
>   Chip Version:        1.2.0.7
>   Spec Level:          2
>   Errata Revision:     1
>   TPM Vendor ID:       ETHZ
>   TPM Version:         01010000
>   Manufacturer Info:   4554485a
>
>
>  I can also see the PCRs status by invoking cat
> /sys/class/misc/tpm0/device/pcrs, however, most of the commands return an
> error. When I invoke takeownership I get the following error:
>
>
>  root@DomU:/home/xen# tpm_takeownership -y -z -l debug
> Tspi_Context_Create success
> Tspi_Context_Connect success
> Tspi_Context_GetTpmObject success
> Tspi_GetPolicyObject success
> Tspi_Policy_SetSecret success
> Tspi_Context_CreateObject success
> Tspi_GetPolicyObject success
> Tspi_Policy_SetSecret success
> Tspi_TPM_TakeOwnership failed: 0x00002004 - layer=tcs, code=0004 (4),
> Internal software error
> Tspi_Context_CloseObject success
> Tspi_Context_FreeMemory success
> Tspi_Context_Close success
>
>
>  The same error is given when invoking tpm_getpubkey. I have already
> tried after clearing the TPM from BIOS, after having taken ownership and
> with ownership no taken with the same result when using the vTPM. I have
> also installed Xen 4.3.4, with the same result too.
>
>
>  In the end, I would like to use the vTPM to generate and use RSA keys
> for TLS session establishing (using the API provided with GnuTLS). Since I
> cannot take ownership of the vTPM, the GnuTLS' tpmtool complains it doesn't
> find any SRK.
>
>
>  I really appreciate any help you can provide.
>
>
>  Best regards,
>
> Marcos
>
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@lists.xen.org
> http://lists.xen.org/xen-devel
>
>

[-- Attachment #1.2: Type: text/html, Size: 3747 bytes --]

[-- Attachment #2: Type: text/plain, Size: 126 bytes --]

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel

Re: vTPM issues

[Marcos Simó Picó]

[-- Attachment #1.1: Type: text/plain, Size: 3191 bytes --]

Yes, I'm indeed using pv guests. After running #tcsd -f & I get:

TCSD TDDL ioctl: (25) Inappropriate ioctl for device
TCSD TDDL Falling back to Read/Write device support.
TCSD trousers 0.3.5git: TCSD up and running.


I don't know if the problem might be there. When I invoke tpm_takeownership -z -y -l debug it returns exactly the same messages I sent in my previous email.


On the other hand, /sys/devices/vtpm-0 is present, but /etc/tpm0 is not.


Thanks for your reply.


________________________________
De: Emil Condrea <emilcondrea@gmail.com>
Enviado: jueves, 25 de junio de 2015 10:21
Para: Marcos Simó Picó
Cc: xen-devel@lists.xen.org; Xu, Quan
Asunto: Re: [Xen-devel] vTPM issues

I guess you are using pv guests, I don't know exactly if Quan finished development for hvm.
I suggest to take a look at tcsd log:
pkill tcsd
tcsd -f &
tpm_takeownership -z -y -l debug
Also can you see if /sys/devices/vtpm-0 and /dev/tpm0 are present?

On Wed, Jun 24, 2015 at 6:16 PM, Marcos Simó Picó <marcossp@kth.se<mailto:marcossp@kth.se>> wrote:

Hello everyone,


I would like to try the vTPM feature, but I'm having some issues. Basically, I followed the steps explained in https://mhsamsal.wordpress.com/2013/12/05/configuring-virtual-tpm-vtpm-for-xen-4-3-guest-virtual-machines/


I'm running Ubuntu 14.04 as Dom0 on a Dell optiplex-9020. I compiled Xen 4.5.0 from source. After creating vtpmmgr and vtpm stubdoms, and DomU, I can invoke tpm_version from DomU:


root@DomU:/home/xen# tpm_version
  TPM 1.2 Version Info:
  Chip Version:        1.2.0.7
  Spec Level:          2
  Errata Revision:     1
  TPM Vendor ID:       ETHZ
  TPM Version:         01010000
  Manufacturer Info:   4554485a


I can also see the PCRs status by invoking cat /sys/class/misc/tpm0/device/pcrs, however, most of the commands return an error. When I invoke takeownership I get the following error:


root@DomU:/home/xen# tpm_takeownership -y -z -l debug
Tspi_Context_Create success
Tspi_Context_Connect success
Tspi_Context_GetTpmObject success
Tspi_GetPolicyObject success
Tspi_Policy_SetSecret success
Tspi_Context_CreateObject success
Tspi_GetPolicyObject success
Tspi_Policy_SetSecret success
Tspi_TPM_TakeOwnership failed: 0x00002004 - layer=tcs, code=0004 (4), Internal software error
Tspi_Context_CloseObject success
Tspi_Context_FreeMemory success
Tspi_Context_Close success


The same error is given when invoking tpm_getpubkey. I have already tried after clearing the TPM from BIOS, after having taken ownership and with ownership no taken with the same result when using the vTPM. I have also installed Xen 4.3.4, with the same result too.


In the end, I would like to use the vTPM to generate and use RSA keys for TLS session establishing (using the API provided with GnuTLS). Since I cannot take ownership of the vTPM, the GnuTLS' tpmtool complains it doesn't find any SRK.


I really appreciate any help you can provide.


Best regards,

Marcos

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org<mailto:Xen-devel@lists.xen.org>
http://lists.xen.org/xen-devel



[-- Attachment #1.2: Type: text/html, Size: 8074 bytes --]

[-- Attachment #2: Type: text/plain, Size: 126 bytes --]

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel

Re: vTPM issues

[Emil Condrea]

[-- Attachment #1.1: Type: text/plain, Size: 3933 bytes --]

Sorry, I misspelled, I meant /dev/tpm0 not /etc/tpm0
I remember that once I had this problem when almost all trousers commands
were returning internal software error in domU.
Can you check what are the timeout values?
cat /sys/devices/vtpm-0/timeouts

I remember that there was a bug in ubuntu 14.04 regarding tpm driver.
You could try 14.04.2. I am using Ubuntu 15.04 as domU guest and tpm comands
run succesfully.

On Thu, Jun 25, 2015 at 12:10 PM, Marcos Simó Picó <marcossp@kth.se> wrote:

>  Yes, I'm indeed using pv guests. After running #tcsd -f & I get:
>
> TCSD TDDL ioctl: (25) Inappropriate ioctl for device
> TCSD TDDL Falling back to Read/Write device support.
> TCSD trousers 0.3.5git: TCSD up and running.
>
>
>  I don't know if the problem might be there. When I invoke
> tpm_takeownership -z -y -l debug it returns exactly the same messages I
> sent in my previous email.
>
>
>  On the other hand, /sys/devices/vtpm-0 is present, but /etc/tpm0 is not.
>
>
>  Thanks for your reply.
>
>
>  ------------------------------
> *De:* Emil Condrea <emilcondrea@gmail.com>
> *Enviado:* jueves, 25 de junio de 2015 10:21
> *Para:* Marcos Simó Picó
> *Cc:* xen-devel@lists.xen.org; Xu, Quan
> *Asunto:* Re: [Xen-devel] vTPM issues
>
>  I guess you are using pv guests, I don't know exactly if Quan finished
> development for hvm.
> I suggest to take a look at tcsd log:
> pkill tcsd
> tcsd -f &
> tpm_takeownership -z -y -l debug
> Also can you see if /sys/devices/vtpm-0 and /dev/tpm0 are present?
>
> On Wed, Jun 24, 2015 at 6:16 PM, Marcos Simó Picó <marcossp@kth.se> wrote:
>
>>  Hello everyone,
>>
>>
>>  I would like to try the vTPM feature, but I'm having some issues.
>> Basically, I followed the steps explained in
>> https://mhsamsal.wordpress.com/2013/12/05/configuring-virtual-tpm-vtpm-for-xen-4-3-guest-virtual-machines/
>>
>>
>>  I'm running Ubuntu 14.04 as Dom0 on a Dell optiplex-9020. I compiled
>> Xen 4.5.0 from source. After creating vtpmmgr and vtpm stubdoms, and DomU,
>> I can invoke tpm_version from DomU:
>>
>>
>>  root@DomU:/home/xen# tpm_version
>>   TPM 1.2 Version Info:
>>   Chip Version:        1.2.0.7
>>   Spec Level:          2
>>   Errata Revision:     1
>>   TPM Vendor ID:       ETHZ
>>   TPM Version:         01010000
>>   Manufacturer Info:   4554485a
>>
>>
>>  I can also see the PCRs status by invoking cat
>> /sys/class/misc/tpm0/device/pcrs, however, most of the commands return an
>> error. When I invoke takeownership I get the following error:
>>
>>
>>  root@DomU:/home/xen# tpm_takeownership -y -z -l debug
>> Tspi_Context_Create success
>> Tspi_Context_Connect success
>> Tspi_Context_GetTpmObject success
>> Tspi_GetPolicyObject success
>> Tspi_Policy_SetSecret success
>> Tspi_Context_CreateObject success
>> Tspi_GetPolicyObject success
>> Tspi_Policy_SetSecret success
>> Tspi_TPM_TakeOwnership failed: 0x00002004 - layer=tcs, code=0004 (4),
>> Internal software error
>> Tspi_Context_CloseObject success
>> Tspi_Context_FreeMemory success
>> Tspi_Context_Close success
>>
>>
>>  The same error is given when invoking tpm_getpubkey. I have already
>> tried after clearing the TPM from BIOS, after having taken ownership and
>> with ownership no taken with the same result when using the vTPM. I have
>> also installed Xen 4.3.4, with the same result too.
>>
>>
>>  In the end, I would like to use the vTPM to generate and use RSA keys
>> for TLS session establishing (using the API provided with GnuTLS). Since I
>> cannot take ownership of the vTPM, the GnuTLS' tpmtool complains it doesn't
>> find any SRK.
>>
>>
>>  I really appreciate any help you can provide.
>>
>>
>>  Best regards,
>>
>> Marcos
>>
>> _______________________________________________
>> Xen-devel mailing list
>> Xen-devel@lists.xen.org
>> http://lists.xen.org/xen-devel
>>
>>
>

