March 2018 - tpm2 - Ml01.01.Org

tpm2-abrmd can't connect to IBM's tpm_server

by Scheie, Peter M

I'm trying to get tpm2-abrmd to connect to the IBM tpm_server simulator, as described in https://github.com/tpm2-software/tpm2-tools/wiki/Getting-Started, but it fails saying Failed to initialize device TCTI context: 0xa000a I've tried versions 1119 and 974 of tpm_server, but got the same result. For tpm2-abrmd, I'm using version 1.2.0 from the tarball under 'Releases'. Netstat shows tpm_server is listening on ports 2322 and 2321, so I suspect something is wrong on the tpm2-abrmd end. Suggestions? Peter

4 years, 5 months

2
3
0 / 0

[tpm2-software/tpm2-tools] 5baac1: .ci/docker.env: fix coveralls

by GitHub

Branch: refs/heads/master-fix-coveralls Home: https://github.com/tpm2-software/tpm2-tools Commit: 5baac10e752e11d20b91cc0ef9d3a66cf0816c00 https://github.com/tpm2-software/tpm2-tools/commit/5baac10e752e11d20b91cc... Author: William Roberts <william.c.roberts(a)intel.com> Date: 2018-03-01 (Thu, 01 Mar 2018) Changed paths: M .ci/docker.env M .ci/docker.run Log Message: ----------- .ci/docker.env: fix coveralls Add COVERALLS_REPO_TOKEN so it's passed through to docker and the coverage data can be uploaded. Add the location of where coveralls binary is installed to PATH so it can be found. Signed-off-by: William Roberts <william.c.roberts(a)intel.com>

4 years, 5 months

1
0
0 / 0

[tpm2-software/tpm2-tools] 68f740: Fix build status link

by GitHub

Branch: refs/heads/master Home: https://github.com/tpm2-software/tpm2-tools Commit: 68f74069510514d87929b7cc224fe86998b807cc https://github.com/tpm2-software/tpm2-tools/commit/68f74069510514d87929b7... Author: William Roberts <william.c.roberts(a)intel.com> Date: 2018-03-01 (Thu, 01 Mar 2018) Changed paths: M README.md Log Message: ----------- Fix build status link The link was still heading to intel and not tpm2-software, fix this.

4 years, 5 months

1
0
0 / 0

[tpm2-software/tpm2-tools] f72592: .ci/docker.env: add COVERALLS_REPO_TOKEN

by GitHub

Branch: refs/heads/master-fix-coveralls Home: https://github.com/tpm2-software/tpm2-tools Commit: f725924c980df164dfc17489d0a49fbd40fcd98d https://github.com/tpm2-software/tpm2-tools/commit/f725924c980df164dfc174... Author: William Roberts <william.c.roberts(a)intel.com> Date: 2018-03-01 (Thu, 01 Mar 2018) Changed paths: M .ci/docker.env Log Message: ----------- .ci/docker.env: add COVERALLS_REPO_TOKEN Add COVERALLS_REPO_TOKEN so it's passed through to docker and the coverage data can be uploaded. Signed-off-by: William Roberts <william.c.roberts(a)intel.com>

4 years, 5 months

1
0
0 / 0

[tpm2-software/tpm2-tools] 62d2ce: tests/encryptdecrypt: fix errors that cause passin...

by GitHub

Branch: refs/heads/master Home: https://github.com/tpm2-software/tpm2-tools Commit: 62d2ce72f0e84bb47e58ee5a40217453ac415e4e https://github.com/tpm2-software/tpm2-tools/commit/62d2ce72f0e84bb47e58ee... Author: William Roberts <william.c.roberts(a)intel.com> Date: 2018-03-01 (Thu, 01 Mar 2018) Changed paths: M test/system/tests/encryptdecrypt.sh Log Message: ----------- tests/encryptdecrypt: fix errors that cause passing The error trap was cleared when using tpm2_getcap to verify if command encryptdecrypt was supported. If it wasn't supported, by checking the grep return code via $?, then a warning is printed and the test is skipped. When tpm2_getcap fails, $? is 1 and the test is reported as passing, which is incorrect. Signed-off-by: William Roberts <william.c.roberts(a)intel.com>

