Xen devel - Aug 2008 - vTPM NVM, loadkey and trousers questions

Hi everyone,

I am using Xen 3.2.1 with the vtpm-12-patch.diff patch posted in [0]. My TPM is
an Infineon 1.2. In total I have got three different questions:

1. NVM loading problem at VM creation
When I am creating a VM the last few lines of the vtpm_manager output are:
TPMD[245]: tpm/tpm_startup.c:45: Info: TPM_Startup(1)
Loading NVM.
        Sending LoadNVM command
ERROR[VTPM]: Failed to load NVM
.INFO[VTPM]: [VTPM Listener]: VTPM Listener waiting for messages.
        Reading LoadNVM header

For every VM a new tpmd instance is created, ignoring the setting in my VM
config file. In /var/vtpm are only two folders (fifos, socks) and two files
(VTPM, vtpm.db). I am missing the one for non volatile memory. Any ideas what
might be wrong here?


2. Using IAIK jTSS in VM (http://trustedjava.sourceforge.net/)
I want to use the jTSS in my VMs. Some simple operations like taking ownership,
extending a PCR and creating keys are working, but there seems to be a problem
when it comes to loading keys.
For example, if I try to bind data after taking ownership using the jtpmtools
example (jtt.sh bind) the operation fails. Java stack trace is:
iaik.tc.tss.api.exceptions.tcs.TcTpmException: 

TSS Error:
error layer:                0x00 (TPM)
error code (without layer): 0x1f
error code (full):          0x1f
error message: An IO error occurred transmitting information to the TPM

        at
iaik.tc.tss.impl.java.tcs.pbg.TcTpmCmdCommon.handleRetCode(TcTpmCmdCommon.java:73)
        at
iaik.tc.tss.impl.java.tcs.pbg.TcTpmCmdDeprMisc.TpmLoadKey(TcTpmCmdDeprMisc.java:222)
        at
iaik.tc.tss.impl.java.tcs.kcmgr.TcTcsKeyManager.LoadKeyByBlob(TcTcsKeyManager.java:72)
        at
iaik.tc.tss.impl.java.tcs.tcsi.TcTcsi.TcsipLoadKeyByBlob(TcTcsi.java:535)

A lot of vtpm_manager output is produced. The last few lines are:
TPMD[6]: tpm/tpm_cmd_handler.c:4162: Debug: tpm_handle_command()
TPMD[6]: tpm/tpm_cmd_handler.c:3466: Debug: [TPM_TAG_RQU_AUTH1_COMMAND]
TPMD[6]: tpm/tpm_cmd_handler.c:3654: Debug: [TPM_ORD_LoadKey]
TPMD[6]: tpm/tpm_storage.c:526: Info: TPM_LoadKey()
TPMD[6]: tpm/tpm_storage.c:528: Debug: [ parentHandle=40000000 ]
TPMD[6]: tpm/tpm_cmd_handler.c:4117: Info: TPM command succeeded
ERROR[VTPM]: [Backend Listener]: Error reading from DMI. Aborting... 
INFO[VTPM]: [Backend Listener]: Backend Listener waiting for messages.

Let me know, if you need the whole output. From my understanding it says
"TPM command succeeded". What''s the matter with "Error
reading from DMI"? On my real TPM the command is working.

I also tried a self written application using jTSS. When trying to load a key
vtpm_managers output finishes with:
TPMD[1]: tpm/tpm_cmd_handler.c:4162: Debug: tpm_handle_command()
TPMD[1]: tpm/tpm_cmd_handler.c:3466: Debug: [TPM_TAG_RQU_AUTH1_COMMAND]
TPMD[1]: tpm/tpm_cmd_handler.c:3654: Debug: [TPM_ORD_LoadKey]
TPMD[1]: tpm/tpm_storage.c:526: Info: TPM_LoadKey()
TPMD[1]: tpm/tpm_storage.c:528: Debug: [ parentHandle=40000000 ]
TPMD[1]: tpm/tpm_cmd_handler.c:4110: Info: TPM command failed: (0x0c) The key
handle presented was invalid.
TPMD[1]: tpm/tpm_eviction.c:56: Info: TPM_FlushSpecific()
TPMD[1]: tpm/tpm_eviction.c:57: Debug: [ handle=02000000 resourceType=00000002 ]
TPMD[1]: tpmd.c:227: Debug: Sent[14]: 0 0 0 1 0 c4 0 0 0 a 0 0 0 c 

INFO[VTPM]: [Backend Listener]: Sending DMI''s response to guest.
INFO[VTPM]: [Backend Listener]: Backend Listener waiting for messages.

