Hi Quan,
As you suggested, I recompiled Linux without TPM module (so I don't have
/dev/tpm0 anymore), and added "extra=tpm2" and "iomem=["fed50,5"]. But I
still get the same error:
Parsing config from vtpmmgr.cfg
> libxl: error: libxl_create.c:1297:domcreate_launch_dm: Domain 1:failed
> give domain access to iomem range fed44-fed44: Operation not permitted
> libxl: error: libxl_domain.c:1003:libxl__destroy_domid: Domain
> 1:Non-existant domain
> libxl: error: libxl_domain.c:962:domain_destroy_callback: Domain 1:Unable
> to destroy guest
> libxl: error: libxl_domain.c:889:domain_destroy_cb: Domain 1:Destruction
> of domain failed
>
I get the same error if I try from another computer. Is it that you don't
get this error if you do the same?
Ronny
Wed, Sep 13, 2017 at 11:03 AM
On Wed, Sep 13, 2017 at 11:03 AM, Quan Xu <quan....@gmail.com> wrote:
>
> Ronny Ko <h...@g.harvard.edu>On 2017/9/13 Wed 22:26 wrote:
>
>> Hi Quan,
>>
>> My phsyical TPM is v2.0. I alrady tried 'iomem=["fed40,1"]' but didn't
>> work..
>>
>> Actually, my DOM's TPM driver has been loaded.
>> Meanwhile, I thought xen-devel was too busy with other real issues, so I
>> asked this question to Daniel after that and he sent me a patch. I am
>> trying out his patch on xen-unstable, and if the patch works Daniel will
>> submit it upstream.
>>
>> I will let you guys know about the result soon.
>>
>
> As the TPM manager uses direct access to the physical TPM, it may
> interfere
>
> to access to the TPM by dom0.
>
>
> for tpm2.0
>
>
>
> Add:
>
> ..
>
> extra="tpm2"
>
> ..
>
> extra option to launch vtpmmgr domain on TPM 2.0, and ignore it on TPM
>
> 1.x. for example:
>
>
> kernel="/usr/lib/xen/boot/vtpmmgr.gz"
>
> memory=128
>
> disk=["file:/home/vtpm2/vmgr,hda,w"]
>
> name="vtpmmgr"
>
> iomem=["fed40,5"]
>
> extra="tpm2"
>
> try again, good luck
>
> Quan
>
>
>>
>> On Wed, Sep 13, 2017 at 8:27 AM, Quan Xu <quan....@gmail.com> wrote:
>>
>>>
>>>
>>> on 2017/9/13 18:42, Wei Liu wrote:
>>>
>>>> Cc VTPM maintainers
>>>>
>>>> On Sun, Sep 10, 2017 at 03:07:04PM -0400, Ronny Ko wrote:
>>>>
>>>>> Hi,
>>>>>
>>>>> I'm a PhD student from Harvard University having a trouble in running
>>>>> vTPM manager.
>>>>>
>>>>> I cannot successfully launch vTPM manager in Xen, because when I
>>>>> command "sudo xl create vtpm-manager.cfg" to launch a virtual TPM VM,
>>>>> I get the following error:
>>>>>
>>>>> libxl: error: libxl_create.c:1295:domcreate_launch_dm: Domain
>>>>> 10:failed give domain access to iomeim range fed44-fed44: Operation
>>>>> not permitted
>>>>>
>>>>> In Xen, virtual TPM is a standalone VM that communicates with DOMu.
>>>>> "vtpm-manager.cfg" is Xen's configuration file for virtual TPM manager
>>>>> VM, whose contents are as follows:
>>>>>
>>>>> ============ vtpm-manager.cfg ================
>>>>> kernel="/usr/local/lib/xen/boot/vtpmmgr-stubdom.gz" # vTPM manager
>>>>> code image
>>>>> memory=16 # 16M RAM size
>>>>> disk=["file:/home/skyer/Desktop/xen/vtpmmgr-stubdom.img,hda,w"] #
>>>>> disk storage
>>>>> name="vtpmmgr" # Just a nick name
>>>>> iomem=["fed44,1"] # This means, map physical memory from
>>>>> 0xfed44000-0xfed44fff for I/O, which is to be used by virtual TPM
>>>>> manager to communicate with the physical TPM device.
>>>>> ===========================================
>>>>>
>>>>
>>> Ronny,
>>> is your physical TPM device v1.2 or v2.0?
>>>
>>> for tpm1.2.. , commands that are sent to the TPM through the register
>>> set at address FED4.0000 are implicitly associated with locality 0.
>>> try 'iomem=["fed40,1"]'
>>>
>>>
>>> and make sure Dom0 's TPM driver is _not_ loaded...
>>>
>>> Quan
>>>
>>> My kernel is compiled with CONFIG_IO_STRICT_DEVMEM flag disabled, so
>>>>> iomem shouldn't be blocked by the kernel. I tried to map not only
>>>>> 0xfed44000, but also any other random addresses for testing, but all
>>>>> of them give the same error message as above.
>>>>>
>>>>> I'm launching the vTPM manager VM not from inside a DOMu Linux VM, but
>>>>> from inside the Linux kernel directly loaded by Xen-4.9.0 (which I
>>>>> suppose to be DOM0 Linux VM), and I believe this is the correct way to
>>>>> launch vTPM manager.
>>>>>
>>>>> In particular, I get the iomem() "operation not allowed" error at the
>>>>> source code line;
>>>>> ioctl(fd, IOCTL_PRIVCMD_HYPERCALL, hypercall);
>>>>>
>>>>> In ioctl(fd, IOCTL_PRIVCMD_HYPERCALL, hypercall),
>>>>> - "fd" is the special privileged Command device
>>>>> - "IOCTL_PRIVCMD_HYPERCALL" denotes that this is a privileged
>>>>> hypercall command
>>>>> - "hypercall" is an object containing the information of: {
>>>>> hypercall_command_index, target_DOM_id, iomem_start_page,
>>>>> iomem_page_count, allow_or_deny_access}.
>>>>>
>>>>> When I launch the vTPM manager, target_DOM_id = the ID of vTPM
>>>>> manager, iomem_start_page = 0xfed40, iomem_page_count = 5, and
>>>>> allow_or_deny_access = 1, and this ioctl() gives an
>>>>> "operation-not-allowed" error. But if I hard-code DOM_id = 0 just for
>>>>> a test, this error goes away, but then I get a 0xfed0 memory mapping
>>>>> failure error later on.
>>>>>
>>>>> To summarize, I cannot find the reason why the vTPM manager VM crashes
>>>>> with "Operation not permitted". If anyone has a clue, please give me
>>>>> some help. Thanks very much.
>>>>>
>>>>> Ronny
>>>>>
>>>>> _______________________________________________
>>>>> Xen-devel mailing list
>>>>> Xen-devel@lists.xen.org
>>>>> https://lists.xen.org/xen-devel
>>>>>
>>>>
>>>
>>
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