4 years, 5 months

1
0
0 / 0

[tpm2-software/tpm2-tools] 7a9aee: tpm2_createprimary: add missing newline

by GitHub

Branch: refs/heads/master Home: https://github.com/tpm2-software/tpm2-tools Commit: 7a9aee07c453a1db822726e1d26ab30002facf3e https://github.com/tpm2-software/tpm2-tools/commit/7a9aee07c453a1db822726... Author: William Roberts <william.c.roberts(a)intel.com> Date: 2018-03-01 (Thu, 01 Mar 2018) Changed paths: M tools/tpm2_createprimary.c Log Message: ----------- tpm2_createprimary: add missing newline The handle output was missing a newline, which makes command line output a bit of a struggle as the shell cursor is on the same line as the output. Fix this by adding a newline. Fixes: #914 Signed-off-by: William Roberts <william.c.roberts(a)intel.com>

4 years, 5 months

1
0
0 / 0

[tpm2-software/tpm2-tools] 5de7fd: tpm2_createak: fix manpage double -g options

by GitHub

Branch: refs/heads/master Home: https://github.com/tpm2-software/tpm2-tools Commit: 5de7fd4b655dc019d56f534ce5be6f8437afb990 https://github.com/tpm2-software/tpm2-tools/commit/5de7fd4b655dc019d56f53... Author: William Roberts <william.c.roberts(a)intel.com> Date: 2018-03-01 (Thu, 01 Mar 2018) Changed paths: M man/tpm2_createak.1.md Log Message: ----------- tpm2_createak: fix manpage double -g options There was a double -g option, and one of them should have been -D. Fix this, by correcting the tpm options. Fixes: #916 Signed-off-by: William Roberts <william.c.roberts(a)intel.com>