[-- Attachment #1.2: Type: text/html, Size: 6024 bytes --]

[-- Attachment #2: Type: text/plain, Size: 126 bytes --]

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel

Re: vTPM issues

[Marcos Simó Picó]

[-- Attachment #1.1: Type: text/plain, Size: 4229 bytes --]

Okay, /etc/tpm0 is present.

The timeout values are:

752000 2000000 752000 752000 [adjusted]


I have no problem actually upgrading to Ubuntu 15.04 if that might solve the problem.


Thanks a lot for your reply again.

________________________________
De: Emil Condrea <emilcondrea@gmail.com>
Enviado: jueves, 25 de junio de 2015 11:22
Para: Marcos Simó Picó
Cc: xen-devel@lists.xen.org
Asunto: Re: [Xen-devel] vTPM issues

Sorry, I misspelled, I meant /dev/tpm0 not /etc/tpm0
I remember that once I had this problem when almost all trousers commands
were returning internal software error in domU.
Can you check what are the timeout values?
cat /sys/devices/vtpm-0/timeouts

I remember that there was a bug in ubuntu 14.04 regarding tpm driver.
You could try 14.04.2. I am using Ubuntu 15.04 as domU guest and tpm comands
run succesfully.

On Thu, Jun 25, 2015 at 12:10 PM, Marcos Simó Picó <marcossp@kth.se<mailto:marcossp@kth.se>> wrote:

Yes, I'm indeed using pv guests. After running #tcsd -f & I get:

TCSD TDDL ioctl: (25) Inappropriate ioctl for device
TCSD TDDL Falling back to Read/Write device support.
TCSD trousers 0.3.5git: TCSD up and running.


I don't know if the problem might be there. When I invoke tpm_takeownership -z -y -l debug it returns exactly the same messages I sent in my previous email.


On the other hand, /sys/devices/vtpm-0 is present, but /etc/tpm0 is not.


Thanks for your reply.


________________________________
De: Emil Condrea <emilcondrea@gmail.com<mailto:emilcondrea@gmail.com>>
Enviado: jueves, 25 de junio de 2015 10:21
Para: Marcos Simó Picó
Cc: xen-devel@lists.xen.org<mailto:xen-devel@lists.xen.org>; Xu, Quan
Asunto: Re: [Xen-devel] vTPM issues

I guess you are using pv guests, I don't know exactly if Quan finished development for hvm.
I suggest to take a look at tcsd log:
pkill tcsd
tcsd -f &
tpm_takeownership -z -y -l debug
Also can you see if /sys/devices/vtpm-0 and /dev/tpm0 are present?