Again this program is running well on a real TPM and I created the key which is
tried to load before.


3. Trousers 0.2.9
IAIK provides a java wrapper to use the TPM. Unfortunately this is only working
with trousers version 0.2.9. Using trousers 0.3.1 the tpm tools like tpm_version
are working. But as mentioned, the wrapper is only compatible with 0.2.9.
Using that version (no matter if I apply IFX patch or not) the result of
tpm_version is:
Tspi_Context_Connect failed: 0x00003004 - layer=tsp, code=0004 (4), Internal
software error
TCSD''s output:
TCSD svrside.c:272 accepted socket 6
TCSD tcsd_threads.c:225 Rx''d packet
TCSD tcsd_wrap.c:4060 Dispatching ordinal 1
TCSD tcsd_wrap.c:366 thread b7c7eb90 servicing a tcs_wrap_OpenContext request
TCSD tcsd_threads.c:252 Sending 0x21 bytes back
TCS tcs_utils.c:1317 Socket connection closed.
TCSD tcsd_threads.c:264 Thread exiting.
TCS tcscm.c:40 Closing context A0907600
TCS tcscm.c:52 Context A0907600 closed

When I start tcsd the following output appears:
TDDL tddl.c:105 Calling write to driver
TDDL tddl.c:116 ioctl: (25) Inappropriate ioctl for device
TDDL tddl.c:117 Falling back to Read/Write device support.

Does anyone know if 0.2.9 is just outdated or should it be working and there is
something else wrong?

Any hints are very welcome!

Thanks in advance
Tim

[0]http://lists.xensource.com/archives/html/xense-devel/2007-04/msg00005.html

-- 
Ist Ihr Browser Vista-kompatibel? Jetzt die neuesten 
Browser-Versionen downloaden: http://www.gmx.net/de/go/browser

-- 
Der GMX SmartSurfer hilft bis zu 70% Ihrer Onlinekosten zu sparen! 
Ideal für Modem und ISDN: http://www.gmx.net/de/go/smartsurfer

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

Hi

See post in [0] about loading keys into vTPM on infineon 1.2 TPMs. IMO, 
you also need this patch.

Could you send any progress about this NVM issue. This is one of my 
biggest problems in vTPM and I want to see if anyone gets it work.

Thank you
Erdem Bayer

[0] http://lists.xensource.com/archives/html/xen-devel/2008-02/msg01092.html

Tim Feld wrote On 26-08-2008 23:58:
> Hi everyone,
>
> I am using Xen 3.2.1 with the vtpm-12-patch.diff patch posted in [0]. My
TPM is an Infineon 1.2. In total I have got three different questions:
>
> 1. NVM loading problem at VM creation
> When I am creating a VM the last few lines of the vtpm_manager output are:
> TPMD[245]: tpm/tpm_startup.c:45: Info: TPM_Startup(1)
> Loading NVM.
>         Sending LoadNVM command
> ERROR[VTPM]: Failed to load NVM
> .INFO[VTPM]: [VTPM Listener]: VTPM Listener waiting for messages.
>         Reading LoadNVM header
>
> For every VM a new tpmd instance is created, ignoring the setting in my VM
config file. In /var/vtpm are only two folders (fifos, socks) and two files
(VTPM, vtpm.db). I am missing the one for non volatile memory. Any ideas what
might be wrong here?
>
>
> 2. Using IAIK jTSS in VM (http://trustedjava.sourceforge.net/)
> I want to use the jTSS in my VMs. Some simple operations like taking
ownership, extending a PCR and creating keys are working, but there seems to be
a problem when it comes to loading keys.
> For example, if I try to bind data after taking ownership using the
jtpmtools example (jtt.sh bind) the operation fails. Java stack trace is:
> iaik.tc.tss.api.exceptions.tcs.TcTpmException: 
>
> TSS Error:
> error layer:                0x00 (TPM)
> error code (without layer): 0x1f
> error code (full):          0x1f
> error message: An IO error occurred transmitting information to the TPM
>
>         at
iaik.tc.tss.impl.java.tcs.pbg.TcTpmCmdCommon.handleRetCode(TcTpmCmdCommon.java:73)
>         at
iaik.tc.tss.impl.java.tcs.pbg.TcTpmCmdDeprMisc.TpmLoadKey(TcTpmCmdDeprMisc.java:222)
>         at
iaik.tc.tss.impl.java.tcs.kcmgr.TcTcsKeyManager.LoadKeyByBlob(TcTcsKeyManager.java:72)
>         at
iaik.tc.tss.impl.java.tcs.tcsi.TcTcsi.TcsipLoadKeyByBlob(TcTcsi.java:535)
>
> A lot of vtpm_manager output is produced. The last few lines are:
> TPMD[6]: tpm/tpm_cmd_handler.c:4162: Debug: tpm_handle_command()
> TPMD[6]: tpm/tpm_cmd_handler.c:3466: Debug: [TPM_TAG_RQU_AUTH1_COMMAND]
> TPMD[6]: tpm/tpm_cmd_handler.c:3654: Debug: [TPM_ORD_LoadKey]
> TPMD[6]: tpm/tpm_storage.c:526: Info: TPM_LoadKey()
> TPMD[6]: tpm/tpm_storage.c:528: Debug: [ parentHandle=40000000 ]
> TPMD[6]: tpm/tpm_cmd_handler.c:4117: Info: TPM command succeeded
> ERROR[VTPM]: [Backend Listener]: Error reading from DMI. Aborting... 
> INFO[VTPM]: [Backend Listener]: Backend Listener waiting for messages.
>
> Let me know, if you need the whole output. From my understanding it says
"TPM command succeeded". What''s the matter with "Error
reading from DMI"? On my real TPM the command is working.
>
> I also tried a self written application using jTSS. When trying to load a
key vtpm_managers output finishes with:
> TPMD[1]: tpm/tpm_cmd_handler.c:4162: Debug: tpm_handle_command()
> TPMD[1]: tpm/tpm_cmd_handler.c:3466: Debug: [TPM_TAG_RQU_AUTH1_COMMAND]
> TPMD[1]: tpm/tpm_cmd_handler.c:3654: Debug: [TPM_ORD_LoadKey]
> TPMD[1]: tpm/tpm_storage.c:526: Info: TPM_LoadKey()
> TPMD[1]: tpm/tpm_storage.c:528: Debug: [ parentHandle=40000000 ]
> TPMD[1]: tpm/tpm_cmd_handler.c:4110: Info: TPM command failed: (0x0c) The
key handle presented was invalid.
> TPMD[1]: tpm/tpm_eviction.c:56: Info: TPM_FlushSpecific()
> TPMD[1]: tpm/tpm_eviction.c:57: Debug: [ handle=02000000
resourceType=00000002 ]
> TPMD[1]: tpmd.c:227: Debug: Sent[14]: 0 0 0 1 0 c4 0 0 0 a 0 0 0 c 
>
> INFO[VTPM]: [Backend Listener]: Sending DMI''s response to guest.
> INFO[VTPM]: [Backend Listener]: Backend Listener waiting for messages.
>
> Again this program is running well on a real TPM and I created the key
which is tried to load before.
>
>
> 3. Trousers 0.2.9
> IAIK provides a java wrapper to use the TPM. Unfortunately this is only
working with trousers version 0.2.9. Using trousers 0.3.1 the tpm tools like
tpm_version are working. But as mentioned, the wrapper is only compatible with
0.2.9.
> Using that version (no matter if I apply IFX patch or not) the result of
tpm_version is:
> Tspi_Context_Connect failed: 0x00003004 - layer=tsp, code=0004 (4),
Internal software error
> TCSD''s output:
> TCSD svrside.c:272 accepted socket 6
> TCSD tcsd_threads.c:225 Rx''d packet
> TCSD tcsd_wrap.c:4060 Dispatching ordinal 1
> TCSD tcsd_wrap.c:366 thread b7c7eb90 servicing a tcs_wrap_OpenContext
request
> TCSD tcsd_threads.c:252 Sending 0x21 bytes back
> TCS tcs_utils.c:1317 Socket connection closed.
> TCSD tcsd_threads.c:264 Thread exiting.
> TCS tcscm.c:40 Closing context A0907600
> TCS tcscm.c:52 Context A0907600 closed
>
> When I start tcsd the following output appears:
> TDDL tddl.c:105 Calling write to driver
> TDDL tddl.c:116 ioctl: (25) Inappropriate ioctl for device
> TDDL tddl.c:117 Falling back to Read/Write device support.
>
> Does anyone know if 0.2.9 is just outdated or should it be working and
there is something else wrong?
>
> Any hints are very welcome!
>
> Thanks in advance
> Tim
>
>
[0]http://lists.xensource.com/archives/html/xense-devel/2007-04/msg00005.html
>
>   
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

Hi Erdem,

thanks for your reply.
> See post in [0] about loading keys into vTPM on infineon 1.2 TPMs. IMO, 
> you also need this patch.
Are you using Xen 3.1.x yet? I am pretty sure the patch you mentioned is
included in Xen 3.2.1.
> Could you send any progress about this NVM issue. This is one of my 
> biggest problems in vTPM and I want to see if anyone gets it work.
I will definitely keep you posted on any progress concerning this. 

Tim
> [0]
> http://lists.xensource.com/archives/html/xen-devel/2008-02/msg01092.html
> 
> Tim Feld wrote On 26-08-2008 23:58:
> > Hi everyone,
> >
> > I am using Xen 3.2.1 with the vtpm-12-patch.diff patch posted in [0].
My
> TPM is an Infineon 1.2. In total I have got three different questions:
> >
> > 1. NVM loading problem at VM creation
> > When I am creating a VM the last few lines of the vtpm_manager output
> are:
> > TPMD[245]: tpm/tpm_startup.c:45: Info: TPM_Startup(1)
> > Loading NVM.
> >         Sending LoadNVM command
> > ERROR[VTPM]: Failed to load NVM
> > .INFO[VTPM]: [VTPM Listener]: VTPM Listener waiting for messages.
> >         Reading LoadNVM header
> >
> > For every VM a new tpmd instance is created, ignoring the setting in
my
> VM config file. In /var/vtpm are only two folders (fifos, socks) and two
> files (VTPM, vtpm.db). I am missing the one for non volatile memory. Any
> ideas what might be wrong here?
> >
> >
> > 2. Using IAIK jTSS in VM (http://trustedjava.sourceforge.net/)
> > I want to use the jTSS in my VMs. Some simple operations like taking
> ownership, extending a PCR and creating keys are working, but there seems
to
> be a problem when it comes to loading keys. 
> > For example, if I try to bind data after taking ownership using the
> jtpmtools example (jtt.sh bind) the operation fails. Java stack trace is:
> > iaik.tc.tss.api.exceptions.tcs.TcTpmException: 
> >
> > TSS Error:
> > error layer:                0x00 (TPM)
> > error code (without layer): 0x1f
> > error code (full):          0x1f
> > error message: An IO error occurred transmitting information to the
TPM
> >
> >         at
>
iaik.tc.tss.impl.java.tcs.pbg.TcTpmCmdCommon.handleRetCode(TcTpmCmdCommon.java:73)
> >         at
>
iaik.tc.tss.impl.java.tcs.pbg.TcTpmCmdDeprMisc.TpmLoadKey(TcTpmCmdDeprMisc.java:222)
> >         at
>
iaik.tc.tss.impl.java.tcs.kcmgr.TcTcsKeyManager.LoadKeyByBlob(TcTcsKeyManager.java:72)
> >         at
> iaik.tc.tss.impl.java.tcs.tcsi.TcTcsi.TcsipLoadKeyByBlob(TcTcsi.java:535)
> >
> > A lot of vtpm_manager output is produced. The last few lines are:
> > TPMD[6]: tpm/tpm_cmd_handler.c:4162: Debug: tpm_handle_command()
> > TPMD[6]: tpm/tpm_cmd_handler.c:3466: Debug:
[TPM_TAG_RQU_AUTH1_COMMAND]
> > TPMD[6]: tpm/tpm_cmd_handler.c:3654: Debug: [TPM_ORD_LoadKey]
> > TPMD[6]: tpm/tpm_storage.c:526: Info: TPM_LoadKey()
> > TPMD[6]: tpm/tpm_storage.c:528: Debug: [ parentHandle=40000000 ]
> > TPMD[6]: tpm/tpm_cmd_handler.c:4117: Info: TPM command succeeded
> > ERROR[VTPM]: [Backend Listener]: Error reading from DMI. Aborting... 
> > INFO[VTPM]: [Backend Listener]: Backend Listener waiting for messages.