4 years, 5 months

1
0
0 / 0

[tpm2-software/tpm2-tools] 0d0d65: tpm2_getpubek: drop unused options

by GitHub

Branch: refs/heads/master Home: https://github.com/tpm2-software/tpm2-tools Commit: 0d0d6564d79811252954549ca6818948ed8c1518 https://github.com/tpm2-software/tpm2-tools/commit/0d0d6564d7981125295454... Author: William Roberts <william.c.roberts(a)intel.com> Date: 2018-03-01 (Thu, 01 Mar 2018) Changed paths: M tools/tpm2_getpubek.c Log Message: ----------- tpm2_getpubek: drop unused options Options v and h are not used in the tool specific code, and are handled by tpm2_tool.c framework. Drop them. Signed-off-by: William Roberts <william.c.roberts(a)intel.com> Commit: 2e309d19e4f8ad1bf96101da369c2bca94d94449 https://github.com/tpm2-software/tpm2-tools/commit/2e309d19e4f8ad1bf96101... Author: William Roberts <william.c.roberts(a)intel.com> Date: 2018-03-01 (Thu, 01 Mar 2018) Changed paths: M CHANGELOG.md M Makefile.am A man/tpm2_createek.1.md R man/tpm2_getpubek.1.md M test/system/tests/activecredential.sh A test/system/tests/createek.sh M test/system/tests/getpubak.sh R test/system/tests/getpubek.sh M test/system/tests/makecredential.sh M test/system/tests/output_formats.sh M test/system/tests/quote.sh A tools/tpm2_createek.c R tools/tpm2_getpubek.c Log Message: ----------- tpm2_getpubek: rename to tpm2_createek Add the --format option for outputing the EK in a different format. Signed-off-by: William Roberts <william.c.roberts(a)intel.com> Commit: ccf70d0fb08a3f7639cad456f0dbb2855a301d99 https://github.com/tpm2-software/tpm2-tools/commit/ccf70d0fb08a3f7639cad4... Author: William Roberts <william.c.roberts(a)intel.com> Date: 2018-03-01 (Thu, 01 Mar 2018) Changed paths: M CHANGELOG.md M Makefile.am A man/tpm2_createak.1.md R man/tpm2_getpubak.1.md M test/system/tests/activecredential.sh A test/system/tests/createak.sh R test/system/tests/getpubak.sh M test/system/tests/makecredential.sh M test/system/tests/output_formats.sh M test/system/tests/quote.sh A tools/tpm2_createak.c R tools/tpm2_getpubak.c Log Message: ----------- tpm2_getpubak: rename to tpm2_creataek Add the --format option for outputing the AK in a different format. Signed-off-by: William Roberts <william.c.roberts(a)intel.com> Commit: 3c45f206e9ac9ba8cfa05005d725373524cc4694 https://github.com/tpm2-software/tpm2-tools/commit/3c45f206e9ac9ba8cfa050... Author: William Roberts <william.c.roberts(a)intel.com> Date: 2018-03-01 (Thu, 01 Mar 2018) Changed paths: M tools/tpm2_createek.c Log Message: ----------- tpm2_createek: cleanups Cleanup the session data code and remove superfolous memcpy. Signed-off-by: William Roberts <william.c.roberts(a)intel.com> Commit: 69ec583b2ff58082cbe4e8e99b8b77c9447492ae https://github.com/tpm2-software/tpm2-tools/commit/69ec583b2ff58082cbe4e8... Author: William Roberts <william.c.roberts(a)intel.com> Date: 2018-03-01 (Thu, 01 Mar 2018) Changed paths: M CHANGELOG.md M man/tpm2_createek.1.md M tools/tpm2_createek.c Log Message: ----------- tpm2_createek: support non-persistent EK creation Support non-persistent (ie no evictcontrol) on the created EK handle. This does not work with RMs as they will call flushcontext on tool disconnect, and thus the handle will be gone. Since our tests are all written against having an RM presnet (abrmd), we cannot add a test at this time. However, with the simulator running, one can do: $ export TPM2TOOLS_TCTI_NAME="socket" $ tpm2_createek -g rsa -p ek.pub -f tss -c out.ctx $ tpm2_getcap -c handles-transient 0x80000000 $ tpm2_flushcontext -H 0x80000000 $ tpm2_getcap -c handles-transient <empty output> $ tpm2_loadexternal -H o -u ek.pub -C out.ctx $ tpm2_getcap -c handles-transient - 0x80000000 Signed-off-by: William Roberts <william.c.roberts(a)intel.com> Commit: 6d3a71238462cb07db276386b17970b9c2d51145 https://github.com/tpm2-software/tpm2-tools/commit/6d3a71238462cb07db2763... Author: William Roberts <william.c.roberts(a)intel.com> Date: 2018-03-01 (Thu, 01 Mar 2018) Changed paths: M Makefile.am A lib/tpm2_ctx_mgmt.c A lib/tpm2_ctx_mgmt.h M lib/tpm2_hierarchy.c M lib/tpm2_hierarchy.h M tools/tpm2_createprimary.c Log Message: ----------- tpm2_createprimary: refactor out create_primary Refactor out the routines needed for creating a primary object. Signed-off-by: William Roberts <william.c.roberts(a)intel.com> Commit: 89a6e69963d81d0957336402474fb783e1789149 