On Wed, Jun 24, 2015 at 6:16 PM, Marcos Simó Picó <marcossp@kth.se<mailto:marcossp@kth.se>> wrote:

Hello everyone,


I would like to try the vTPM feature, but I'm having some issues. Basically, I followed the steps explained in https://mhsamsal.wordpress.com/2013/12/05/configuring-virtual-tpm-vtpm-for-xen-4-3-guest-virtual-machines/


I'm running Ubuntu 14.04 as Dom0 on a Dell optiplex-9020. I compiled Xen 4.5.0 from source. After creating vtpmmgr and vtpm stubdoms, and DomU, I can invoke tpm_version from DomU:


root@DomU:/home/xen# tpm_version
  TPM 1.2 Version Info:
  Chip Version:        1.2.0.7
  Spec Level:          2
  Errata Revision:     1
  TPM Vendor ID:       ETHZ
  TPM Version:         01010000
  Manufacturer Info:   4554485a


I can also see the PCRs status by invoking cat /sys/class/misc/tpm0/device/pcrs, however, most of the commands return an error. When I invoke takeownership I get the following error:


root@DomU:/home/xen# tpm_takeownership -y -z -l debug
Tspi_Context_Create success
Tspi_Context_Connect success
Tspi_Context_GetTpmObject success
Tspi_GetPolicyObject success
Tspi_Policy_SetSecret success
Tspi_Context_CreateObject success
Tspi_GetPolicyObject success
Tspi_Policy_SetSecret success
Tspi_TPM_TakeOwnership failed: 0x00002004 - layer=tcs, code=0004 (4), Internal software error
Tspi_Context_CloseObject success
Tspi_Context_FreeMemory success
Tspi_Context_Close success


The same error is given when invoking tpm_getpubkey. I have already tried after clearing the TPM from BIOS, after having taken ownership and with ownership no taken with the same result when using the vTPM. I have also installed Xen 4.3.4, with the same result too.


In the end, I would like to use the vTPM to generate and use RSA keys for TLS session establishing (using the API provided with GnuTLS). Since I cannot take ownership of the vTPM, the GnuTLS' tpmtool complains it doesn't find any SRK.


I really appreciate any help you can provide.


Best regards,

Marcos

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org<mailto:Xen-devel@lists.xen.org>
http://lists.xen.org/xen-devel




[-- Attachment #1.2: Type: text/html, Size: 10044 bytes --]

[-- Attachment #2: Type: text/plain, Size: 126 bytes --]

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel

Re: vTPM issues

[Emil Condrea]

[-- Attachment #1.1: Type: text/plain, Size: 4716 bytes --]

Timeouts have the standard values.
Good luck with installing 15.04.

On Thu, Jun 25, 2015 at 12:34 PM, Marcos Simó Picó <marcossp@kth.se> wrote:

>  Okay, /etc/tpm0 is present.
>
> The timeout values are:
>
> 752000 2000000 752000 752000 [adjusted]
>
>
>  I have no problem actually upgrading to Ubuntu 15.04 if that might solve
> the problem.
>
>
>  Thanks a lot for your reply again.
>  ------------------------------
> *De:* Emil Condrea <emilcondrea@gmail.com>
> *Enviado:* jueves, 25 de junio de 2015 11:22
> *Para:* Marcos Simó Picó
> *Cc:* xen-devel@lists.xen.org
> *Asunto:* Re: [Xen-devel] vTPM issues
>
>  Sorry, I misspelled, I meant /dev/tpm0 not /etc/tpm0
> I remember that once I had this problem when almost all trousers commands
> were returning internal software error in domU.
> Can you check what are the timeout values?
> cat /sys/devices/vtpm-0/timeouts
>
>  I remember that there was a bug in ubuntu 14.04 regarding tpm driver.
> You could try 14.04.2. I am using Ubuntu 15.04 as domU guest and tpm
> comands
> run succesfully.
>
> On Thu, Jun 25, 2015 at 12:10 PM, Marcos Simó Picó <marcossp@kth.se>
> wrote:
>
>>  Yes, I'm indeed using pv guests. After running #tcsd -f & I get:
>>
>> TCSD TDDL ioctl: (25) Inappropriate ioctl for device
>> TCSD TDDL Falling back to Read/Write device support.
>> TCSD trousers 0.3.5git: TCSD up and running.
>>
>>
>>  I don't know if the problem might be there. When I invoke
>> tpm_takeownership -z -y -l debug it returns exactly the same messages I
>> sent in my previous email.
>>
>>
>>  On the other hand, /sys/devices/vtpm-0 is present, but /etc/tpm0 is not.
>>
>>
>>  Thanks for your reply.
>>
>>
>>  ------------------------------
>> *De:* Emil Condrea <emilcondrea@gmail.com>
>> *Enviado:* jueves, 25 de junio de 2015 10:21
>> *Para:* Marcos Simó Picó
>> *Cc:* xen-devel@lists.xen.org; Xu, Quan
>> *Asunto:* Re: [Xen-devel] vTPM issues
>>
>>   I guess you are using pv guests, I don't know exactly if Quan finished
>> development for hvm.
>> I suggest to take a look at tcsd log:
>> pkill tcsd
>> tcsd -f &
>> tpm_takeownership -z -y -l debug
>> Also can you see if /sys/devices/vtpm-0 and /dev/tpm0 are present?
>>
>> On Wed, Jun 24, 2015 at 6:16 PM, Marcos Simó Picó <marcossp@kth.se>
>> wrote:
>>
>>>  Hello everyone,
>>>
>>>
>>>  I would like to try the vTPM feature, but I'm having some issues.
>>> Basically, I followed the steps explained in
>>> https://mhsamsal.wordpress.com/2013/12/05/configuring-virtual-tpm-vtpm-for-xen-4-3-guest-virtual-machines/
>>>
>>>
>>>  I'm running Ubuntu 14.04 as Dom0 on a Dell optiplex-9020. I compiled
>>> Xen 4.5.0 from source. After creating vtpmmgr and vtpm stubdoms, and DomU,
>>> I can invoke tpm_version from DomU:
>>>
>>>
>>>  root@DomU:/home/xen# tpm_version
>>>   TPM 1.2 Version Info:
>>>   Chip Version:        1.2.0.7
>>>   Spec Level:          2
>>>   Errata Revision:     1
>>>   TPM Vendor ID:       ETHZ
>>>   TPM Version:         01010000
>>>   Manufacturer Info:   4554485a
>>>
>>>
>>>  I can also see the PCRs status by invoking cat
>>> /sys/class/misc/tpm0/device/pcrs, however, most of the commands return an
>>> error. When I invoke takeownership I get the following error:
>>>
>>>
>>>  root@DomU:/home/xen# tpm_takeownership -y -z -l debug
>>> Tspi_Context_Create success
>>> Tspi_Context_Connect success
>>> Tspi_Context_GetTpmObject success
>>> Tspi_GetPolicyObject success
>>> Tspi_Policy_SetSecret success
>>> Tspi_Context_CreateObject success
>>> Tspi_GetPolicyObject success
>>> Tspi_Policy_SetSecret success
>>> Tspi_TPM_TakeOwnership failed: 0x00002004 - layer=tcs, code=0004 (4),
>>> Internal software error
>>> Tspi_Context_CloseObject success
>>> Tspi_Context_FreeMemory success
>>> Tspi_Context_Close success
>>>
>>>
>>>  The same error is given when invoking tpm_getpubkey. I have already
>>> tried after clearing the TPM from BIOS, after having taken ownership and
>>> with ownership no taken with the same result when using the vTPM. I have
>>> also installed Xen 4.3.4, with the same result too.
>>>
>>>
>>>  In the end, I would like to use the vTPM to generate and use RSA keys
>>> for TLS session establishing (using the API provided with GnuTLS). Since I
>>> cannot take ownership of the vTPM, the GnuTLS' tpmtool complains it doesn't
>>> find any SRK.
>>>
>>>
>>>  I really appreciate any help you can provide.
>>>
>>>
>>>  Best regards,
>>>
>>> Marcos
>>>
>>> _______________________________________________
>>> Xen-devel mailing list
>>> Xen-devel@lists.xen.org
>>> http://lists.xen.org/xen-devel
>>>
>>>
>>
>

[-- Attachment #1.2: Type: text/html, Size: 7594 bytes --]

[-- Attachment #2: Type: text/plain, Size: 126 bytes --]

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel

Re: vTPM issues

[Marcos Simó Picó]

[-- Attachment #1.1: Type: text/plain, Size: 4658 bytes --]

It worked straight away on Ubuntu 15.04.

Thanks a lot for your advice.
On 25 Jun 2015, at 11:52, Emil Condrea <emilcondrea@gmail.com<mailto:emilcondrea@gmail.com>> wrote:

Timeouts have the standard values.
Good luck with installing 15.04.

On Thu, Jun 25, 2015 at 12:34 PM, Marcos Simó Picó <marcossp@kth.se<mailto:marcossp@kth.se>> wrote:

Okay, /etc/tpm0 is present.

The timeout values are:

752000 2000000 752000 752000 [adjusted]


I have no problem actually upgrading to Ubuntu 15.04 if that might solve the problem.


Thanks a lot for your reply again.

