Re: [PATCH] tpm-emulator: add a TPM emulator pass through

From: James Bottomley <James.Bottomley-d9PhHud1JfjCXq6kfMZ53/egYHeGw8Jk@public.gmane.org>
To: Stefan Berger
	<stefanb-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org>,
	Jason Gunthorpe
	<jgunthorpe-ePGOBjL8dl3ta4EC/59zMFaTQe2KTcn/@public.gmane.org>
Cc: tpmdd-devel-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org
Subject: Re: [PATCH] tpm-emulator: add a TPM emulator pass through
Date: Mon, 09 Jan 2017 12:06:53 -0800	[thread overview]
Message-ID: <1483992413.2398.16.camel@HansenPartnership.com> (raw)
In-Reply-To: <c59ebdec-d1e1-b8d6-53b2-81973ea3e64f-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org>

On Mon, 2017-01-09 at 14:37 -0500, Stefan Berger wrote:
> On 01/09/2017 02:18 PM, James Bottomley wrote:
> > On Mon, 2017-01-09 at 13:52 -0500, Stefan Berger wrote:
> > > On 01/09/2017 01:51 PM, James Bottomley wrote:
> > > > On Mon, 2017-01-09 at 13:41 -0500, Stefan Berger wrote:
> > > > > On 01/09/2017 01:24 PM, James Bottomley wrote:
> > > > > > On Mon, 2017-01-09 at 13:03 -0500, Stefan Berger wrote:
> > > > > > > Examples:
> > > > > > > ./src/vtpmctrl --tpm2 \
> > > > > > >       --spawn /bin/swtpm chardev --tpm2 --fd %fd -
> > > > > > > -tpmstate
> > > > > > > dir=/tmp
> > > > > > git head for swtpm is giving
> > > > > > 
> > > > > > Created TPM device /dev/tpm1; vTPM device has fd 4,
> > > > > > major/minor
> > > > > > =
> > > > > > 247/1.
> > > > > > chardev: unrecognized option '--tpm2'
> > > > > You need the tpm2-preview branches of libtpms and swtpm. Why 
> > > > > you need them is related to the format in which the 
> > > > > persistent data are written by the TPM 2 implementation. For 
> > > > > QEMU it should probably big endian, but so far it's not.
> > > > > 
> > > > > Here's a short wiki of libtpms pointing out the issues.
> > > > > 
> > > > > https://github.com/stefanberger/libtpms/wiki
> > > > > 
> > > > > https://github.com/stefanberger/libtpms/tree/tpm2-previewa.re
> > > > > v138
> > > > > https://github.com/stefanberger/swtpm/tree/tpm2-preview
> > > > Basically the synopsis is that it's not yet working well enough 
> > > > to run the resource manager smoke tests and I need to continue
> > > > using the ibmswtpm2 as the emulator or run against the real 
> > > > thing for the time being.
> > > Have you tried it ?
> > Git head of the tpm2-preview branch of libtpms isn't building for
> > me:
> > 
> > tpm2/ExecCommand.c: In function 'ExecuteCommand':
> > tpm2/ExecCommand.c:434:37: error: 'commandIndex' may be used
> > uninitialized in this function [-Werror=maybe-uninitialized]
> >       buffer = MemoryGetResponseBuffer(commandIndex);
> >                                       ^
> > cc1: all warnings being treated as errors
> > 
> > I also think you probably need this patch
> > 
> > James
> > 
> > ---
> > 
> > diff --git a/configure.ac b/configure.ac
> > index e84bc0f..4ab149d 100644
> > --- a/configure.ac
> > +++ b/configure.ac
> > @@ -125,7 +125,7 @@ openssl)
> >   esac
> > 
> >   AC_ARG_WITH([tpm2],
> > -	AC_HELP_STRING([--wih-tpm2],
> > +	AC_HELP_STRING([--with-tpm2],
> >                          [build libtpms with TPM2 support
> > (experimental)]),
> >           AC_MSG_RESULT([Building with TPM2 support])
> >           #if test "x$cryptolib" = "xfreebl"; then
> 
> 
> Thanks. I fixed this now to make it at least compilable. The more 
> recent branch is the tpm2-preview.rev138, which makes that other 
> branch more or less obsolete.

OK, with this branch, I can get a mostly successful run of the smoke
tests.  The failure looks to be a dispute over who handles TPM_RC_RETRY

James

---

jejb@jarvis:~/git/tpm2-scripts> python tpm2_smoke.py 
E.....
======================================================================
ERROR: test_seal_with_auth (__main__.SmokeTest)
----------------------------------------------------------------------
Traceback (most recent call last):
  File "tpm2_smoke.py", line 24, in test_seal_with_auth
    blob = self.client.seal(self.root_key, data, auth, None)
  File "/home/jejb/git/tpm2-scripts/tpm2.py", line 665, in seal
    rsp = self.send_cmd(cmd)
  File "/home/jejb/git/tpm2-scripts/tpm2.py", line 443, in send_cmd
    raise ProtocolError(cc, rc)
ProtocolError: TPM_RC_RETRY: cc=0x00000153, rc=0x00000922

----------------------------------------------------------------------
Ran 6 tests in 1.341s

FAILED (errors=1)

------------------------------------------------------------------------------
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today. http://sdm.link/xeonphi