Bug 636100
| Summary: | TPM driver is not enabled in kernel-xen | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 5 | Reporter: | Stephen Smalley <sdsmall> | ||||
| Component: | kernel-xen | Assignee: | Andrew Jones <drjones> | ||||
| Status: | CLOSED ERRATA | QA Contact: | Mike Gahagan <mgahagan> | ||||
| Severity: | medium | Docs Contact: | |||||
| Priority: | low | ||||||
| Version: | 5.5 | CC: | drjones, xen-maint | ||||
| Target Milestone: | rc | ||||||
| Target Release: | --- | ||||||
| Hardware: | All | ||||||
| OS: | Linux | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2011-01-13 21:21:44 UTC | Type: | --- | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Attachments: |
|
||||||
|
Description
Stephen Smalley
2010-09-21 14:12:25 UTC
Just to clarify, I'd like all of the CONFIG_TCG_* options enabled in kernel-xen, to match the config in kernel, i.e. CONFIG_TCG_TPM=m CONFIG_TCG_TIS=m CONFIG_TCG_NSC=m CONFIG_TCG_ATMEL=m CONFIG_TCG_INFINEON=m Then trousers and tpm-tools can function correctly on both kernel-xen and kernel. Hi Stephen, Have you already done some experiments with using TPM on xen guests (such as dom0, which is a special PV guest)?. And specifically with RHEL5's Xen? The reason I ask is because I'm not sure it will work. The RHEL5 kernel is missing the vtpm driver (drivers/char/tpm/tpm_[vtpm.*|xen.c]). The tpmback driver code is there, but it looks like it's missing some patches. It would also need to be enabled, as it is currently off # CONFIG_XEN_TPMDEV_BACKEND is not set Furthermore trying to compile vtpm tools from the RHEL5 userspace source fails (probably missing several patches). In short, I don't believe it's ever been supported, so it probably won't work without many backports from upstream. Upstream development on it somewhat stalled as well a few years ago, but just recently someone posted patches to vtpm_manager as well as developed a vtpm stubdom. http://lists.xensource.com/archives/html/xen-devel/2010-08/msg01542.html The patch didn't get any comments, so I don't think anybody really looked closely at it. I also didn't check to see if it was integrated or not. The good news is, that at least from my quick investigation, it doesn't look like we would need any hypervisor changes. Andrew I have used the TPM from Xen dom0 successfully - in that situation, you don't need the vtpm infrastructure at all; you are just using the native Linux TPM driver in dom0. That's all I'm looking for at the present. Ah, sure, that makes sense then. It also sounds reasonable to let them compile as modules, as there are already several modules built for the kernel-xen package that PV guests don't/can't use, i.e. just there for dom0. Thanks, Drew This should perhaps be a separate bug, but I also found that the tpm_tis driver in the kernel package (just running non-xen linux) immediately complains about IRQ mismatches, and that was fixed upstream by: commit 7917ff9a4cefd0500aa4a1b1942da96dbce6999f Don't know if you guys are tracking upstream bugs for the TPM drivers for RHEL5. Created attachment 449140 [details]
Compile the TCG modules for xen configs
These modules won't work for guests, but they will for dom0, so we should build them for dom0's use.
(In reply to comment #5) > This should perhaps be a separate bug, but I also found that the tpm_tis driver > in the kernel package (just running non-xen linux) immediately complains about > IRQ mismatches, and that was fixed upstream by: > commit 7917ff9a4cefd0500aa4a1b1942da96dbce6999f > Yup, that is a separate bug. I opened bug 636760 for it. Thanks for the report and hunting down the fix. This request was evaluated by Red Hat Product Management for inclusion in a Red Hat Enterprise Linux maintenance release. Product Management has requested further review of this request by Red Hat Engineering, for potential inclusion in a Red Hat Enterprise Linux Update release for currently deployed products. This request is not yet committed for inclusion in an Update release. in kernel-2.6.18-225.el5 You can download this test kernel (or newer) from http://people.redhat.com/jwilson/el5 Detailed testing feedback is always welcomed. Thanks, the tpm driver loaded but immediately gave this warning: IRQ handler type mismatch for IRQ 8 Call Trace: [<ffffffff802b58fe>] setup_irq+0x1b7/0x1cf [<ffffffff881ad000>] :tpm_tis:tis_int_probe+0x0/0x58 [<ffffffff802b59c6>] request_irq+0xb0/0xd6 [<ffffffff881ad81d>] :tpm_tis:tpm_tis_init+0x1dc/0x3fd [<ffffffff80391b60>] pnp_device_probe+0x7b/0x9e [<ffffffff803b0fa8>] driver_probe_device+0x52/0xaa [<ffffffff803b10d7>] __driver_attach+0x65/0xb6 [<ffffffff803b1072>] __driver_attach+0x0/0xb6 [<ffffffff803b08af>] bus_for_each_dev+0x43/0x6e [<ffffffff803b04eb>] bus_add_driver+0x76/0x110 [<ffffffff802a4342>] sys_init_module+0xaf/0x1f2 [<ffffffff80260106>] system_call+0x86/0x8b [<ffffffff80260080>] system_call+0x0/0x8b See bug 636760. I've confirmed the tpm driver is present and loads in the -232 kernel, no evidence of BZ 636760 (also verified) An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2011-0017.html |