RE: [Xense-devel] Vtpm_manager getting TPM_NOSPACE

To:	"Scarlata, Vincent R" <vincent.r.scarlata@xxxxxxxxx>, <xense-devel@xxxxxxxxxxxxxxxxxxx>
Subject:	RE: [Xense-devel] Vtpm_manager getting TPM_NOSPACE
From:	"Osborn, Justin D." <Justin.Osborn@xxxxxxxxxx>
Date:	Wed, 6 Dec 2006 16:44:45 -0500
Delivery-date:	Wed, 06 Dec 2006 13:44:44 -0800
Envelope-to:	www-data@xxxxxxxxxxxxxxxxxx
In-reply-to:	<D936D925018D154694D8A362EEB08920E2E2DC@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>
List-help:	<mailto:xense-devel-request@lists.xensource.com?subject=help>
List-id:	"A discussion list for those developing security enhancements for Xen." <xense-devel.lists.xensource.com>
List-post:	<mailto:xense-devel@lists.xensource.com>
List-subscribe:	<http://lists.xensource.com/cgi-bin/mailman/listinfo/xense-devel>, <mailto:xense-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe:	<http://lists.xensource.com/cgi-bin/mailman/listinfo/xense-devel>, <mailto:xense-devel-request@lists.xensource.com?subject=unsubscribe>
Sender:	xense-devel-bounces@xxxxxxxxxxxxxxxxxxx
Thread-index:	AccZQBPgjbA23/+2QUOOIz1N3zUarAAGPIiAAAL2oJAABYoPUAABA+SA
Thread-topic:	[Xense-devel] Vtpm_manager getting TPM_NOSPACE

Yeah, the problem went away after I cleared the TPM.  The TPM is an
Infineon 1.2, the box is a Lenovo M52.  It's been running fine for
nearly a month now.

Ozzie

--
Justin D. Osborn
Software Engineer
Information Operations
JHU/APL
 

> -----Original Message-----
> From: Scarlata, Vincent R [mailto:vincent.r.scarlata@xxxxxxxxx] 
> Sent: Wednesday, December 06, 2006 4:18 PM
> To: Osborn, Justin D.; xense-devel@xxxxxxxxxxxxxxxxxxx
> Cc: Cihula, Joseph
> Subject: RE: [Xense-devel] Vtpm_manager getting TPM_NOSPACE
> 
> Ok, that's very no good. 
> 
> The vTPM manager does not have a variable number of TPM keys. 
> It has exactly 2. One is used for protecting vTPM states and 
> the other for the vTPM manager info.  
> 
> When TPM_Startup is triggered by the BIOS (I believe), any 
> keys that were loaded into the TPM are purged, opening all 
> TPM key slots. Later when the vTPM manager is run, the 
> manager loads both of these TPM Keys during it's init phases. 
> 
> Something is not right about your TPM if it is already out of 
> space by this point, unless it has a quirk that needs to be 
> dealt with separately. 
> 
> What TPM do you have? Maybe we have the same one here that we 
> test with.
> Did the problem go away after you reset the TPM?
> 
> -Vinnie
> 
> -----Original Message-----
> From: Osborn, Justin D. [mailto:Justin.Osborn@xxxxxxxxxx]
> Sent: Wednesday, December 06, 2006 10:42 AM
> To: Scarlata, Vincent R; xense-devel@xxxxxxxxxxxxxxxxxxx
> Subject: RE: [Xense-devel] Vtpm_manager getting TPM_NOSPACE
> 
> Vinnie,
>      This happened on a fresh boot.  Could it be that 
> vtpm_manager has too many keys it's trying to load into the 
> TPM?  For instance, over time more keys got added to the 
> persistent storage file and then today it couldn't load them 
> all.  Unfortunately I deleted the vtpm data files after I 
> reset the TPM.
> 
> Ozzie
> 
> --
> Justin D. Osborn
> Software Engineer
> Information Operations
> JHU/APL
>  
> 
> > -----Original Message-----
> > From: Scarlata, Vincent R [mailto:vincent.r.scarlata@xxxxxxxxx]
> > Sent: Wednesday, December 06, 2006 12:12 PM
> > To: Osborn, Justin D.; xense-devel@xxxxxxxxxxxxxxxxxxx
> > Subject: RE: [Xense-devel] Vtpm_manager getting TPM_NOSPACE
> > 
> > Yes, on a sigkill the manager does clean up after itself. 
> > When did you get the TPM_NOSPACE error? Were you running 
> the manager 
> > or some other TPM application before running the manager 
> and getting 
> > this error? On every power cycle, the TPM unloads all it's keys and 
> > authorization sessions automatically.
> > 
> > So if you get this error on a fresh boot, the TPM is not properly 
> > flushing, which is a security issue that they need to fix. 
> If you ran 
> > the vtpm manager, shut it down, and started it again and got this 
> > problem, then you've found a bug in the manager showing 
> that it's not 
> > cleaning up fully.
> > If you ran something else and then the manager, then that something 
> > else isn't properly cleaning up.
> > 
> > -Vinnie Scarlata
> > 
> > -----Original Message-----
> > From: xense-devel-bounces@xxxxxxxxxxxxxxxxxxx
> > [mailto:xense-devel-bounces@xxxxxxxxxxxxxxxxxxx] On Behalf 
> Of Osborn, 
> > Justin D.
> > Sent: Wednesday, December 06, 2006 6:09 AM
> > To: xense-devel@xxxxxxxxxxxxxxxxxxx
> > Subject: [Xense-devel] Vtpm_manager getting TPM_NOSPACE
> > 
> > Hi all,
> >      I've been working on a project for a while that uses 
> xen and the 
> > vtpm.  We have a DomU configured to use a vtpm instance.  When I 
> > brought up the box this morning, vtpm_manager failed to 
> start, giving 
> > me an error that it received TPM_NOSPACE when trying to 
> load a key.  
> > Is this a bug?
> > 
> > I usually shut the machine down with /sbin/halt or 
> /sbin/reboot, which 
> > just kills vtpm_managerd.  I assume vtpm_managerd is 
> supposed to clean 
> > up after itself.  So is there a certain way I should kill 
> > vtpm_managerd?
> > Or is this a bug?
> > 
> > Thanks,
> > Ozzie
> > 
> > --
> > Justin D. Osborn
> > Software Engineer
> > Information Operations
> > JHU/APL
> > 
> > _______________________________________________
> > Xense-devel mailing list
> > Xense-devel@xxxxxxxxxxxxxxxxxxx
> > http://lists.xensource.com/xense-devel
> > 
> 

_______________________________________________
Xense-devel mailing list
Xense-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xense-devel