> >
> > Let me know, if you need the whole output. From my understanding it
says
> "TPM command succeeded". What''s the matter with
"Error reading from DMI"?
> On my real TPM the command is working. 
> >
> > I also tried a self written application using jTSS. When trying to
load
> a key vtpm_managers output finishes with:
> > TPMD[1]: tpm/tpm_cmd_handler.c:4162: Debug: tpm_handle_command()
> > TPMD[1]: tpm/tpm_cmd_handler.c:3466: Debug:
[TPM_TAG_RQU_AUTH1_COMMAND]
> > TPMD[1]: tpm/tpm_cmd_handler.c:3654: Debug: [TPM_ORD_LoadKey]
> > TPMD[1]: tpm/tpm_storage.c:526: Info: TPM_LoadKey()
> > TPMD[1]: tpm/tpm_storage.c:528: Debug: [ parentHandle=40000000 ]
> > TPMD[1]: tpm/tpm_cmd_handler.c:4110: Info: TPM command failed: (0x0c)
> The key handle presented was invalid.
> > TPMD[1]: tpm/tpm_eviction.c:56: Info: TPM_FlushSpecific()
> > TPMD[1]: tpm/tpm_eviction.c:57: Debug: [ handle=02000000
> resourceType=00000002 ]
> > TPMD[1]: tpmd.c:227: Debug: Sent[14]: 0 0 0 1 0 c4 0 0 0 a 0 0 0 c 
> >
> > INFO[VTPM]: [Backend Listener]: Sending DMI''s response to
guest.
> > INFO[VTPM]: [Backend Listener]: Backend Listener waiting for messages.
> >
> > Again this program is running well on a real TPM and I created the key
> which is tried to load before.
> >
> >
> > 3. Trousers 0.2.9
> > IAIK provides a java wrapper to use the TPM. Unfortunately this is
only
> working with trousers version 0.2.9. Using trousers 0.3.1 the tpm tools
> like tpm_version are working. But as mentioned, the wrapper is only
compatible
> with 0.2.9.  
> > Using that version (no matter if I apply IFX patch or not) the result
of
> tpm_version is: 
> > Tspi_Context_Connect failed: 0x00003004 - layer=tsp, code=0004 (4),
> Internal software error
> > TCSD''s output:
> > TCSD svrside.c:272 accepted socket 6
> > TCSD tcsd_threads.c:225 Rx''d packet
> > TCSD tcsd_wrap.c:4060 Dispatching ordinal 1
> > TCSD tcsd_wrap.c:366 thread b7c7eb90 servicing a tcs_wrap_OpenContext
> request
> > TCSD tcsd_threads.c:252 Sending 0x21 bytes back
> > TCS tcs_utils.c:1317 Socket connection closed.
> > TCSD tcsd_threads.c:264 Thread exiting.
> > TCS tcscm.c:40 Closing context A0907600
> > TCS tcscm.c:52 Context A0907600 closed
> >
> > When I start tcsd the following output appears:
> > TDDL tddl.c:105 Calling write to driver
> > TDDL tddl.c:116 ioctl: (25) Inappropriate ioctl for device
> > TDDL tddl.c:117 Falling back to Read/Write device support.
> >
> > Does anyone know if 0.2.9 is just outdated or should it be working and
> there is something else wrong?
> >
> > Any hints are very welcome!
> >
> > Thanks in advance
> > Tim
> >
> >
>
[0]http://lists.xensource.com/archives/html/xense-devel/2007-04/msg00005.html
> >
> >   
> 
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@lists.xensource.com
> http://lists.xensource.com/xen-devel
-- 
GMX Kostenlose Spiele: Einfach online spielen und Spaß haben mit Pastry Passion!
http://games.entertainment.gmx.net/de/entertainment/games/free/puzzle/6169196

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel