volatile state
24 views
Skip to first unread message
Marcela Tassyany Galdino Santos
Sep 30, 2022, 2:18:17 PM9/30/22
to swtpm-user
Hi all,
I'm trying to create the volatile state file, but I can only create it before the VM starts (I'm using QEMU). When the VM is up I get the connection time out error, probably because the unixio socket is in use. Do you know how and if it is possible to get volatile state of vTPM while running VM?
Thanks,
Marcela Galdino
I'm trying to create the volatile state file, but I can only create it before the VM starts (I'm using QEMU). When the VM is up I get the connection time out error, probably because the unixio socket is in use. Do you know how and if it is possible to get volatile state of vTPM while running VM?
Thanks,
Marcela Galdino
Stefan Berger
Sep 30, 2022, 3:28:51 PM9/30/22
to Marcela Tassyany Galdino Santos, swtpm-user
On 9/30/22 14:18, Marcela Tassyany Galdino Santos wrote:
> Hi all,
>
> I'm trying to create the volatile state file, but I can only create it before the VM starts (I'm using QEMU). When the VM is up I get the connection time out error, probably because the unixio socket is in use. Do you know how and if it is possible to get volatile state of vTPM while running VM?
You have more control over it when starting swtpm and using swtpm_ioctl then:
$ swtpm_ioctl --help
TPM emulator control tool version 0.8.0, Copyright (c) 2015 IBM Corp.
Usage: swtpm_ioctl command <device path>
The following commands are supported:
--tpm-device <device> : use the given device; default is /dev/tpm0
--tcp [<host>]:[<prt>]: connect to TPM on given host and port;
default host is 127.0.0.1, default port is 6546
--unix <path> : connect to TPM using UnixIO socket
[...]
-v : store the TPM's volatile data
[...]
--save <type> <file> : store the TPM state blob of given type in a file;
type may be one of volatile, permanent, or savestate
--load <type> <file> : load the TPM state blob of given type from a file;
[...]
-v will write the blob into the TPM's state directory.
tests/test_ctrchannel2 uses -v and --save in tests.
Stefan
Marcela Tassyany Galdino Santos
Oct 24, 2022, 3:56:56 PM10/24/22
to swtpm-user
thanks for the answer!
In this case I can only use swtpm_ioctl when the VM using vTPM is powered off?
When I used swtpm_ioctl (swtpm_ioctl --unix /tmp/myvtpm0/swtpm-sock -v) I got the connection connection timeout error.
In this case I can only use swtpm_ioctl when the VM using vTPM is powered off?
When I used swtpm_ioctl (swtpm_ioctl --unix /tmp/myvtpm0/swtpm-sock -v) I got the connection connection timeout error.
Stefan Berger
Oct 24, 2022, 4:40:58 PM10/24/22
to Marcela Tassyany Galdino Santos, swtpm-user
On 10/24/22 15:56, Marcela Tassyany Galdino Santos wrote:
>
> In this case I can only use swtpm_ioctl when the VM using vTPM is powered off
Stefan
Marcela Tassyany Galdino Santos
Oct 27, 2022, 8:34:53 AM10/27/22
to Stefan Berger, swtpm-user
I want to perform some vTPM monitoring operations, would it make sense to implement a second control channel with some mechanism to secure it?
Stefan Berger
Oct 27, 2022, 3:30:50 PM10/27/22
to Marcela Tassyany Galdino Santos, swtpm-user
On 10/27/22 08:34, Marcela Tassyany Galdino Santos wrote:
> I want to perform some vTPM monitoring operations, would it make sense to implement a second control channel with some mechanism to secure it?
Reply all
Reply to author
Forward
0 new messages