Ronny Ko <h...@g.harvard.edu>On 2017/9/13 Wed 22:26 wrote:
> Hi Quan,
>
> My phsyical TPM is v2.0. I alrady tried 'iomem=["fed40,1"]' but didn't
> work..
>
> Actually, my DOM's TPM driver has been loaded.
> Meanwhile, I thought xen-devel was too busy with other real issues, so I
> asked this question to Daniel after that and he sent me a patch. I am
> trying out his patch on xen-unstable, and if the patch works Daniel will
> submit it upstream.
>
> I will let you guys know about the result soon.
>
As the TPM manager uses direct access to the physical TPM, it may interfere
to access to the TPM by dom0.
for tpm2.0
Add:
..
extra="tpm2"
..
extra option to launch vtpmmgr domain on TPM 2.0, and ignore it on TPM
1.x. for example:
kernel="/usr/lib/xen/boot/vtpmmgr.gz"
memory=128
disk=["file:/home/vtpm2/vmgr,hda,w"]
name="vtpmmgr"
iomem=["fed40,5"]
extra="tpm2"
try again, good luck
Quan
>
> On Wed, Sep 13, 2017 at 8:27 AM, Quan Xu <quan....@gmail.com> wrote:
>
>>
>>
>> on 2017/9/13 18:42, Wei Liu wrote:
>>
>>> Cc VTPM maintainers
>>>
>>> On Sun, Sep 10, 2017 at 03:07:04PM -0400, Ronny Ko wrote:
>>>
>>>> Hi,
>>>>
>>>> I'm a PhD student from Harvard University having a trouble in running
>>>> vTPM manager.
>>>>
>>>> I cannot successfully launch vTPM manager in Xen, because when I
>>>> command "sudo xl create vtpm-manager.cfg" to launch a virtual TPM VM,
>>>> I get the following error:
>>>>
>>>> libxl: error: libxl_create.c:1295:domcreate_launch_dm: Domain
>>>> 10:failed give domain access to iomeim range fed44-fed44: Operation
>>>> not permitted
>>>>
>>>> In Xen, virtual TPM is a standalone VM that communicates with DOMu.
>>>> "vtpm-manager.cfg" is Xen's configuration file for virtual TPM manager
>>>> VM, whose contents are as follows:
>>>>
>>>> ============ vtpm-manager.cfg ================
>>>> kernel="/usr/local/lib/xen/boot/vtpmmgr-stubdom.gz" # vTPM manager
>>>> code image
>>>> memory=16 # 16M RAM size
>>>> disk=["file:/home/skyer/Desktop/xen/vtpmmgr-stubdom.img,hda,w"] #
>>>> disk storage
>>>> name="vtpmmgr" # Just a nick name
>>>> iomem=["fed44,1"] # This means, map physical memory from
>>>> 0xfed44000-0xfed44fff for I/O, which is to be used by virtual TPM
>>>> manager to communicate with the physical TPM device.
>>>> ===========================================
>>>>
>>>
>> Ronny,
>> is your physical TPM device v1.2 or v2.0?
>>
>> for tpm1.2.. , commands that are sent to the TPM through the register set
>> at address FED4.0000 are implicitly associated with locality 0.
>> try 'iomem=["fed40,1"]'
>>
>>
>> and make sure Dom0 's TPM driver is _not_ loaded...
>>
>> Quan
>>
>> My kernel is compiled with CONFIG_IO_STRICT_DEVMEM flag disabled, so
>>>> iomem shouldn't be blocked by the kernel. I tried to map not only
>>>> 0xfed44000, but also any other random addresses for testing, but all
>>>> of them give the same error message as above.
>>>>
>>>> I'm launching the vTPM manager VM not from inside a DOMu Linux VM, but
>>>> from inside the Linux kernel directly loaded by Xen-4.9.0 (which I
>>>> suppose to be DOM0 Linux VM), and I believe this is the correct way to
>>>> launch vTPM manager.
>>>>
>>>> In particular, I get the iomem() "operation not allowed" error at the
>>>> source code line;
>>>> ioctl(fd, IOCTL_PRIVCMD_HYPERCALL, hypercall);
>>>>
>>>> In ioctl(fd, IOCTL_PRIVCMD_HYPERCALL, hypercall),
>>>> - "fd" is the special privileged Command device
>>>> - "IOCTL_PRIVCMD_HYPERCALL" denotes that this is a privileged hypercall
>>>> command
>>>> - "hypercall" is an object containing the information of: {
>>>> hypercall_command_index, target_DOM_id, iomem_start_page,
>>>> iomem_page_count, allow_or_deny_access}.
>>>>
>>>> When I launch the vTPM manager, target_DOM_id = the ID of vTPM
>>>> manager, iomem_start_page = 0xfed40, iomem_page_count = 5, and
>>>> allow_or_deny_access = 1, and this ioctl() gives an
>>>> "operation-not-allowed" error. But if I hard-code DOM_id = 0 just for
>>>> a test, this error goes away, but then I get a 0xfed0 memory mapping
>>>> failure error later on.
>>>>
>>>> To summarize, I cannot find the reason why the vTPM manager VM crashes
>>>> with "Operation not permitted". If anyone has a clue, please give me
>>>> some help. Thanks very much.
>>>>
>>>> Ronny
>>>>
>>>> _______________________________________________
>>>> Xen-devel mailing list
>>>> Xen-devel@lists.xen.org
>>>> https://lists.xen.org/xen-devel
>>>>
>>>
>>
>
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
