Vtpm_manager getting TPM_NOSPACE

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

Vtpm_manager getting TPM_NOSPACE

Osborn, Justin D.
Hi all,
     I've been working on a project for a while that uses xen and the
vtpm.  We have a DomU configured to use a vtpm instance.  When I brought
up the box this morning, vtpm_manager failed to start, giving me an
error that it received TPM_NOSPACE when trying to load a key.  Is this a
bug?

I usually shut the machine down with /sbin/halt or /sbin/reboot, which
just kills vtpm_managerd.  I assume vtpm_managerd is supposed to clean
up after itself.  So is there a certain way I should kill vtpm_managerd?
Or is this a bug?

Thanks,
Ozzie

--
Justin D. Osborn
Software Engineer
Information Operations
JHU/APL

_______________________________________________
Xense-devel mailing list
[hidden email]
http://lists.xensource.com/xense-devel
Reply | Threaded
Open this post in threaded view
|

RE: Vtpm_manager getting TPM_NOSPACE

Scarlata, Vincent R
Yes, on a sigkill the manager does clean up after itself. When did you
get the TPM_NOSPACE error? Were you running the manager or some other
TPM application before running the manager and getting this error? On
every power cycle, the TPM unloads all it's keys and authorization
sessions automatically.

So if you get this error on a fresh boot, the TPM is not properly
flushing, which is a security issue that they need to fix. If you ran
the vtpm manager, shut it down, and started it again and got this
problem, then you've found a bug in the manager showing that it's not
cleaning up fully. If you ran something else and then the manager, then
that something else isn't properly cleaning up.

-Vinnie Scarlata  

-----Original Message-----
From: [hidden email]
[mailto:[hidden email]] On Behalf Of Osborn,
Justin D.
Sent: Wednesday, December 06, 2006 6:09 AM
To: [hidden email]
Subject: [Xense-devel] Vtpm_manager getting TPM_NOSPACE

Hi all,
     I've been working on a project for a while that uses xen and the
vtpm.  We have a DomU configured to use a vtpm instance.  When I brought
up the box this morning, vtpm_manager failed to start, giving me an
error that it received TPM_NOSPACE when trying to load a key.  Is this a
bug?

I usually shut the machine down with /sbin/halt or /sbin/reboot, which
just kills vtpm_managerd.  I assume vtpm_managerd is supposed to clean
up after itself.  So is there a certain way I should kill vtpm_managerd?
Or is this a bug?

Thanks,
Ozzie

--
Justin D. Osborn
Software Engineer
Information Operations
JHU/APL

_______________________________________________
Xense-devel mailing list
[hidden email]
http://lists.xensource.com/xense-devel

_______________________________________________
Xense-devel mailing list
[hidden email]
http://lists.xensource.com/xense-devel
Reply | Threaded
Open this post in threaded view
|

RE: Vtpm_manager getting TPM_NOSPACE

Osborn, Justin D.
Vinnie,
     This happened on a fresh boot.  Could it be that vtpm_manager has
too many keys it's trying to load into the TPM?  For instance, over time
more keys got added to the persistent storage file and then today it
couldn't load them all.  Unfortunately I deleted the vtpm data files
after I reset the TPM.

