[meta-virtualization] [PATCH v2 0/8] xen: Xen vTPM stubdomains
Christopher Clark
christopher.w.clark at gmail.com
Mon Apr 9 16:56:52 PDT 2018
Kurt,
I've reviewed the patches today and all the improvements look good.
Unfortunately, in performing a build with the patches applied to rocko, I
encountered a link error when attempting:
bitbake xen-vtpm
Details and output are below.
A separate minor thing I saw in patch 1 was that "no-red-zone" is applied
to STUBDOM_CFLAGS unconditionally, whereas in the original Xen Makefile,
it's only set for 64-bit target builds - I haven't inspected further
though, or attempted a 32-bit target build yet as my 64-bit build didn't
succeed.
Christopher
Build description:
Source: rocko branches of each of:
git://git.yoctoproject.org/poky.git
git://git.openembedded.org/meta-openembedded
git://git.yoctoproject.org/meta-virtualization
and applied the 8 proposed patches applied to meta-virtualization
(on top of the rocko branch).
Build host is x86_64, running Debian 8.8 with gcc 4.9.2
local.conf settings:
MACHINE = "genericx86-64"
DISTRO_FEATURES_append = " xen virtualization"
BB_NUMBER_THREADS ?= "8"
PARALLEL_MAKE ?= "-j 4"
Error encountered:
| x86_64-poky-linux-ld
--sysroot=/mnt/3build/review-vtpm/poky/build/tmp/work/core2-64-poky-linux/xen-vtpm/4.9.0-r0/recipe-sysroot
-nostdlib
-L/mnt/3build/review-vtpm/poky/build/tmp/work/core2-64-poky-linux/xen-vtpm/4.9.0-r0/recipe-sysroot/cross-root-x86_64/x86_64-xen-elf/lib
-m elf_x86_64 -T
/mnt/3build/review-vtpm/poky/build/tmp/work/core2-64-poky-linux/xen-vtpm/4.9.0-r0/stubdom/mini-os-x86_64-vtpmmgr/arch/x86/minios-x86_64.lds
/mnt/3build/review-vtpm/poky/build/tmp/work/core2-64-poky-linux/xen-vtpm/4.9.0-r0/stubdom/mini-os-x86_64-vtpmmgr/mini-os.o
-o
/mnt/3build/review-vtpm/poky/build/tmp/work/core2-64-poky-linux/xen-vtpm/4.9.0-r0/stubdom/mini-os-x86_64-vtpmmgr/mini-os
|
/mnt/3build/review-vtpm/poky/build/tmp/work/core2-64-poky-linux/xen-vtpm/4.9.0-r0/stubdom/mini-os-x86_64-vtpmmgr/mini-os.o:
In function `vtpmmgr_GroupRegister':
| vtpm_cmd_handler.c:(.text+0x38ab): undefined reference to `tpmrsa_free'
| vtpm_cmd_handler.c:(.text+0x3b6e): undefined reference to `tpmrsa_free'
|
/mnt/3build/review-vtpm/poky/build/tmp/work/core2-64-poky-linux/xen-vtpm/4.9.0-r0/stubdom/mini-os-x86_64-vtpmmgr/mini-os.o:
In function `vtpmmgr_handle_cmd':
| gdtoa-hexnan.c:(.text+0x4ac6): undefined reference to `tpmrsa_free'
|
/mnt/3build/review-vtpm/poky/build/tmp/work/core2-64-poky-linux/xen-vtpm/4.9.0-r0/stubdom/mini-os-x86_64-vtpmmgr/mini-os.o:
In function `TPM_TakeOwnership':
| gdtoa-hexnan.c:(.text+0x7e33): undefined reference to `unpack3_TPM_KEY'
| gdtoa-hexnan.c:(.text+0x7e67): undefined reference to `unpack3_TPM_KEY'
| gdtoa-hexnan.c:(.text+0x7ec8): undefined reference to
`unpack3_TPM_AUTH_SESSION'
| gdtoa-hexnan.c:(.text+0x7f68): undefined reference to `free_TPM_KEY'
|
/mnt/3build/review-vtpm/poky/build/tmp/work/core2-64-poky-linux/xen-vtpm/4.9.0-r0/stubdom/mini-os-x86_64-vtpmmgr/mini-os.o:
In function `TPM_Seal':
| gdtoa-hexnan.c:(.text+0x8b76): undefined reference to
`unpack3_TPM_STORED_DATA12'
| gdtoa-hexnan.c:(.text+0x8bd7): undefined reference to
`unpack3_TPM_AUTH_SESSION'
|
/mnt/3build/review-vtpm/poky/build/tmp/work/core2-64-poky-linux/xen-vtpm/4.9.0-r0/stubdom/mini-os-x86_64-vtpmmgr/mini-os.o:
In function `TPM_Unseal':
| gdtoa-hexnan.c:(.text+0x9115): undefined reference to `unpack_ALLOC'
| gdtoa-hexnan.c:(.text+0x9169): undefined reference to
`unpack3_TPM_AUTH_SESSION'
| gdtoa-hexnan.c:(.text+0x91a3): undefined reference to
`unpack3_TPM_AUTH_SESSION'
|
/mnt/3build/review-vtpm/poky/build/tmp/work/core2-64-poky-linux/xen-vtpm/4.9.0-r0/stubdom/mini-os-x86_64-vtpmmgr/mini-os.o:
In function `TPM_LoadKey':
| gdtoa-hexnan.c:(.text+0x9809): undefined reference to
`unpack3_TPM_AUTH_SESSION'
|
/mnt/3build/review-vtpm/poky/build/tmp/work/core2-64-poky-linux/xen-vtpm/4.9.0-r0/stubdom/mini-os-x86_64-vtpmmgr/mini-os.o:
In function `TPM_ReadPubek':
| gdtoa-hexnan.c:(.text+0x9cd3): undefined reference to
`unpack3_TPM_RSA_KEY_PARMS'
| gdtoa-hexnan.c:(.text+0x9cf8): undefined reference to
`unpack3_TPM_SYMMETRIC_KEY_PARMS'
| gdtoa-hexnan.c:(.text+0x9d57): undefined reference to `unpack3_PTR'
|
/mnt/3build/review-vtpm/poky/build/tmp/work/core2-64-poky-linux/xen-vtpm/4.9.0-r0/stubdom/mini-os-x86_64-vtpmmgr/mini-os.o:
In function `TPM_GetCapability':
| gdtoa-hexnan.c:(.text+0xa23d): undefined reference to `unpack_ALLOC'
|
/mnt/3build/review-vtpm/poky/build/tmp/work/core2-64-poky-linux/xen-vtpm/4.9.0-r0/stubdom/mini-os-x86_64-vtpmmgr/mini-os.o:
In function `TPM_CreateEndorsementKeyPair':
| gdtoa-hexnan.c:(.text+0xa55c): undefined reference to
`unpack3_TPM_RSA_KEY_PARMS'
| gdtoa-hexnan.c:(.text+0xa580): undefined reference to
`unpack3_TPM_SYMMETRIC_KEY_PARMS'
| gdtoa-hexnan.c:(.text+0xa5dd): undefined reference to `unpack3_PTR'
|
/mnt/3build/review-vtpm/poky/build/tmp/work/core2-64-poky-linux/xen-vtpm/4.9.0-r0/stubdom/mini-os-x86_64-vtpmmgr/mini-os.o:
In function `TPM_MakeIdentity':
| gdtoa-hexnan.c:(.text+0xad87): undefined reference to `unpack3_TPM_KEY'
| gdtoa-hexnan.c:(.text+0xae09): undefined reference to `unpack_ALLOC'
| gdtoa-hexnan.c:(.text+0xae6c): undefined reference to
`unpack3_TPM_AUTH_SESSION'
| gdtoa-hexnan.c:(.text+0xaea9): undefined reference to
`unpack3_TPM_AUTH_SESSION'
|
/mnt/3build/review-vtpm/poky/build/tmp/work/core2-64-poky-linux/xen-vtpm/4.9.0-r0/stubdom/mini-os-x86_64-vtpmmgr/mini-os.o:
In function `TPM_ActivateIdentity':
| gdtoa-hexnan.c:(.text+0xb30d): undefined reference to
`unpack3_TPM_SYMMETRIC_KEY'
| gdtoa-hexnan.c:(.text+0xb37b): undefined reference to
`unpack3_TPM_AUTH_SESSION'
| gdtoa-hexnan.c:(.text+0xb3b4): undefined reference to
`unpack3_TPM_AUTH_SESSION'
|
/mnt/3build/review-vtpm/poky/build/tmp/work/core2-64-poky-linux/xen-vtpm/4.9.0-r0/stubdom/mini-os-x86_64-vtpmmgr/mini-os.o:
In function `TPM_Quote':
| gdtoa-hexnan.c:(.text+0xb756): undefined reference to
`unpack3_TPM_PCR_COMPOSITE'
| gdtoa-hexnan.c:(.text+0xb7c2): undefined reference to `unpack_ALLOC'
| gdtoa-hexnan.c:(.text+0xb81b): undefined reference to
`unpack3_TPM_AUTH_SESSION'
|
/mnt/3build/review-vtpm/poky/build/tmp/work/core2-64-poky-linux/xen-vtpm/4.9.0-r0/stubdom/mini-os-x86_64-vtpmmgr/mini-os.o:
In function `TPM2_Create':
| gdtoa-hexnan.c:(.text+0xc794): undefined reference to
`unpack_TPMS_ECC_POINT'
|
/mnt/3build/review-vtpm/poky/build/tmp/work/core2-64-poky-linux/xen-vtpm/4.9.0-r0/stubdom/mini-os-x86_64-vtpmmgr/mini-os.o:
In function `TPM2_CreatePrimary':
| gdtoa-hexnan.c:(.text+0xd20d): undefined reference to
`unpack_TPMS_ECC_POINT'
| Makefile:165: recipe for target
'/mnt/3build/review-vtpm/poky/build/tmp/work/core2-64-poky-linux/xen-vtpm/4.9.0-r0/stubdom/mini-os-x86_64-vtpmmgr/mini-os'
failed
| make: ***
[/mnt/3build/review-vtpm/poky/build/tmp/work/core2-64-poky-linux/xen-vtpm/4.9.0-r0/stubdom/mini-os-x86_64-vtpmmgr/mini-os]
Error 1
| make: Leaving directory
'/mnt/3build/review-vtpm/poky/build/tmp/work/core2-64-poky-linux/xen-vtpm/4.9.0-r0/recipe-sysroot/cross-root-x86_64/mini-os'
| WARNING: exit code 2 from a shell command.
| ERROR: Function failed: do_compile (log file is located at
/mnt/3build/review-vtpm/poky/build/tmp/work/core2-64-poky-linux/xen-vtpm/4.9.0-r0/temp/log.do_compile.6524)
ERROR: Task
(/mnt/3build/review-vtpm/poky/meta-virtualization/recipes-extended/xen/xen-vtpm_4.9.0.bb:do_compile)
failed with exit code '1'
NOTE: Tasks Summary: Attempted 859 tasks of which 0 didn't need to be rerun
and 1 failed.
Summary: 1 task failed:
/mnt/3build/review-vtpm/poky/meta-virtualization/recipes-extended/xen/xen-vtpm_4.9.0.bb:
do_compile
Summary: There was 1 ERROR message shown, returning a non-zero exit code.
