def add_vtpm(inputfile):
# read in the file
with open(inputfile, 'r') as f:
group = json.load(f)
# fetch configuration parameters
provider_reg_port = config.get('general', 'provider_registrar_port')
provider_reg_ip = config.get('general', 'provider_registrar_ip')
# request a vtpm uuid from the manager
vtpm_uuid = vtpm_manager.add_vtpm_to_group(group['uuid'])
# registrar it and get back a blob
keyblob = registrar_client.doRegisterNode(provider_reg_ip,
provider_reg_port, vtpm_uuid,
group['pubekpem'],
group['ekcert'], group['aikpem'])
# get the ephemeral registrar key by activating in the hardware tpm
key = base64.b64encode(vtpm_manager.activate_group(group['uuid'], keyblob))
# tell the registrar server we know the key
registrar_client.doActivateNode(provider_reg_ip, provider_reg_port,
vtpm_uuid, key)
logger.info("Registered new vTPM with UUID: %s" % (vtpm_uuid))
return vtpm_uuid
def add_vtpm(inputfile):
if common.STUB_TPM:
group = {
'uuid': common.TEST_GROUP_UUID,
'aikpem': common.TEST_HAIK,
'pubekpem': common.TEST_PUB_EK,
'ekcert': common.TEST_EK_CERT,
}
else:
# read in the file
with open(inputfile,'r') as f:
group = json.load(f)
# fetch configuration parameters
provider_reg_port = config.get('general', 'provider_registrar_port')
provider_reg_ip = config.get('general', 'provider_registrar_ip')
# request a vtpm uuid from the manager
vtpm_uuid = vtpm_manager.add_vtpm_to_group(group['uuid'])
# use an TLS context with no certificate checking
registrar_client.noAuthTLSContext(config)
# registrar it and get back a blob
keyblob = registrar_client.doRegisterNode(provider_reg_ip,provider_reg_port,vtpm_uuid,group['pubekpem'],group['ekcert'],group['aikpem'])
# get the ephemeral registrar key by activating in the hardware tpm
key = base64.b64encode(vtpm_manager.activate_group(group['uuid'], keyblob))
# tell the registrar server we know the key
registrar_client.doActivateNode(provider_reg_ip,provider_reg_port,vtpm_uuid,key)
logger.info("Registered new vTPM with UUID: %s"%(vtpm_uuid))
return vtpm_uuid
def main(argv=sys.argv):
if common.DEVELOP_IN_ECLIPSE:
argv = ['provider_platform_init.py','1','2']
if len(argv)<3:
print "usage: provider_platform_init.py pubek.pem tpm_ekcert.der"
print "\tassociates a hypervisor host to its TPM and registers it"
print
print "\tYou must obtain the public EK and the EK certificate from outside of Xen"
print "\ttake ownership first, then obtain pubek, and ekcert as follows"
print "\t takeown -pwdo <owner_password>"
print "\t getpubek -pwdo <owner-password>"
print "\t nv_readvalue -pwdo <owner-password> -in 1000f000 -cert -of tpm_ekcert.der"
sys.exit(-1)
if common.DEVELOP_IN_ECLIPSE and not common.STUB_TPM:
raise Exception("Can't use Xen features in Eclipse without STUB_TPM")
# read in the pubek
if common.DEVELOP_IN_ECLIPSE:
ek = common.TEST_PUB_EK
ekcert = common.TEST_EK_CERT
else:
f = open(argv[1],'r')
ek = f.read()
f.close()
f = open(argv[2],'r')
ekcert = base64.b64encode(f.read())
f.close()
# fetch configuration parameters
provider_reg_port = config.get('general', 'provider_registrar_port')
provider_reg_ip = config.get('general', 'provider_registrar_ip')
# create a new group
(group_uuid,group_aik,group_num,_) = vtpm_manager.add_vtpm_group()
# registrar it and get back a blob
keyblob = registrar_client.doRegisterAgent(provider_reg_ip,provider_reg_port,group_uuid,ek,ekcert,group_aik)
# get the ephemeral registrar key by activating in the hardware tpm
key = base64.b64encode(vtpm_manager.activate_group(group_uuid, keyblob))
# tell the registrar server we know the key
registrar_client.doActivateAgent(provider_reg_ip,provider_reg_port,group_uuid,key)
output= {
'uuid': group_uuid,
'aikpem': group_aik,
'pubekpem': ek,
'ekcert': ekcert,
}
# store the key and the group UUID in a file to add to vtpms later
with open("group-%d-%s.tpm"%(group_num,group_uuid),'w') as f:
json.dump(output,f)
logger.info("Activated VTPM group %d, UUID %s"%(group_num,group_uuid))
if group_num==0:
logger.info("WARNING: Group 0 created, repeating activation again to create Group 1")
main(argv)
else:
# create a symlink to the most recently create group
symlink_force("group-%d-%s.tpm"%(group_num,group_uuid),"current_group.tpm")