________________________________
De: Emil Condrea <emilcondrea@gmail.com<mailto:emilcondrea@gmail.com>>
Enviado: jueves, 25 de junio de 2015 11:22
Para: Marcos Simó Picó
Cc: xen-devel@lists.xen.org<mailto:xen-devel@lists.xen.org>
Asunto: Re: [Xen-devel] vTPM issues

Sorry, I misspelled, I meant /dev/tpm0 not /etc/tpm0
I remember that once I had this problem when almost all trousers commands
were returning internal software error in domU.
Can you check what are the timeout values?
cat /sys/devices/vtpm-0/timeouts

I remember that there was a bug in ubuntu 14.04 regarding tpm driver.
You could try 14.04.2. I am using Ubuntu 15.04 as domU guest and tpm comands
run succesfully.

On Thu, Jun 25, 2015 at 12:10 PM, Marcos Simó Picó <marcossp@kth.se<mailto:marcossp@kth.se>> wrote:

Yes, I'm indeed using pv guests. After running #tcsd -f & I get:

TCSD TDDL ioctl: (25) Inappropriate ioctl for device
TCSD TDDL Falling back to Read/Write device support.
TCSD trousers 0.3.5git: TCSD up and running.


I don't know if the problem might be there. When I invoke tpm_takeownership -z -y -l debug it returns exactly the same messages I sent in my previous email.


On the other hand, /sys/devices/vtpm-0 is present, but /etc/tpm0 is not.


Thanks for your reply.


________________________________
De: Emil Condrea <emilcondrea@gmail.com<mailto:emilcondrea@gmail.com>>
Enviado: jueves, 25 de junio de 2015 10:21
Para: Marcos Simó Picó
Cc: xen-devel@lists.xen.org<mailto:xen-devel@lists.xen.org>; Xu, Quan
Asunto: Re: [Xen-devel] vTPM issues

I guess you are using pv guests, I don't know exactly if Quan finished development for hvm.
I suggest to take a look at tcsd log:
pkill tcsd
tcsd -f &
tpm_takeownership -z -y -l debug
Also can you see if /sys/devices/vtpm-0 and /dev/tpm0 are present?

On Wed, Jun 24, 2015 at 6:16 PM, Marcos Simó Picó <marcossp@kth.se<mailto:marcossp@kth.se>> wrote:

Hello everyone,


I would like to try the vTPM feature, but I'm having some issues. Basically, I followed the steps explained in https://mhsamsal.wordpress.com/2013/12/05/configuring-virtual-tpm-vtpm-for-xen-4-3-guest-virtual-machines/


I'm running Ubuntu 14.04 as Dom0 on a Dell optiplex-9020. I compiled Xen 4.5.0 from source. After creating vtpmmgr and vtpm stubdoms, and DomU, I can invoke tpm_version from DomU:


root@DomU:/home/xen# tpm_version
  TPM 1.2 Version Info:
  Chip Version:        1.2.0.7
  Spec Level:          2
  Errata Revision:     1
  TPM Vendor ID:       ETHZ
  TPM Version:         01010000
  Manufacturer Info:   4554485a


I can also see the PCRs status by invoking cat /sys/class/misc/tpm0/device/pcrs, however, most of the commands return an error. When I invoke takeownership I get the following error:


root@DomU:/home/xen# tpm_takeownership -y -z -l debug
Tspi_Context_Create success
Tspi_Context_Connect success
Tspi_Context_GetTpmObject success
Tspi_GetPolicyObject success
Tspi_Policy_SetSecret success
Tspi_Context_CreateObject success
Tspi_GetPolicyObject success
Tspi_Policy_SetSecret success
Tspi_TPM_TakeOwnership failed: 0x00002004 - layer=tcs, code=0004 (4), Internal software error
Tspi_Context_CloseObject success
Tspi_Context_FreeMemory success
Tspi_Context_Close success


The same error is given when invoking tpm_getpubkey. I have already tried after clearing the TPM from BIOS, after having taken ownership and with ownership no taken with the same result when using the vTPM. I have also installed Xen 4.3.4, with the same result too.


In the end, I would like to use the vTPM to generate and use RSA keys for TLS session establishing (using the API provided with GnuTLS). Since I cannot take ownership of the vTPM, the GnuTLS' tpmtool complains it doesn't find any SRK.


I really appreciate any help you can provide.


Best regards,

Marcos

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org<mailto:Xen-devel@lists.xen.org>
http://lists.xen.org/xen-devel






[-- Attachment #1.2: Type: text/html, Size: 9905 bytes --]

[-- Attachment #2: Type: text/plain, Size: 126 bytes --]

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel