It seems that tpm_tis_request_locality did not manage to wait enough for locality change. I suspect that if timeout_a does not have correct value it will not wait enough in that loop and it will exit too soon. Can you do this test again replacing timeout_a value from tpm_tis_request_locality =>(stop = NOW() + tpm->timeout_a;) with something much bigger? I sent a patch that was committed this week, that fixes timeout problems that could appear and resets them to the standard value if they are incorrect. At least it seems that the locality 2 on your chip is enabled since you got here.
Thanks. Emil Condrea On Sun, Nov 16, 2014 at 9:15 AM, Xu, Quan <quan...@intel.com> wrote: > Emil / Graaf, > I have verified it, it is still not working when tboot is enabled. > The attach file is txt-stat log. > [...] > > *********************************************************** > TXT measured launch: TRUE > secrets flag set: TRUE > *********************************************************** > [...] > > > Below is error when I boot vtpmmgr: > > > ********************************************************** > [...] > IOMEM Machine Base Address: FED40000 > Enabled Localities: 2 > REQ LOCALITY FAILURE > Unable to request locality 2?? > Shutting down tpm_tis device > Page fault at linear address 0xfed40008, rip 0x2f918, regs 0x10fc78, sp > 0x10fd20, our_sp 0x10fc40, code 2 > Thread: main > RIP: e030:[<000000000002f918>] > RSP: e02b:000000000010fd20 EFLAGS: 00010202 > RAX: ffffffffffffffff RBX: 0000002000804c60 RCX: 000000000000072c > RDX: 000000000000001e RSI: 000000007fffffff RDI: 00000000fed40008 > RBP: 000000000010fd20 R08: 000000000000000a R09: 00000000000af000 > R10: 000000000000070e R11: 00000000000006d8 R12: 0000002000804c60 > R13: 00000000fed42000 R14: 0000000000000000 R15: 0000000000000002 > base is 0x10fd20 caller is 0x24977 > base is 0x10fd40 caller is 0x24e32 > base is 0x10fd80 caller is 0x5b4b > base is 0x10ff30 caller is 0x3510 > base is 0x10ff50 caller is 0x287a2 > base is 0x10ffe0 caller is 0x343b > > 10fd10: 20 fd 10 00 00 00 00 00 2b e0 00 00 00 00 00 00 > 10fd20: 40 fd 10 00 00 00 00 00 77 49 02 00 00 00 00 00 > 10fd30: 60 4c 80 00 20 00 00 00 02 00 00 00 00 00 00 00 > 10fd40: 80 fd 10 00 00 00 00 00 32 4e 02 00 00 00 00 00 > > 10fd10: 20 fd 10 00 00 00 00 00 2b e0 00 00 00 00 00 00 > 10fd20: 40 fd 10 00 00 00 00 00 77 49 02 00 00 00 00 00 > 10fd30: 60 4c 80 00 20 00 00 00 02 00 00 00 00 00 00 00 > 10fd40: 80 fd 10 00 00 00 00 00 32 4e 02 00 00 00 00 00 > > 2f900: 5d c3 55 48 89 e5 40 88 37 5d c3 55 48 89 e5 66 > 2f910: 89 37 5d c3 55 48 89 e5 89 37 5d c3 55 48 89 e5 > 2f920: 48 89 37 5d c3 55 48 89 e5 0f b6 07 5d c3 55 48 > 2f930: 89 e5 0f b7 07 5d c3 55 48 89 e5 8b 07 5d c3 55 > Pagetable walk from virt fed40008, base b0000: > L4 = 0000000127033067 (0xb1000) [offset = 0] > L3 = 0000000000000000 (0xfffffffffffff000) [offset = 3] > Page fault in pagetable walk (access to invalid memory?). > > ************************************************ > > Thanks > Quan Xu > > > > -----Original Message----- > > From: xen-devel-boun...@lists.xen.org > > [mailto:xen-devel-boun...@lists.xen.org] On Behalf Of Xu, Quan > > Sent: Sunday, November 09, 2014 4:30 PM > > To: Emil Condrea > > Cc: Daniel De Graaf; Ian Campbell; xen-devel@lists.xen.org > > Subject: Re: [Xen-devel] vtpmmgr bug: fails to start if locality!=0 > > > > Okay, I will test it in next week. > > > > Thanks > > Quan Xu > > > > > > From: xen-devel-boun...@lists.xen.org > > [mailto:xen-devel-boun...@lists.xen.org] On Behalf Of Emil Condrea > > Sent: Friday, November 07, 2014 6:42 PM > > To: Xu, Quan > > Cc: Daniel De Graaf; Ian Campbell; xen-devel@lists.xen.org > > Subject: Re: [Xen-devel] vtpmmgr bug: fails to start if locality!