Hi Quan,
My phsyical TPM is v2.0. I alrady tried 'iomem=["fed40,1"]' but didn't
work..
Actually, my DOM's TPM driver has been loaded.
Meanwhile, I thought xen-devel was too busy with other real issues, so I
asked this question to Daniel after that and he sent me a patch. I am
trying out his patch on xen-unstable, and if the patch works Daniel will
submit it upstream.
I will let you guys know about the result soon.
Ronny
On Wed, Sep 13, 2017 at 8:27 AM, Quan Xu <quan....@gmail.com> wrote:
>
>
> on 2017/9/13 18:42, Wei Liu wrote:
>
>> Cc VTPM maintainers
>>
>> On Sun, Sep 10, 2017 at 03:07:04PM -0400, Ronny Ko wrote:
>>
>>> Hi,
>>>
>>> I'm a PhD student from Harvard University having a trouble in running
>>> vTPM manager.
>>>
>>> I cannot successfully launch vTPM manager in Xen, because when I
>>> command "sudo xl create vtpm-manager.cfg" to launch a virtual TPM VM,
>>> I get the following error:
>>>
>>> libxl: error: libxl_create.c:1295:domcreate_launch_dm: Domain
>>> 10:failed give domain access to iomeim range fed44-fed44: Operation
>>> not permitted
>>>
>>> In Xen, virtual TPM is a standalone VM that communicates with DOMu.
>>> "vtpm-manager.cfg" is Xen's configuration file for virtual TPM manager
>>> VM, whose contents are as follows:
>>>
>>> ============ vtpm-manager.cfg ================
>>> kernel="/usr/local/lib/xen/boot/vtpmmgr-stubdom.gz" # vTPM manager
>>> code image
>>> memory=16 # 16M RAM size
>>> disk=["file:/home/skyer/Desktop/xen/vtpmmgr-stubdom.img,hda,w"] #
>>> disk storage
>>> name="vtpmmgr" # Just a nick name
>>> iomem=["fed44,1"] # This means, map physical memory from
>>> 0xfed44000-0xfed44fff for I/O, which is to be used by virtual TPM
>>> manager to communicate with the physical TPM device.
>>> ===========================================
>>>
>>
> Ronny,
> is your physical TPM device v1.2 or v2.0?
>
> for tpm1.2.. , commands that are sent to the TPM through the register set
> at address FED4.0000 are implicitly associated with locality 0.
> try 'iomem=["fed40,1"]'
>
>
> and make sure Dom0 's TPM driver is _not_ loaded...
>
> Quan
>
> My kernel is compiled with CONFIG_IO_STRICT_DEVMEM flag disabled, so
>>> iomem shouldn't be blocked by the kernel. I tried to map not only
>>> 0xfed44000, but also any other random addresses for testing, but all
>>> of them give the same error message as above.
>>>
>>> I'm launching the vTPM manager VM not from inside a DOMu Linux VM, but
>>> from inside the Linux kernel directly loaded by Xen-4.9.0 (which I
>>> suppose to be DOM0 Linux VM), and I believe this is the correct way to
>>> launch vTPM manager.
>>>
>>> In particular, I get the iomem() "operation not allowed" error at the
>>> source code line;
>>> ioctl(fd, IOCTL_PRIVCMD_HYPERCALL, hypercall);
>>>
>>> In ioctl(fd, IOCTL_PRIVCMD_HYPERCALL, hypercall),
>>> - "fd" is the special privileged Command device
>>> - "IOCTL_PRIVCMD_HYPERCALL" denotes that this is a privileged hypercall
>>> command
>>> - "hypercall" is an object containing the information of: {
>>> hypercall_command_index, target_DOM_id, iomem_start_page,
>>> iomem_page_count, allow_or_deny_access}.
>>>
>>> When I launch the vTPM manager, target_DOM_id = the ID of vTPM
>>> manager, iomem_start_page = 0xfed40, iomem_page_count = 5, and
>>> allow_or_deny_access = 1, and this ioctl() gives an
>>> "operation-not-allowed" error. But if I hard-code DOM_id = 0 just for
>>> a test, this error goes away, but then I get a 0xfed0 memory mapping
>>> failure error later on.
>>>
>>> To summarize, I cannot find the reason why the vTPM manager VM crashes
>>> with "Operation not permitted". If anyone has a clue, please give me
>>> some help. Thanks very much.
>>>
>>> Ronny
>>>
>>> _______________________________________________
>>> Xen-devel mailing list
>>> Xen-devel@lists.xen.org
>>> https://lists.xen.org/xen-devel
>>>
>>
>
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
