hi community when I want to enable XSM for vtpm, there are some problems in xen boot up. Xen version xen-4.3.0-rc2, dom0 is linux-3.7.10 without tpm drivers. I configure xen-source-tree/Config.mk XSM_ENABLE ?= y FLASK_ENABLE ?= $(XSM_ENABLE) And make dist, make install Then I make the policy in xen-source-tree: make -C tools/flask/policy When XSM is enabled, the xen boot-up stops at a lot of hex printout:>>>>Fff82*********** Fff82*********** Fff82*********** ~ ~ ~ ~ ~~ ~~ ~ ~ ~ ~ ~ ~ ~ ~~~~~~ ~~~~~~~~~~~~~ ~ 000000000000000 000000000000000 0000000000000000 000000000000000 0000000000fff000 0000000000000000 <<<< I make sure if "XSM_ENABLE ?= n and FLASK_ENABLE ?= $(XSM_ENABLE)", the xen can work properly. Thanks Quan Xu _______________________________________________ Xen-users mailing list Xen-users@lists.xen.org http://lists.xen.org/xen-users
On 06/03/2013 11:32 PM, quan.xu@aliyun.com wrote:> > hi community > when I want to enable XSM for vtpm, there are some problems in xen boot up. > Xen version xen-4.3.0-rc2, dom0 is linux-3.7.10 without tpm drivers. I configure xen-source-tree/Config.mk > > XSM_ENABLE ?= y > FLASK_ENABLE ?= $(XSM_ENABLE) > > And make dist, make install > Then I make the policy in xen-source-tree: make -C tools/flask/policy > > When XSM is enabled, the xen boot-up stops at a lot of hex printout:This looks like a crash, in which case the interesting parts would be above the hex - which you didn''t copy very accurately. If possible, using a serial console will be helpful in getting the text without needing to retype output. The most important part is the value of RIP and the backtrace (if one is present); log messages leading up to the crash may also be useful.>>>>> > Fff82*********** Fff82*********** Fff82*********** > ~ ~ ~ ~ ~~ ~~ ~ ~ ~ ~ ~ ~ ~ ~~~~~~ ~~~~~~~~~~~~~ ~ > 000000000000000 000000000000000 0000000000000000 > 000000000000000 0000000000fff000 0000000000000000 > <<<< > I make sure if "XSM_ENABLE ?= n and FLASK_ENABLE ?= $(XSM_ENABLE)", the xen can work properly. > > Thanks > > Quan Xu >xen-users dropped to BCC -- Daniel De Graaf National Security Agency
On 06/03/2013 11:32 PM, quan.xu@aliyun.com wrote:> > hi community > when I want to enable XSM for vtpm, there are some problems in xen boot up. > Xen version xen-4.3.0-rc2, dom0 is linux-3.7.10 without tpm drivers. I configure xen-source-tree/Config.mk > > XSM_ENABLE ?= y > FLASK_ENABLE ?= $(XSM_ENABLE) > > And make dist, make install > Then I make the policy in xen-source-tree: make -C tools/flask/policy > > When XSM is enabled, the xen boot-up stops at a lot of hex printout:This looks like a crash, in which case the interesting parts would be above the hex - which you didn''t copy very accurately. If possible, using a serial console will be helpful in getting the text without needing to retype output. The most important part is the value of RIP and the backtrace (if one is present); log messages leading up to the crash may also be useful.>>>>> > Fff82*********** Fff82*********** Fff82*********** > ~ ~ ~ ~ ~~ ~~ ~ ~ ~ ~ ~ ~ ~ ~~~~~~ ~~~~~~~~~~~~~ ~ > 000000000000000 000000000000000 0000000000000000 > 000000000000000 0000000000fff000 0000000000000000 > <<<< > I make sure if "XSM_ENABLE ?= n and FLASK_ENABLE ?= $(XSM_ENABLE)", the xen can work properly. > > Thanks > > Quan Xu >xen-users dropped to BCC -- Daniel De Graaf National Security Agency
Hi Gfaaf,
Now I have fixed this issue. There are some problems with grub
configuration. It should append '' flask_enforcing=1'' in xen
kernel and Append ''module /boot/xenpolicy.24'' in grub.
As my try, XSM should be enabled first. Then you can enable vtpm as
docs/misc/vtpm.txt. if XSM is NOT enabled, the vtpmmgr can NOT run. Also the
let me update the vtpm.txt next week with further research. Also I want to
involve vtpm Development. Make vTPM stable and improve vTPM capability and
performance.
I am Quan Xu (quan.xu@intel.com), Intel engineer on Openstack cloud, Xen
vt-d passthrough, Xen vtpm and OpenAttestation.
OpenAttestation is a open source project built on NSA''s National
Information Assurance Research Laboratory (NIARL) developed Host Integrity at
Startup to
measure and report status for host platforms which contain a Trusted Platform
Module (TPM). Now I have pushed OpenAttestation to Ubuntu repo and redhat
rawhide repo, and has been integrated in Openstack to build Trusted computing
pools. It just supports dom0 or some other native host. We can make it happen
to support trusted
computing pools of virtual machines or further research...
Quan Xu
Intel
> -----Original Message-----
> From: Daniel De Graaf [mailto:dgdegra@tycho.nsa.gov]
> Sent: Tuesday, June 04, 2013 10:12 PM
> To: quan.xu@aliyun.com
> Cc: xen-devel@lists.xensource.com; Xu, Quan
> Subject: Re: [Xen-devel] some problem with XSM enable
>
> On 06/03/2013 11:32 PM, quan.xu@aliyun.com wrote:
> >
> > hi community
> > when I want to enable XSM for vtpm, there are some problems in xen
boot
> up.
> > Xen version xen-4.3.0-rc2, dom0 is linux-3.7.10 without tpm drivers.
> > I configure xen-source-tree/Config.mk
> >
> > XSM_ENABLE ?= y
> > FLASK_ENABLE ?= $(XSM_ENABLE)
> >
> > And make dist, make install
> > Then I make the policy in xen-source-tree: make -C tools/flask/policy
> >
> > When XSM is enabled, the xen boot-up stops at a lot of hex printout:
>
> This looks like a crash, in which case the interesting parts would be above
the
> hex - which you didn''t copy very accurately. If possible, using a
serial console
> will be helpful in getting the text without needing to retype output.
>
> The most important part is the value of RIP and the backtrace (if one is
> present); log messages leading up to the crash may also be useful.
>
> >>>>>
> > Fff82*********** Fff82*********** Fff82*********** ~ ~ ~ ~ ~~ ~~ ~
> > ~ ~ ~ ~ ~ ~ ~~~~~~ ~~~~~~~~~~~~~ ~
> > 000000000000000 000000000000000 0000000000000000
> > 000000000000000 0000000000fff000 0000000000000000 <<<< I
make sure
> if
> > "XSM_ENABLE ?= n and FLASK_ENABLE ?= $(XSM_ENABLE)", the
xen can
> work properly.
> >
> > Thanks
> >
> > Quan Xu
> >
>
> xen-users dropped to BCC
>
> --
> Daniel De Graaf
> National Security Agency