[Xen-devel] Re: [Xense-devel] Infineon vtpm problem

xense-devel-bounces@xxxxxxxxxxxxxxxxxxx wrote on 02/26/2008 06:28:01 PM: > Hi > > I have successfully applied the patch mentioned here > (http://lists.xensource.com/archives/html/xense-devel/2007-04/msg00005.html) > to the xen v. 3.1.3 on an HP nx8325 with Infineon TPM. > > I cleared the tpm, deleted /var/vtpm/VTPM file and rebooted. > > After reboot, vtpm_managerd runs ok. (output is attched to the mail.) > > I created a pv vm with the option vtpm = ['instance=1, backend=0'] The > vm boots fine. > > I installed trousers-0.3.1 and tpm-tools-1.3.1 from sources on the vm. > > I run tcsd -f on the vm. (output is attched to the mail.) > > I checkout and run the trousers test suite. 10 tests passed with 230 > failed. (Is this expected?)

It is likely that this (v)TPM implementation has quite a few bugs, but I would not expect that many errors.

> > When I try tpm_takeownership on the vm, the command runs fine. (Although > a strange warning appers on tcsd output which is attched).

This error may be related to older versions of the TPM device driver having used an ioctl interface for sending/receiving commands to/from the TPM and the TSS still tries this interface first. This should not be a reason for the errors you are seeing.
> > But when I try tpm_sealdata < foo on the vm I get the following error. > > Tspi_Key_LoadKey failed: 0x00003113 - layer=tsp, code=0113 (275), > Authorization failed > > But other tpm_version runs fine on vm. > > tpm-test:~# tpm_version > TPM 1.2 Version Info: > Chip Version: 1.2.0.4 > Spec Level: 2 > Errata Revision: 94 > TPM Vendor ID: > TPM Version: 01010000 > Manufacturer Info: 4554485a > > Also this quote is from Xen User's Guide: > > "Similarly, the TPM frontend driver must be compiled for the kernel > trying to use TPM functionality. Its driver can be selected in the > kernel configuration section Device Driver / Character Devices / TPM > Devices. Along with that the TPM driver for the built-in TPM must be > selected." > > According to my understanding driver for the built-in TPM must be > selected on the kernel where TPM frontend driver is used. Am I correct > about this assumption? (The problem is tpm_infineon driver can not be

The driver for the built-in Infineon TPM must be built into Domain-0, the TPM frontend driver in the guest domain and the backend driver also into Domain-0. This has probably been done correctly since otherwise the vTPM would not work at all.

> selected on an unpriviledged kernel, it can only be selected on a > priviledged kernel) > > Am I missing something here? Why do I get auth errors?

Did you try to run the same sequence of comands (tpm commands, test suite etc.) on a plain Linux kernel with the TSS stack against the built-in Infineone TPM? From what I remember, the test suite for the TSS stack either tries to set a specific TPM owner password or it must previously have been set to it by the user, otherwise many authentication errors will occur.

Stefan
> > Thanks in advance. > > Erdem Bayer > [attachment "vtpm_managerd.out" deleted by Stefan Berger/Watson/IBM] > [attachment "tcsd.out" deleted by Stefan Berger/Watson/IBM] > _______________________________________________ > Xense-devel mailing list > Xense-devel@xxxxxxxxxxxxxxxxxxx > http://lists.xensource.com/xense-devel

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel