hi community when I want to enable XSM for vtpm, there are some problems in xen boot up. Xen version xen-4.3.0-rc2, dom0 is linux-3.7.10 without tpm drivers. I configure xen-source-tree/Config.mk XSM_ENABLE ?= y FLASK_ENABLE ?= $(XSM_ENABLE) And make dist, make install Then I make the policy in xen-source-tree: make -C tools/flask/policy When XSM is enabled, the xen boot-up stops at a lot of hex printout:>>>>Fff82*********** Fff82*********** Fff82*********** ~ ~ ~ ~ ~~ ~~ ~ ~ ~ ~ ~ ~ ~ ~~~~~~ ~~~~~~~~~~~~~ ~ 000000000000000 000000000000000 0000000000000000 000000000000000 0000000000fff000 0000000000000000 <<<< I make sure if "XSM_ENABLE ?= n and FLASK_ENABLE ?= $(XSM_ENABLE)", the xen can work properly. Thanks Quan Xu _______________________________________________ Xen-users mailing list Xen-users@lists.xen.org http://lists.xen.org/xen-users
On 06/03/2013 11:32 PM, quan.xu@aliyun.com wrote:> > hi community > when I want to enable XSM for vtpm, there are some problems in xen boot up. > Xen version xen-4.3.0-rc2, dom0 is linux-3.7.10 without tpm drivers. I configure xen-source-tree/Config.mk > > XSM_ENABLE ?= y > FLASK_ENABLE ?= $(XSM_ENABLE) > > And make dist, make install > Then I make the policy in xen-source-tree: make -C tools/flask/policy > > When XSM is enabled, the xen boot-up stops at a lot of hex printout:This looks like a crash, in which case the interesting parts would be above the hex - which you didn''t copy very accurately. If possible, using a serial console will be helpful in getting the text without needing to retype output. The most important part is the value of RIP and the backtrace (if one is present); log messages leading up to the crash may also be useful.>>>>> > Fff82*********** Fff82*********** Fff82*********** > ~ ~ ~ ~ ~~ ~~ ~ ~ ~ ~ ~ ~ ~ ~~~~~~ ~~~~~~~~~~~~~ ~ > 000000000000000 000000000000000 0000000000000000 > 000000000000000 0000000000fff000 0000000000000000 > <<<< > I make sure if "XSM_ENABLE ?= n and FLASK_ENABLE ?= $(XSM_ENABLE)", the xen can work properly. > > Thanks > > Quan Xu >xen-users dropped to BCC -- Daniel De Graaf National Security Agency
On 06/03/2013 11:32 PM, quan.xu@aliyun.com wrote:> > hi community > when I want to enable XSM for vtpm, there are some problems in xen boot up. > Xen version xen-4.3.0-rc2, dom0 is linux-3.7.10 without tpm drivers. I configure xen-source-tree/Config.mk > > XSM_ENABLE ?= y > FLASK_ENABLE ?= $(XSM_ENABLE) > > And make dist, make install > Then I make the policy in xen-source-tree: make -C tools/flask/policy > > When XSM is enabled, the xen boot-up stops at a lot of hex printout:This looks like a crash, in which case the interesting parts would be above the hex - which you didn''t copy very accurately. If possible, using a serial console will be helpful in getting the text without needing to retype output. The most important part is the value of RIP and the backtrace (if one is present); log messages leading up to the crash may also be useful.>>>>> > Fff82*********** Fff82*********** Fff82*********** > ~ ~ ~ ~ ~~ ~~ ~ ~ ~ ~ ~ ~ ~ ~~~~~~ ~~~~~~~~~~~~~ ~ > 000000000000000 000000000000000 0000000000000000 > 000000000000000 0000000000fff000 0000000000000000 > <<<< > I make sure if "XSM_ENABLE ?= n and FLASK_ENABLE ?= $(XSM_ENABLE)", the xen can work properly. > > Thanks > > Quan Xu >xen-users dropped to BCC -- Daniel De Graaf National Security Agency
Hi Gfaaf, Now I have fixed this issue. There are some problems with grub configuration. It should append '' flask_enforcing=1'' in xen kernel and Append ''module /boot/xenpolicy.24'' in grub. As my try, XSM should be enabled first. Then you can enable vtpm as docs/misc/vtpm.txt. if XSM is NOT enabled, the vtpmmgr can NOT run. Also the let me update the vtpm.txt next week with further research. Also I want to involve vtpm Development. Make vTPM stable and improve vTPM capability and performance. I am Quan Xu (quan.xu@intel.com), Intel engineer on Openstack cloud, Xen vt-d passthrough, Xen vtpm and OpenAttestation. OpenAttestation is a open source project built on NSA''s National Information Assurance Research Laboratory (NIARL) developed Host Integrity at Startup to measure and report status for host platforms which contain a Trusted Platform Module (TPM). Now I have pushed OpenAttestation to Ubuntu repo and redhat rawhide repo, and has been integrated in Openstack to build Trusted computing pools. It just supports dom0 or some other native host. We can make it happen to support trusted computing pools of virtual machines or further research... Quan Xu Intel> -----Original Message----- > From: Daniel De Graaf [mailto:dgdegra@tycho.nsa.gov] > Sent: Tuesday, June 04, 2013 10:12 PM > To: quan.xu@aliyun.com > Cc: xen-devel@lists.xensource.com; Xu, Quan > Subject: Re: [Xen-devel] some problem with XSM enable > > On 06/03/2013 11:32 PM, quan.xu@aliyun.com wrote: > > > > hi community > > when I want to enable XSM for vtpm, there are some problems in xen boot > up. > > Xen version xen-4.3.0-rc2, dom0 is linux-3.7.10 without tpm drivers. > > I configure xen-source-tree/Config.mk > > > > XSM_ENABLE ?= y > > FLASK_ENABLE ?= $(XSM_ENABLE) > > > > And make dist, make install > > Then I make the policy in xen-source-tree: make -C tools/flask/policy > > > > When XSM is enabled, the xen boot-up stops at a lot of hex printout: > > This looks like a crash, in which case the interesting parts would be above the > hex - which you didn''t copy very accurately. If possible, using a serial console > will be helpful in getting the text without needing to retype output. > > The most important part is the value of RIP and the backtrace (if one is > present); log messages leading up to the crash may also be useful. > > >>>>> > > Fff82*********** Fff82*********** Fff82*********** ~ ~ ~ ~ ~~ ~~ ~ > > ~ ~ ~ ~ ~ ~ ~~~~~~ ~~~~~~~~~~~~~ ~ > > 000000000000000 000000000000000 0000000000000000 > > 000000000000000 0000000000fff000 0000000000000000 <<<< I make sure > if > > "XSM_ENABLE ?= n and FLASK_ENABLE ?= $(XSM_ENABLE)", the xen can > work properly. > > > > Thanks > > > > Quan Xu > > > > xen-users dropped to BCC > > -- > Daniel De Graaf > National Security Agency