On Fri, Apr 6, 2018 at 10:06 AM, Kurt Bodiker <
kurt.bodiker at braintrust-us.com> wrote:
> This patchset introduces the basic recipes necessary to build Xen
> stubdomains, in particular the vTPM and vTPM Manager stubdomains. vTPM
> stubdomains provide Xen guest domains access to a virtualized TPM. The
> vTPM Manager stubdomain manages each of the vTPM domains and seals them
> to the physical TPM. The intention of this patchset is to provide the
> ability to build Xen stubdomains separately from the rest of the Xen
> components since the stubdomains have separate dependencies that are
> hard-coded within the Xen build and configuration files. Separating the
> stubdomain recipes and dependencies from the rest of the Xen build gives
> the ability to use newer or different libraries than what is currently
> used.
>
> The stubdom.inc file defines a set of CPPFLAGS, CFLAGS, and LDFLAGS
> common for building all Xen stubdomains. Xen stubdomains are
> cross-compiled with the MiniOS, which creates some issues when trying to
> compile stubdomains in an OpenEmbedded environment. To address these
> issues and to ensure the stubdoms are built as Xen had intended, all of
> the build flags and build tools that are exported into the environment
> by OE have been unset. Each of the new recipes introduced here then
> implements the build flags and the tools as though the build had been
> run in the bare-metal environment.
>
> Recipes to create slightly modified source packages for lwIP amd Mini-OS
> are introduced to standardize the dependency tree among stubdomain
> related recipes and to avoid the hassle of maintaining the same tasks
> within many recipes.
>
> Xen vTPM stubdomains have depencencies on static libraries for newlib,
> polarssl, gmp, and tpm emulator. Xen vTPM Manager stubdomain has
> dependencies on static libraries for newlib and polarssl.
>
> The newlib, polarssl, gmp, and tpm emulator recipes are constructed to
> behave the same as a bare-metal build. These recipes are cross-compiled
> against both the Xen and MiniOS source code.
>
> The xen-vtpm recipe is responsible for building and installing the vTPM
> and vTPM Manager stubdomain images into the Xen boot directory. xen-vtpm
> would need to be added to DISTRO_FEATURES the similar for what is done
> for Xen.
>
> ---
> Changes in v2:
> - Multi-line variables formatted to match OE style guide
> - SRC_URI formatted to use SRCREV rather than git tag
> - patches formatted to striplevel=1
> - introduced Mini-OS recipe
> - Removed Xen dependency since this is handled (mostly) by Mini-OS
> - Changed version number of xen-vtpm recipe to match Xen version
> ---
>
> Kurt Bodiker (8):
> Define standard values needed to build stubdomains
> LWIP source code with patches applied for stubdoms
> Mini-OS source code with make links target applied
> Newlib recipe and patches for Xen stubdoms
> PolarSSL recipe and patches for Xen stubdoms
> GMP recipe for Xen stubdoms
> TPM Emulator for Xen stubdoms
> vTPM and vTPM Manager stubdoms
>
> .../lwip.dhcp_create_request-hwaddr_len.patch | 13 +
> recipes-extended/xen/files/lwip.patch-cvs | 2398
> ++++++++++++++++++++
> recipes-extended/xen/files/newlib-chk.patch | 155 ++
> .../newlib-stdint-size_max-fix-from-1.17.0.patch | 16 +
> recipes-extended/xen/files/newlib.patch | 727 ++++++
> recipes-extended/xen/files/polarssl.patch | 64 +
> recipes-extended/xen/files/tpmemu-0.7.4.patch | 12 +
> recipes-extended/xen/files/vtpm-bufsize.patch | 13 +
> recipes-extended/xen/files/vtpm-cmake-Wextra.patch | 21 +
> .../xen/files/vtpm-deepquote-anyloc.patch | 127 ++
> recipes-extended/xen/files/vtpm-deepquote.patch | 187 ++
> .../xen/files/vtpm-implicit-fallthrough.patch | 10 +
> recipes-extended/xen/files/vtpm-locality.patch | 50 +
> .../xen/files/vtpm-parent-sign-ek.patch | 196 ++
> recipes-extended/xen/lwip.inc | 24 +
> recipes-extended/xen/lwip_1.3.0.bb | 19 +
> recipes-extended/xen/mini-os.inc | 28 +
> recipes-extended/xen/mini-os_4.9.0.bb | 17 +
> recipes-extended/xen/newlib.inc | 64 +
> recipes-extended/xen/newlib_1.16.0.bb | 21 +
> recipes-extended/xen/polarssl.inc | 27 +
> recipes-extended/xen/polarssl_1.1.4.bb | 19 +
> recipes-extended/xen/stubdom-gmp.inc | 42 +
> recipes-extended/xen/stubdom-gmp_4.3.2.bb | 20 +
> recipes-extended/xen/stubdom.inc | 150 ++
> recipes-extended/xen/tpm-emulator.inc | 37 +
> recipes-extended/xen/tpm-emulator_0.7.4.bb | 26 +
> recipes-extended/xen/xen-vtpm.inc | 98 +
> recipes-extended/xen/xen-vtpm_4.9.0.bb | 21 +
> 29 files changed, 4602 insertions(+)
> create mode 100644 recipes-extended/xen/files/lwip.dhcp_create_request-
> hwaddr_len.patch
> create mode 100644 recipes-extended/xen/files/lwip.patch-cvs
> create mode 100644 recipes-extended/xen/files/newlib-chk.patch
> create mode 100644 recipes-extended/xen/files/newlib-stdint-size_max-fix-
> from-1.17.0.patch
> create mode 100644 recipes-extended/xen/files/newlib.patch
> create mode 100644 recipes-extended/xen/files/polarssl.patch
> create mode 100644 recipes-extended/xen/files/tpmemu-0.7.4.patch
> create mode 100644 recipes-extended/xen/files/vtpm-bufsize.patch
> create mode 100644 recipes-extended/xen/files/vtpm-cmake-Wextra.patch
> create mode 100644 recipes-extended/xen/files/vtpm-deepquote-anyloc.patch
> create mode 100644 recipes-extended/xen/files/vtpm-deepquote.patch
> create mode 100644 recipes-extended/xen/files/vtpm-implicit-fallthrough.
> patch
> create mode 100644 recipes-extended/xen/files/vtpm-locality.patch
> create mode 100644 recipes-extended/xen/files/vtpm-parent-sign-ek.patch
> create mode 100644 recipes-extended/xen/lwip.inc
> create mode 100644 recipes-extended/xen/lwip_1.3.0.bb
> create mode 100644 recipes-extended/xen/mini-os.inc
> create mode 100644 recipes-extended/xen/mini-os_4.9.0.bb
> create mode 100644 recipes-extended/xen/newlib.inc
> create mode 100644 recipes-extended/xen/newlib_1.16.0.bb
> create mode 100644 recipes-extended/xen/polarssl.inc
> create mode 100644 recipes-extended/xen/polarssl_1.1.4.bb
> create mode 100644 recipes-extended/xen/stubdom-gmp.inc
> create mode 100644 recipes-extended/xen/stubdom-gmp_4.3.2.bb
> create mode 100644 recipes-extended/xen/stubdom.inc
> create mode 100644 recipes-extended/xen/tpm-emulator.inc
> create mode 100644 recipes-extended/xen/tpm-emulator_0.7.4.bb
> create mode 100644 recipes-extended/xen/xen-vtpm.inc
> create mode 100644 recipes-extended/xen/xen-vtpm_4.9.0.bb
>
> --
> 2.14.2
>
>
> --
>
> *This email and all attachments are considered confidential and the
> proprietary information of BrainTrust Holdings. Unauthorized disclosure is
> prohibited. *
> --
> _______________________________________________
> meta-virtualization mailing list
> meta-virtualization at yoctoproject.org
> https://lists.yoctoproject.org/listinfo/meta-virtualization
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.yoctoproject.org/pipermail/meta-virtualization/attachments/20180409/566bba7e/attachment-0001.html>
More information about the meta-virtualization
mailing list