Compile TPM2-abrmd get message as "No package sapi found".
by Kevin Kung
大家好,
我是來自台灣的凱文。
在配置tpm2-Abrams 1.3.2之後,它會顯示找不到某些包作為sapi。你能幫忙檢查一下我錯過了哪些步驟或包裹嗎?
我剛剛通過照片在/ usr / local / lib / pkgconfig中找到了sap,如下所示。當PKG_CONFIG_PATH設置為/
usr / local / lib / pkgconfig時,我仍遇到同樣的問題。
[image: 2018-12-28_173256.jpg]
在我將tpm2-Abrams 2.0.3配置為照片之後,它會顯示找不到某些包作為tss2-sys ,但我找不到我的系統中的包,只能在源代碼文件夾中找到。
[image: 2018-12-28_173418.jpg]
Configureation:
操作系統:CentOS7.6
TPM2-tss:1.4.0
3 years
tpm2-tcti-uefi status and future direction
by Tricca, Philip B
Hello,
I've been working to clean up the tpm2-tcti-uefi build / repo (https://github.com/flihp/tpm2-tcti-uefi) now that we have better control over the compilation flags in the tpm2-tss build. The tpm2-tss submodule and all of the custom build logic has now been removed and I've got travis-ci building the example UEFI executables using libtss2-mu and libtss2-sys built using the appropriate autotools mechanisms (config.site: https://github.com/flihp/tpm2-tcti-uefi/blob/master/.travis.yml#L33). Currently I'm adding some details to the documentation and working on a set of instructions for testing the example UEFI application under qemu using the OVMF firmware.
While I'm finishing up the docs I wanted to get a message out to the list to solicit input from anyone interested in this work. If you have a few spare cycles I'd appreciate input on the repo as it stands now as well as any opinions on including this repo in the tpm2-software github org since this is my goal once the docs are done.
Thanks,
Philip
3 years, 1 month
tpm2-totp
by Fuchs, Andreas
Hi all,
as a little pre-christmas thing I've done a reimplementation of mjg's tpm-totp but for TPM2.0
Also I've split up the project into a library and a wrapping executable to make GUIs easier to implement.
Please consider to test it and give any feedback (especially also positive feedback) so we can move this from
my personal namespace over into the github.com/tpm2-software namespace and make it an "official" project.
https://github.com/AndreasFuchsSIT/tpm2-totp
P.S. There are still 4 TODOs inside the code, but those are basically "future features".
Thanks a lot,
Andreas
3 years, 1 month
how can i use abrmd/tpmrm0 with tpm2-tools
by Petko Manolov
Hey guys,
I'm on Debian testing (tpm2-abrmd version 2.0.3, tpm2-tools 3.1.3, kernel
v4.19.8) and no matter how i play with environment variables i can't get the
tpm2_xxx to talk to the abrm daemon. Since this kernel has builtin RM i assume
there might be a collision between the userspace and kernel implementations.
I ran into this issue as my script's 'tpm2_load' runs out of memory (error
0x902). Running "tpm2-abrmd -f --allow-root" doesn't complain but:
# tpm2_takeownership -c
ERROR:tcti:src/tss2-tcti/tcti-device.c:319:Tss2_Tcti_Device_Init() Failed to open device file /dev/tpm0: Device or resource busy
ERROR: tcti init allocation routine failed for library: "device" options: "(null)"
ERROR: Could not load tcti, got: "device"
How do i tell tpm2_xxx to use the userspace daemon instead of /dev/tpm0?
I'd like to apologize if this has been answered before. If that's the case
please point me to the corresponding thread.
Petko
3 years, 1 month
Problem with tpm2_unseal after reboot
by Oliver, Dario N
Hello!
I am currently having problems to unseal a secret from the tpm.
I hope that you can detect the issue in my instructions below :)
The versions that I am using are the following:
1. Tpm2-tss 2.0.0
2. Tpm2-abrmd 2.0.0
3. Tpm2-tools 3.1.0
The platform I am using is a Compulab Fitlet2 device (Intel Atom x5-E3950 Apollo Lake), with Fedora 28 and Linux kernel 4.19.x.
In this case, the device support firmware tpm, and it is enabled in the BIOS (fTPM)
So, after installing the tpm2 stack from github releases, I am sealing a secret with the following commands:
# Create a random secret to be saved in the TPM
tpm2_getrandom 32 --output key.bin
# I use a pcr policy on sha1 banks 0 and 1, this gets the pcr state
tpm2_pcrlist --sel-list sha1:0,1 --output pcr_state.bin
# Create a policy with those PCR
tpm2_createpolicy --policy-pcr --set-list sha1:0,1 \
--pcr-input-file pcr_state.bin
--policy-file policy.bin
# Create a primary object with endorsement hierarchy
tpm2_createprimary --hierarchy e --halg sha1 --kalg rsa --context primary.context
# Create an object to be loaded in the TPM
tpm2_create --halg sha256 --kalg keyedhash --pubfile key.pub --privfile key.priv \
--context-parent primary.context --policy-file policy.bin \
--object-attributes "fixedtpm|fixedparent|noda|adminwithpolicy" --in-file key.bin
# Load the object in the TPM
tpm2_load --context-parent primary.context --pubfile key.pub --privfile key.priv \
--context load.context
# Persist the object in the TPM
tpm2_evictcontrol --auth o --context load.context --persistent 0x81010002
# Check if the object is persisted, looks good
tpm2_listpersistent
persistent-handle[0]:0x81010002 key-alg:keyedhash hash-alg:sha256 object-attr:fixedtpm|fixedparent|noda|adminwithpolicy
# Unseal the object, works!
tpm2_unseal --item 0x81010002 --set-list sha1:0,1 > compare_key.bin
# Compare original and unsealed objects, the match :)
diff compare_key.bin key.bin
##############
# After this initial setup, I reboot the device, and try to unseal the secret again
##############
# After reboot, open a terminal an do
tpm2_unseal --item 0x81010002 --set-list sha1:0,1 > compare_disk_key.bin
ERROR: Sys_Unseal failed. Error Code: 0x99d
ERROR: Unseal failed!
ERROR: Unable to run tpm2_unseal
# Use tpm2_rc_decode to decode the error message 0x99d, it is a policy check error!
tpm2_rc_decode 0x99d
error layer
hex: 0x0
identifier: TSS2_TPM_RC_LAYER
description: Error produced by the TPM
format 1 error code
hex: 0x1d
identifier: TPM2_RC_POLICY_FAIL
description: a policy check failed
session
hex: 0x100
identifier: TPM2_RC_1
description: (null)
###############
# I checked the PCR 0,1, and they have the same values as at the moment to seal the object.
# So I don't understand why I am having a "TPM2_RC_POLICY_FAIL" error.
# I tried the same process several times, and each time I end up in the same error state.
###############
Is there something I am missing here?
Is something additional I need to do to satisfy the policy to unseal the data?
Any help is appreciated!
Thank you in advance.
3 years, 1 month
Esys_CreatePrimary works with Simulator but failing with /dev/tpm0
by Sourajit Mukhopadhyay
Dear team,
I am trying to create a primary key using Esys_CreatePrimary. The code
works without any issues when trying on the simulator, but fails when
trying on a hardware TPM using /dev/tpm0
The error I am getting is:
WARNING:esys:src/tss2-esys/api/Esys_CreatePrimary.c:423:Esys_CreatePrimary_Finish()
Received TPM Error
ERROR:esys:src/tss2-esys/api/Esys_CreatePrimary.c:164:Esys_CreatePrimary()
Esys Finish ErrorCode (0x000001c2)
Esys_CreatePrimary fail
Can someone point out why I am getting this error? So far I am unable to
pinpoint the problem.
Best regards,
Sourajit Mukhopadhyay
3 years, 1 month