Ozzie

--
Justin D. Osborn
Software Engineer
Information Operations
JHU/APL
 

> -----Original Message-----
> From: Scarlata, Vincent R [mailto:[hidden email]]
> Sent: Wednesday, December 06, 2006 12:12 PM
> To: Osborn, Justin D.; [hidden email]
> Subject: RE: [Xense-devel] Vtpm_manager getting TPM_NOSPACE
>
> Yes, on a sigkill the manager does clean up after itself.
> When did you get the TPM_NOSPACE error? Were you running the
> manager or some other TPM application before running the
> manager and getting this error? On every power cycle, the TPM
> unloads all it's keys and authorization sessions automatically.
>
> So if you get this error on a fresh boot, the TPM is not
> properly flushing, which is a security issue that they need
> to fix. If you ran the vtpm manager, shut it down, and
> started it again and got this problem, then you've found a
> bug in the manager showing that it's not cleaning up fully.
> If you ran something else and then the manager, then that
> something else isn't properly cleaning up.
>
> -Vinnie Scarlata  
>
> -----Original Message-----
> From: [hidden email]
> [mailto:[hidden email]] On Behalf Of
> Osborn, Justin D.
> Sent: Wednesday, December 06, 2006 6:09 AM
> To: [hidden email]
> Subject: [Xense-devel] Vtpm_manager getting TPM_NOSPACE
>
> Hi all,
>      I've been working on a project for a while that uses xen
> and the vtpm.  We have a DomU configured to use a vtpm
> instance.  When I brought up the box this morning,
> vtpm_manager failed to start, giving me an error that it
> received TPM_NOSPACE when trying to load a key.  Is this a bug?
>
> I usually shut the machine down with /sbin/halt or
> /sbin/reboot, which just kills vtpm_managerd.  I assume
> vtpm_managerd is supposed to clean up after itself.  So is
> there a certain way I should kill vtpm_managerd?
> Or is this a bug?
>
> Thanks,
> Ozzie
>
> --
> Justin D. Osborn
> Software Engineer
> Information Operations
> JHU/APL
>
> _______________________________________________
> Xense-devel mailing list
> [hidden email]
> http://lists.xensource.com/xense-devel
>

_______________________________________________
Xense-devel mailing list
[hidden email]
http://lists.xensource.com/xense-devel
Reply | Threaded
Open this post in threaded view
|

RE: Vtpm_manager getting TPM_NOSPACE

Scarlata, Vincent R
In reply to this post by Osborn, Justin D.
Ok, that's very no good.

The vTPM manager does not have a variable number of TPM keys. It has
exactly 2. One is used for protecting vTPM states and the other for the
vTPM manager info.  

When TPM_Startup is triggered by the BIOS (I believe), any keys that
were loaded into the TPM are purged, opening all TPM key slots. Later
when the vTPM manager is run, the manager loads both of these TPM Keys
during it's init phases.

Something is not right about your TPM if it is already out of space by
this point, unless it has a quirk that needs to be dealt with
separately.

What TPM do you have? Maybe we have the same one here that we test with.
Did the problem go away after you reset the TPM?

-Vinnie

-----Original Message-----
From: Osborn, Justin D. [mailto:[hidden email]]
Sent: Wednesday, December 06, 2006 10:42 AM
To: Scarlata, Vincent R; [hidden email]
Subject: RE: [Xense-devel] Vtpm_manager getting TPM_NOSPACE

Vinnie,
     This happened on a fresh boot.  Could it be that vtpm_manager has
too many keys it's trying to load into the TPM?  For instance, over time
more keys got added to the persistent storage file and then today it
couldn't load them all.  Unfortunately I deleted the vtpm data files
after I reset the TPM.

Ozzie

--
Justin D. Osborn
Software Engineer
Information Operations
JHU/APL
 

> -----Original Message-----
> From: Scarlata, Vincent R [mailto:[hidden email]]
> Sent: Wednesday, December 06, 2006 12:12 PM
> To: Osborn, Justin D.; [hidden email]
> Subject: RE: [Xense-devel] Vtpm_manager getting TPM_NOSPACE
>
> Yes, on a sigkill the manager does clean up after itself.
> When did you get the TPM_NOSPACE error? Were you running the
> manager or some other TPM application before running the
> manager and getting this error? On every power cycle, the TPM
> unloads all it's keys and authorization sessions automatically.
>
> So if you get this error on a fresh boot, the TPM is not
> properly flushing, which is a security issue that they need
> to fix. If you ran the vtpm manager, shut it down, and
> started it again and got this problem, then you've found a
> bug in the manager showing that it's not cleaning up fully.
> If you ran something else and then the manager, then that
> something else isn't properly cleaning up.
>
> -Vinnie Scarlata  
>
> -----Original Message-----
> From: [hidden email]
> [mailto:[hidden email]] On Behalf Of
> Osborn, Justin D.
> Sent: Wednesday, December 06, 2006 6:09 AM
> To: [hidden email]
> Subject: [Xense-devel] Vtpm_manager getting TPM_NOSPACE
>
> Hi all,
>      I've been working on a project for a while that uses xen
> and the vtpm.  We have a DomU configured to use a vtpm
> instance.  When I brought up the box this morning,
> vtpm_manager failed to start, giving me an error that it
> received TPM_NOSPACE when trying to load a key.  Is this a bug?
>
> I usually shut the machine down with /sbin/halt or
> /sbin/reboot, which just kills vtpm_managerd.  I assume
> vtpm_managerd is supposed to clean up after itself.  So is
> there a certain way I should kill vtpm_managerd?
> Or is this a bug?
>
> Thanks,
> Ozzie
>
> --
> Justin D. Osborn
> Software Engineer
> Information Operations
> JHU/APL
>
> _______________________________________________
> Xense-devel mailing list
> [hidden email]
> http://lists.xensource.com/xense-devel
>

_______________________________________________
Xense-devel mailing list
[hidden email]
http://lists.xensource.com/xense-devel
Reply | Threaded
Open this post in threaded view
|

RE: Vtpm_manager getting TPM_NOSPACE

Osborn, Justin D.
Yeah, the problem went away after I cleared the TPM.  The TPM is an
Infineon 1.2, the box is a Lenovo M52.  It's been running fine for
nearly a month now.

Ozzie

--
Justin D. Osborn
Software Engineer
Information Operations
JHU/APL
 

> -----Original Message-----
> From: Scarlata, Vincent R [mailto:[hidden email]]
> Sent: Wednesday, December 06, 2006 4:18 PM
> To: Osborn, Justin D.; [hidden email]
> Cc: Cihula, Joseph
> Subject: RE: [Xense-devel] Vtpm_manager getting TPM_NOSPACE
>
> Ok, that's very no good.
>
> The vTPM manager does not have a variable number of TPM keys.
> It has exactly 2. One is used for protecting vTPM states and
> the other for the vTPM manager info.  
>
> When TPM_Startup is triggered by the BIOS (I believe), any
> keys that were loaded into the TPM are purged, opening all
> TPM key slots. Later when the vTPM manager is run, the
> manager loads both of these TPM Keys during it's init phases.
>
> Something is not right about your TPM if it is already out of
> space by this point, unless it has a quirk that needs to be
> dealt with separately.
>
> What TPM do you have? Maybe we have the same one here that we
> test with.
> Did the problem go away after you reset the TPM?
>
> -Vinnie
>
> -----Original Message-----
> From: Osborn, Justin D. [mailto:[hidden email]]
> Sent: Wednesday, December 06, 2006 10:42 AM
> To: Scarlata, Vincent R; [hidden email]
> Subject: RE: [Xense-devel] Vtpm_manager getting TPM_NOSPACE
>
> Vinnie,
>      This happened on a fresh boot.  Could it be that
> vtpm_manager has too many keys it's trying to load into the
> TPM?  For instance, over time more keys got added to the
> persistent storage file and then today it couldn't load them
> all.  Unfortunately I deleted the vtpm data files after I
> reset the TPM.
>
> Ozzie
>
> --
> Justin D. Osborn
> Software Engineer
> Information Operations
> JHU/APL
>  
>
> > -----Original Message-----
> > From: Scarlata, Vincent R [mailto:[hidden email]]
> > Sent: Wednesday, December 06, 2006 12:12 PM
> > To: Osborn, Justin D.; [hidden email]
> > Subject: RE: [Xense-devel] Vtpm_manager getting TPM_NOSPACE
> >
> > Yes, on a sigkill the manager does clean up after itself.
> > When did you get the TPM_NOSPACE error? Were you running
> the manager
> > or some other TPM application before running the manager
> and getting
> > this error? On every power cycle, the TPM unloads all it's keys and
> > authorization sessions automatically.
> >
> > So if you get this error on a fresh boot, the TPM is not properly
> > flushing, which is a security issue that they need to fix.
> If you ran
> > the vtpm manager, shut it down, and started it again and got this
> > problem, then you've found a bug in the manager showing
> that it's not
> > cleaning up fully.
> > If you ran something else and then the manager, then that something
> > else isn't properly cleaning up.
> >
> > -Vinnie Scarlata
> >
> > -----Original Message-----
> > From: [hidden email]
> > [mailto:[hidden email]] On Behalf
> Of Osborn,
> > Justin D.
> > Sent: Wednesday, December 06, 2006 6:09 AM
> > To: [hidden email]
> > Subject: [Xense-devel] Vtpm_manager getting TPM_NOSPACE
> >
> > Hi all,
> >      I've been working on a project for a while that uses
> xen and the
> > vtpm.  We have a DomU configured to use a vtpm instance.  When I
> > brought up the box this morning, vtpm_manager failed to
> start, giving
> > me an error that it received TPM_NOSPACE when trying to
> load a key.  
> > Is this a bug?
> >
> > I usually shut the machine down with /sbin/halt or
> /sbin/reboot, which
> > just kills vtpm_managerd.  I assume vtpm_managerd is
> supposed to clean
> > up after itself.  So is there a certain way I should kill
> > vtpm_managerd?
> > Or is this a bug?
> >
> > Thanks,
> > Ozzie
> >
> > --
> > Justin D. Osborn
> > Software Engineer
> > Information Operations
> > JHU/APL
> >
> > _______________________________________________
> > Xense-devel mailing list
> > [hidden email]
> > http://lists.xensource.com/xense-devel
> >
>

_______________________________________________
Xense-devel mailing list
[hidden email]
http://lists.xensource.com/xense-devel
Reply | Threaded
Open this post in threaded view
|

RE: Vtpm_manager getting TPM_NOSPACE

Osborn, Justin D.
Scratch that, it's a Winbond 1.2.  I know it's formerly National
Semiconductor and I can never keep straight who they turned into.

OZzie

--
Justin D. Osborn
Software Engineer
Information Operations
JHU/APL
 

> -----Original Message-----
> From: [hidden email]
> [mailto:[hidden email]] On Behalf Of
> Osborn, Justin D.
> Sent: Wednesday, December 06, 2006 4:45 PM
> To: Scarlata, Vincent R; [hidden email]
> Subject: RE: [Xense-devel] Vtpm_manager getting TPM_NOSPACE
>
> Yeah, the problem went away after I cleared the TPM.  The TPM
> is an Infineon 1.2, the box is a Lenovo M52.  It's been
> running fine for nearly a month now.
>
> Ozzie
>
> --
> Justin D. Osborn
> Software Engineer
> Information Operations
> JHU/APL
>  
>
> > -----Original Message-----
> > From: Scarlata, Vincent R [mailto:[hidden email]]
> > Sent: Wednesday, December 06, 2006 4:18 PM
> > To: Osborn, Justin D.; [hidden email]
> > Cc: Cihula, Joseph
> > Subject: RE: [Xense-devel] Vtpm_manager getting TPM_NOSPACE
> >
> > Ok, that's very no good.
> >
> > The vTPM manager does not have a variable number of TPM keys.
> > It has exactly 2. One is used for protecting vTPM states
> and the other
> > for the vTPM manager info.
> >
> > When TPM_Startup is triggered by the BIOS (I believe), any
> keys that
> > were loaded into the TPM are purged, opening all TPM key
> slots. Later
> > when the vTPM manager is run, the manager loads both of
> these TPM Keys
> > during it's init phases.
> >
> > Something is not right about your TPM if it is already out
> of space by
> > this point, unless it has a quirk that needs to be dealt with
> > separately.
> >
> > What TPM do you have? Maybe we have the same one here that we test
> > with.
> > Did the problem go away after you reset the TPM?
> >
> > -Vinnie
> >
> > -----Original Message-----
> > From: Osborn, Justin D. [mailto:[hidden email]]
> > Sent: Wednesday, December 06, 2006 10:42 AM
> > To: Scarlata, Vincent R; [hidden email]
> > Subject: RE: [Xense-devel] Vtpm_manager getting TPM_NOSPACE
> >
> > Vinnie,
> >      This happened on a fresh boot.  Could it be that
> vtpm_manager has
> > too many keys it's trying to load into the TPM?  For instance, over
> > time more keys got added to the persistent storage file and
> then today
> > it couldn't load them all.  Unfortunately I deleted the vtpm data
> > files after I reset the TPM.
> >
> > Ozzie
> >
> > --
> > Justin D. Osborn
> > Software Engineer
> > Information Operations
> > JHU/APL
> >  
> >
> > > -----Original Message-----
> > > From: Scarlata, Vincent R [mailto:[hidden email]]
> > > Sent: Wednesday, December 06, 2006 12:12 PM
> > > To: Osborn, Justin D.; [hidden email]
> > > Subject: RE: [Xense-devel] Vtpm_manager getting TPM_NOSPACE
> > >
> > > Yes, on a sigkill the manager does clean up after itself.
> > > When did you get the TPM_NOSPACE error? Were you running
> > the manager
> > > or some other TPM application before running the manager
> > and getting
> > > this error? On every power cycle, the TPM unloads all
> it's keys and
> > > authorization sessions automatically.
> > >
> > > So if you get this error on a fresh boot, the TPM is not properly
> > > flushing, which is a security issue that they need to fix.
> > If you ran
> > > the vtpm manager, shut it down, and started it again and got this
> > > problem, then you've found a bug in the manager showing
> > that it's not
> > > cleaning up fully.
> > > If you ran something else and then the manager, then that
> something
> > > else isn't properly cleaning up.
> > >
> > > -Vinnie Scarlata
> > >
> > > -----Original Message-----
> > > From: [hidden email]
> > > [mailto:[hidden email]] On Behalf
> > Of Osborn,
> > > Justin D.
> > > Sent: Wednesday, December 06, 2006 6:09 AM
> > > To: [hidden email]
> > > Subject: [Xense-devel] Vtpm_manager getting TPM_NOSPACE
> > >
> > > Hi all,
> > >      I've been working on a project for a while that uses
> > xen and the
> > > vtpm.  We have a DomU configured to use a vtpm instance.  When I
> > > brought up the box this morning, vtpm_manager failed to
> > start, giving
> > > me an error that it received TPM_NOSPACE when trying to
> > load a key.  
> > > Is this a bug?
> > >
> > > I usually shut the machine down with /sbin/halt or
> > /sbin/reboot, which
> > > just kills vtpm_managerd.  I assume vtpm_managerd is
> > supposed to clean
> > > up after itself.  So is there a certain way I should kill
> > > vtpm_managerd?
> > > Or is this a bug?
> > >
> > > Thanks,
> > > Ozzie
> > >
> > > --
> > > Justin D. Osborn
> > > Software Engineer
> > > Information Operations
> > > JHU/APL
> > >
> > > _______________________________________________
> > > Xense-devel mailing list
> > > [hidden email]
> > > http://lists.xensource.com/xense-devel
> > >
> >
>
> _______________________________________________
> Xense-devel mailing list
> [hidden email]
> http://lists.xensource.com/xense-devel
>

_______________________________________________
Xense-devel mailing list
[hidden email]
http://lists.xensource.com/xense-devel