Hi Quan, As you suggested, I recompiled Linux without TPM module (so I don't have /dev/tpm0 anymore), and added "extra=tpm2" and "iomem=["fed50,5"]. But I still get the same error:
Parsing config from vtpmmgr.cfg > libxl: error: libxl_create.c:1297:domcreate_launch_dm: Domain 1:failed > give domain access to iomem range fed44-fed44: Operation not permitted > libxl: error: libxl_domain.c:1003:libxl__destroy_domid: Domain > 1:Non-existant domain > libxl: error: libxl_domain.c:962:domain_destroy_callback: Domain 1:Unable > to destroy guest > libxl: error: libxl_domain.c:889:domain_destroy_cb: Domain 1:Destruction > of domain failed > I get the same error if I try from another computer. Is it that you don't get this error if you do the same? Ronny Wed, Sep 13, 2017 at 11:03 AM On Wed, Sep 13, 2017 at 11:03 AM, Quan Xu <quan....@gmail.com> wrote: > > Ronny Ko <h...@g.harvard.edu>On 2017/9/13 Wed 22:26 wrote: > >> Hi Quan, >> >> My phsyical TPM is v2.0. I alrady tried 'iomem=["fed40,1"]' but didn't >> work.. >> >> Actually, my DOM's TPM driver has been loaded. >> Meanwhile, I thought xen-devel was too busy with other real issues, so I >> asked this question to Daniel after that and he sent me a patch. I am >> trying out his patch on xen-unstable, and if the patch works Daniel will >> submit it upstream. >> >> I will let you guys know about the result soon. >> > > As the TPM manager uses direct access to the physical TPM, it may > interfere > > to access to the TPM by dom0. > > > for tpm2.0 > > > > Add: > > .. > > extra="tpm2" > > .. > > extra option to launch vtpmmgr domain on TPM 2.0, and ignore it on TPM > > 1.x. for example: > > > kernel="/usr/lib/xen/boot/vtpmmgr.gz" > > memory=128 > > disk=["file:/home/vtpm2/vmgr,hda,w"] > > name="vtpmmgr" > > iomem=["fed40,5"] > > extra="tpm2" > > try again, good luck > > Quan > > >> >> On Wed, Sep 13, 2017 at 8:27 AM, Quan Xu <quan....@gmail.com> wrote: >> >>> >>> >>> on 2017/9/13 18:42, Wei Liu wrote: >>> >>>> Cc VTPM maintainers >>>> >>>> On Sun, Sep 10, 2017 at 03:07:04PM -0400, Ronny Ko wrote: >>>> >>>>> Hi, >>>>> >>>>> I'm a PhD student from Harvard University having a trouble in running >>>>> vTPM manager. >>>>> >>>>> I cannot successfully launch vTPM manager in Xen, because when I >>>>> command "sudo xl create vtpm-manager.cfg" to launch a virtual TPM VM, >>>>> I get the following error: >>>>> >>>>> libxl: error: libxl_create.c:1295:domcreate_launch_dm: Domain >>>>> 10:failed give domain access to iomeim range fed44-fed44: Operation >>>>> not permitted >>>>> >>>>> In Xen, virtual TPM is a standalone VM that communicates with DOMu. >>>>> "vtpm-manager.cfg" is Xen's configuration file for virtual TPM manager >>>>> VM, whose contents are as follows: >>>>> >>>>> ============ vtpm-manager.cfg ================ >>>>> kernel="/usr/local/lib/xen/boot/vtpmmgr-stubdom.gz" # vTPM manager >>>>> code image >>>>> memory=16 # 16M RAM size >>>>> disk=["file:/home/skyer/Desktop/xen/vtpmmgr-stubdom.img,hda,w"] # >>>>> disk storage >>>>> name="vtpmmgr" # Just a nick name >>>>> iomem=["fed44,1"] # This means, map physical memory from >>>>> 0xfed44000-0xfed44fff for I/O, which is to be used by virtual TPM >>>>> manager to communicate with the physical TPM device. >>>>> =========================================== >>>>> >>>> >>> Ronny, >>> is your physical TPM device v1.2 or v2.0? >>> >>> for tpm1.2.. , commands that are sent to the TPM through the register >>> set at address FED4.0000 are implicitly associated with locality 0. >>> try 'iomem=["fed40,1"]' >>> >>> >>> and make sure Dom0 's TPM driver is _not_ loaded... >>> >>> Quan >>> >>> My kernel is compiled with CONFIG_IO_STRICT_DEVMEM flag disabled, so >>>>> iomem shouldn't be blocked by the kernel. I tried to map not only >>>>> 0xfed44000, but also any other random addresses for testing, but all >>>>> of them give the same error message as above. >>>>> >>>>> I'm launching the vTPM manager VM not from inside a DOMu Linux VM, but >>>>> from inside the Linux kernel directly loaded by Xen-4.9.0 (which I >>>>> suppose to be DOM0 Linux VM), and I believe this is the correct way to >>>>> launch vTPM manager. >>>>> >>>>> In particular, I get the iomem() "operation not allowed" error at the >>>>> source code line; >>>>> ioctl(fd, IOCTL_PRIVCMD_HYPERCALL, hypercall); >>>>> >>>>> In ioctl(fd, IOCTL_PRIVCMD_HYPERCALL, hypercall), >>>>> - "fd" is the special privileged Command device >>>>> - "IOCTL_PRIVCMD_HYPERCALL" denotes that this is a privileged >>>>> hypercall command >>>>> - "hypercall" is an object containing the information of: { >>>>> hypercall_command_index, target_DOM_id, iomem_start_page, >>>>> iomem_page_count, allow_or_deny_access}. >>>>> >>>>> When I launch the vTPM manager, target_DOM_id = the ID of vTPM >>>>> manager, iomem_start_page = 0xfed40, iomem_page_count = 5, and >>>>> allow_or_deny_access = 1, and this ioctl() gives an >>>>> "operation-not-allowed" error. But if I hard-code DOM_id = 0 just for >>>>> a test, this error goes away, but then I get a 0xfed0 memory mapping >>>>> failure error later on. >>>>> >>>>> To summarize, I cannot find the reason why the vTPM manager VM crashes >>>>> with "Operation not permitted". If anyone has a clue, please give me >>>>> some help. Thanks very much. >>>>> >>>>> Ronny >>>>> >>>>> _______________________________________________ >>>>> Xen-devel mailing list >>>>> Xen-devel@lists.xen.org >>>>> https://lists.xen.org/xen-devel >>>>> >>>> >>> >>
_______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org https://lists.xen.org/xen-devel