xen-devel.lists.xenproject.org archive mirror
 help / color / mirror / Atom feed
From: Rich Persaud <persaur@gmail.com>
To: Jason Andryuk <jandryuk@gmail.com>
Cc: xen-devel@lists.xenproject.org, Ian Jackson <iwj@xenproject.org>,
	Wei Liu <wl@xen.org>, Andrew Cooper <Andrew.Cooper3@citrix.com>
Subject: Re: [PATCH v2 01/13] docs: Warn about incomplete vtpmmgr TPM 2.0 support
Date: Sat, 8 May 2021 14:37:55 -0400	[thread overview]
Message-ID: <D66E1606-7354-4B1E-9F20-DA9BB830FAFA@gmail.com> (raw)

[-- Attachment #1: Type: text/plain, Size: 1533 bytes --]

On May 6, 2021, at 10:00, Jason Andryuk <jandryuk@gmail.com> wrote:
> The vtpmmgr TPM 2.0 support is incomplete.  Add a warning about that to
> the documentation so others don't have to work through discovering it is
> broken.
> 
> Signed-off-by: Jason Andryuk <jandryuk@gmail.com>
> Acked-by: Andrew Cooper <andrew.cooper3@citrix.com>
> ---
> docs/man/xen-vtpmmgr.7.pod | 11 +++++++++++
> 1 file changed, 11 insertions(+)
> 
> diff --git a/docs/man/xen-vtpmmgr.7.pod b/docs/man/xen-vtpmmgr.7.pod
> index af825a7ffe..875dcce508 100644
> --- a/docs/man/xen-vtpmmgr.7.pod
> +++ b/docs/man/xen-vtpmmgr.7.pod
> @@ -222,6 +222,17 @@ XSM label, not the kernel.
> 
> =head1 Appendix B: vtpmmgr on TPM 2.0
> 
> +=head2 WARNING: Incomplete - cannot persist data
> +
> +TPM 2.0 support for vTPM manager is incomplete.  There is no support for
> +persisting an encryption key, so vTPM manager regenerates primary and secondary
> +key handles each boot.
> +
> +Also, the vTPM manger group command implementation hardcodes TPM 1.2 commands.
> +This means running manage-vtpmmgr.pl fails when the TPM 2.0 hardware rejects
> +the TPM 1.2 commands.  vTPM manager with TPM 2.0 cannot create groups and
> +therefore cannot persist vTPM contents.
> +
> =head2 Manager disk image setup:
> 
> The vTPM Manager requires a disk image to store its encrypted data. The image
> -- 
> 2.30.2

Should SUPPORT.md also be updated?

https://xenbits.xen.org/gitweb/?p=xen.git;a=blob;f=SUPPORT.md;hb=refs/heads/master

Rich

[-- Attachment #2: Type: text/html, Size: 2423 bytes --]

             reply	other threads:[~2021-05-08 18:38 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-05-08 18:37 Rich Persaud [this message]
  -- strict thread matches above, loose matches on Subject: below --
2021-05-06 13:59 [PATCH v2 00/13] vtpmmgr: Some fixes - still incomplete Jason Andryuk
2021-05-06 13:59 ` [PATCH v2 01/13] docs: Warn about incomplete vtpmmgr TPM 2.0 support Jason Andryuk

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=D66E1606-7354-4B1E-9F20-DA9BB830FAFA@gmail.com \
    --to=persaur@gmail.com \
    --cc=Andrew.Cooper3@citrix.com \
    --cc=iwj@xenproject.org \
    --cc=jandryuk@gmail.com \
    --cc=wl@xen.org \
    --cc=xen-devel@lists.xenproject.org \
    --subject='Re: [PATCH v2 01/13] docs: Warn about incomplete vtpmmgr TPM 2.0 support' \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).