=0 > > > > Xu, my system does not support DRTM launch so if you can test it next > week > > it would be great. > > Thanks > > > > On Fri, Nov 7, 2014 at 3:46 AM, Xu, Quan <quan...@intel.com> wrote: > > > > > > > -----Original Message----- > > > From: xen-devel-boun...@lists.xen.org > > > [mailto:xen-devel-boun...@lists.xen.org] On Behalf Of Daniel De Graaf > > > Sent: Friday, November 07, 2014 5:55 AM > > > To: Emil Condrea > > > Cc: Ian Campbell; xen-devel@lists.xen.org > > > Subject: Re: [Xen-devel] vtpmmgr bug: fails to start if locality!=0 > > > > > > On 11/05/2014 05:00 AM, Ian Campbell wrote: > > > > CCing Daniel. > > > > > > > > On Fri, 2014-10-31 at 17:37 +0200, Emil Condrea wrote: > > > >> > > > >> I am wondering if this is known issue that when I set locality!=0 to > > > >> vtpmmgr it does not start. It is a bit strange that every call to > > > >> tpm_tis_status returns 255 and device-id is also FFFF: > > > >> 1.2 TPM (device-id=0xFFFF vendor-id = FFFF rev-id = FF). > > > >> TPM interface capabilities (0xffffffff): > > > >> > > > >> I am configuring vtpmmgr using: > > > >> > > > >> kernel="/usr/local/lib/xen/boot/vtpmmgr-stubdom.gz" > > > >> memory=8 > > > >> disk=["file:/var/vtpmmgr-stubdom.img,hda,w"] > > > >> name="vtpmmgr" > > > >> iomem=["fed40,5"] > > > >> extra="tpmlocality=2" > > > >> > > > >> > > > >> I also tried using : > > > >> iomem=["fed40,1"] > > > >> extra="tpmlocality=0"//works well > > > >> > > > >> or > > > >> iomem=["fed42,1"] > > > >> extra="tpmlocality=2" > > > >> It seems that everything that is not mapped at fed40-fed41 is > > > >> FFFFFFFF. > > > >> > > > >> I have an Atmel TPM chipset. > > > >> > > > >> Could it be a chipset problem to not handle well different > localities? > > > >> > > > >> When I use locality=0, the device driver info is correct and > > > >> everything works fine: > > > >> 1.2 TPM (device-id=0x3204 vendor-id = 1114 rev-id = 40) TPM > interface > > > >> capabilities (0xfd) > > > > > > This may be an issue with locality 2 being unavailable unless a DRTM > > launch > > > (tboot) is performed. Returning all-ones is the normal response of the > > x86 > > > chipset when unmapped MMIO regions are accessed; disabled localities of > > > the TPM may act like this. > > > > > > Does your system support the DRTM launch? If so, can you test it to > see > > if > > > this is the issue? > > > > Emil, > > tboot supports Intel and OEM systems that are Intel TXT-capable. > > If your system does not support DRTM launch, I can test it in next week. > > > > > > > > > > In this case, to better support people who want to use the vTPM Manager > > > without a DRTM launch, the features of the vTPM Manager that use the > > TPM > > > 1.2 PCRs may need to be disabled or implemented in an alternate manner > > > such as embedding the data in the quote instead of in PCRs. The > current > > > design was created with the assumption that systems using it would be > > > performing a DRTM launch in order to fully secure the boot process. > > > > > > >> In linux kernel this information is obtained using locality 0 and > > > >> after that other commands execute using specified locality. > > > >> > https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/ > > > >> tree/drivers/char/tpm/tpm_tis.c#n558 > > > > > > Have you tested that other localities work for your TPM under Linux? > > > > > > >> > > > >> Thanks, > > > >> > > > >> Emil > > > >> > > > > > > -- > > > Daniel De Graaf > > > National Security Agency > > > > > > _______________________________________________ > > > Xen-devel mailing list > > > Xen-devel@lists.xen.org > > > http://lists.xen.org/xen-devel > > > > _______________________________________________ > > Xen-devel mailing list > > Xen-devel@lists.xen.org > > http://lists.xen.org/xen-devel >
_______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org http://lists.xen.org/xen-devel
