by

Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Activity
  • Sep 25 20:36
    mpeters assigned #366
  • Sep 25 19:35
    mpeters synchronize #40
  • Sep 25 19:34

    mpeters on master

    Speed up ansible package instal… (compare)

  • Sep 25 19:34
    mpeters closed #41
  • Sep 25 19:29
    mpeters synchronize #41
  • Sep 25 19:27
    mpeters commented #40
  • Sep 25 19:26
    mpeters review_requested #40
  • Sep 25 19:26
    mpeters review_requested #40
  • Sep 25 19:15
    mpeters synchronize #40
  • Sep 25 19:13
    mpeters review_requested #366
  • Sep 25 19:13
    mpeters review_requested #366
  • Sep 25 19:13
    mpeters review_requested #366
  • Sep 25 19:13
    mpeters review_request_removed #366
  • Sep 25 19:13
    mpeters review_requested #366
  • Sep 25 19:13
    mpeters opened #366
  • Sep 25 18:39
    mpeters closed #363
  • Sep 25 18:39
    mpeters commented #363
  • Sep 25 18:39

    mpeters on master

    Fix broken tests (#365) * Fix … (compare)

  • Sep 25 18:39
    mpeters closed #365
  • Sep 25 18:31
    mpeters edited #365
Luke Hinds
@lukehinds
the TPMs are quite slow, this is why we use asyncio - non blocking I/O towards the agent, so we don't back up a load of quote requests
Santiago Torres
@SantiagoTorres
nice, so fully using py3/rust niceties I see :)
Luke Hinds
@lukehinds
@SantiagoTorres hand in there though, once you go through it once is easy to get set up again
@SantiagoTorres yep, although I am yet to look at the tokio stuff in rust, I think I would need a few weeks swearing at the compiler to work with that :P
Santiago Torres
@SantiagoTorres
lukehinds: so these are the tpm blues I'm having https://paste.xinu.at/TdmQar/
think the sw tpm is not started. Is it living in there as a systemd service or so?
Luke Hinds
@lukehinds
try this @SantiagoTorres
pkill tpm_server
systemctl stop tpm2-abrmd
export TPM2TOOLS_TCTI="tabrmd:bus_name=com.intel.tss2.Tabrmd"
tpm_serverd
systemctl start tpm2-abrmd
tpm2_pcrread
sorry about all this by the way, happy to fix anything that has been causing greif
actually looking at the log, I think I see the problem
Failed to open device file /dev/tpm0: No such file or directory
Its trying to find the hardware TPM still
Luke Hinds
@lukehinds
can you check /usr/lib/systemd/system/tpm2-abrmd.service
Make sure this line is commented out
ConditionPathExistsGlob=/dev/tpm*
if you do make a change to the systemd file above, you will need to reload it:
systemctl daemon-reload
and then restart the service systemctl restart tpm2-abrmd
hopefully then, bobs your uncle.
btw tpm_serverd is a wrapper script around tpm_server which is the executable to start the emulator. Its a script we drop into /usr/local/bin
Santiago Torres
@SantiagoTorres
let me give this a try right now. I wa sin a meeting soz
Santiago Torres
@SantiagoTorres
yeah I think it's trying to use the device node on /dev/tpm*, I didn't get a chance to make it work unfortunately (after changing the unit, reloading and re-starting)
this is the effective unit https://paste.xinu.at/3rZXY/ and this is the journalctl logs https://paste.xinu.at/Ig4eOq/
Luke Hinds
@lukehinds
did you manage to run tpm_serverd?
Santiago Torres
@SantiagoTorres
oh, that precludes the unit? my bad
oh, things seem to be working
Luke Hinds
@lukehinds
awesome!
Santiago Torres
@SantiagoTorres
great! let me re-provision from 0 and see if I can set things up and send a PR to the repo? :)
Luke Hinds
@lukehinds
sounds great , appreciate that.. !
Santiago Torres
@SantiagoTorres
np! My pleasure to play around with it :)
Luke Hinds
@lukehinds
its a good fun when you get to mess with the revocation events and payloads. We can get you running with those next.
Santiago Torres
@SantiagoTorres
woop, seems to work, and i think now in master the disable line is also being commented out. I was about to send a pr :)
I also noticed there's a typo in the PR I sent yesterday. Idk when I added an s to present, and it seems the ansible provisioner caches the playbooks so it was still working on my side...
should I send a PR or will you guys fix it on your side?
Luke Hinds
@lukehinds
I got the typo from yesterday "defaults", that;s fixed up now , did you spot something else? You can go ahead and make a PR if you like.
Santiago Torres
@SantiagoTorres
nope, it at looks good now that I'm looking at master
Luke Hinds
@lukehinds
good to know! I have been caught out with that caching thing before, I think if you run vagrant up again it does not refresh the files up to the host again
you have to do a destroy first, it could do with a --reprovision or similar
Santiago Torres
@SantiagoTorres
aha, yeah the ansible provisioner is the best thing i've found but I wouldn't call it perfect at all :/
Luke Hinds
@lukehinds
ping @jetwhiz when you're online
bu3alwa
@bu3alwa
@lukehinds can you check #268 when you have the chance
Luke Hinds
@lukehinds
sure @bu3alwa , sorry about the delay..will really try and look this week and thanks for the work you have done so far!
Santiago Torres
@SantiagoTorres
just got myself a TPM so I could test things locally a little better. Is there any info on how to passthrough the TPM to a libvirt/virtualbox/whatever really so I can continue tinkering with keylime? would mounting the device node suffice?
Ken Goldman
@kgold2
Santiago: We did a weird hack years ago with VMWare, because we could not patch VMWare. We used a VMWare's serial port pass through, then soft linked the serial port to /dev/tpm0.
However, if it's just tinkering, I do all my attestation development with a SW TPM. It runs faster, I can debug inside it, and if I really mess up, I can simply delete the TPM state and start over.
Jorge Luis Tudela Gonzalez de Riancho
@jtudelag_gitlab
Morning ;)