https://github.com/tpm2-software/tpm2-tools/commit/89a6e69963d81d09573364... Author: William Roberts <william.c.roberts(a)intel.com> Date: 2018-03-01 (Thu, 01 Mar 2018) Changed paths: M CHANGELOG.md M tools/tpm2_createek.c Log Message: ----------- tpm2_createek: update to use create_primary func Now that tpm2_hierarchy has a routine for creating a primary key, use this when creating an ek. Signed-off-by: William Roberts <william.c.roberts(a)intel.com> Commit: cfdd8f0e5fed9a62752e0f86237fc58f63955cde https://github.com/tpm2-software/tpm2-tools/commit/cfdd8f0e5fed9a62752e0f... Author: William Roberts <william.c.roberts(a)intel.com> Date: 2018-03-01 (Thu, 01 Mar 2018) Changed paths: M tools/tpm2_evictcontrol.c Log Message: ----------- tpm2_evictcontrol: update to use ctx mgmt routine Use the context managment routine evictcontrol rather than the raw sysapi call. Signed-off-by: William Roberts <william.c.roberts(a)intel.com> Commit: dff1ac7fb4f7083eb4d59007334919aab2010355 https://github.com/tpm2-software/tpm2-tools/commit/dff1ac7fb4f7083eb4d590... Author: William Roberts <william.c.roberts(a)intel.com> Date: 2018-03-01 (Thu, 01 Mar 2018) Changed paths: M tools/tpm2_createek.c Log Message: ----------- tpm2_createek: remove unused -d option Signed-off-by: William Roberts <william.c.roberts(a)intel.com> Commit: 08e2dafacf61270340b509ee42d884fb81a9aded https://github.com/tpm2-software/tpm2-tools/commit/08e2dafacf61270340b509... Author: William Roberts <william.c.roberts(a)intel.com> Date: 2018-03-01 (Thu, 01 Mar 2018) Changed paths: M man/tpm2_evictcontrol.1.md Log Message: ----------- tpm2_evictcontrol: update to use lib Update to use the internal lib routines. Update it to have a default hierarchy when not specified. Signed-off-by: William Roberts <william.c.roberts(a)intel.com> Commit: 3cbc46d53ff64758184b41282fb6ff5e18db81b6 https://github.com/tpm2-software/tpm2-tools/commit/3cbc46d53ff64758184b41... Author: William Roberts <william.c.roberts(a)intel.com> Date: 2018-03-01 (Thu, 01 Mar 2018) Changed paths: M man/tpm2_createak.1.md M tools/tpm2_createak.c Log Message: ----------- tpm2_createak: support non-persistent AK creation Support non-persistent (ie no evictcontrol) on the created AK handle. This does not work with RMs as they will call flushcontext on tool disconnect, and thus the handle will be gone. Since our tests are all written against having an RM presnet (abrmd), we cannot add a test at this time. However, with the simulator running, one can do: $ export TPM2TOOLS_TCTI_NAME="socket" $ tpm2_createek -H 0x81010000 -p ek.pub $ tpm2_createak -E 0x81010000 -c ak.ctx -p ak.pub -n ak.name loaded-key: handle: 80000001 name: 000bdcdad5d1010328954925740c602c2791bcd10115a87a4954ff25932bc09540b1 $ tpm2_getcap -c handles-transient - 0x80000001 $ tpm2_flushcontext -H 0x80000001 $ tpm2_getcap -c handles-transient <empty output> $ tpm2_loadexternal -H o -u ak.pub -C ak.ctx $ tpm2_getcap -c handles-transient - 0x80000000 Signed-off-by: William Roberts <william.c.roberts(a)intel.com> Commit: d5bfd4ec3946fb932cd319b7e6caed89d45871f4 https://github.com/tpm2-software/tpm2-tools/commit/d5bfd4ec3946fb932cd319... Author: William Roberts <william.c.roberts(a)intel.com> Date: 2018-03-01 (Thu, 01 Mar 2018) Changed paths: M tools/tpm2_createek.c Log Message: ----------- tpm2_createek: add handle output When a transient handle is generated, output this handle as a YAML scalar. Signed-off-by: William Roberts <william.c.roberts(a)intel.com> Commit: fc3618aa53147c7dcdd327bbc5a1e3240e8e4a7d https://github.com/tpm2-software/tpm2-tools/commit/fc3618aa53147c7dcdd327... Author: William Roberts <william.c.roberts(a)intel.com> Date: 2018-03-01 (Thu, 01 Mar 2018) Changed paths: M tools/tpm2_createek.c Log Message: ----------- tpm2_createek: allow no options Allow defaults to be used and thus no options required. Signed-off-by: William Roberts <william.c.roberts(a)intel.com> Commit: 76e455b3fbd9da0f7ebb8e3610d852b7e40d35f9 https://github.com/tpm2-software/tpm2-tools/commit/76e455b3fbd9da0f7ebb8e... Author: William Roberts <william.c.roberts(a)intel.com> Date: 2018-03-01 (Thu, 01 Mar 2018) Changed paths: M man/tpm2_loadexternal.1.md M tools/tpm2_loadexternal.c Log Message: ----------- tpm2_loadexternal: output loaded handle Rather then needing to use tpm2_getcap for the loaded handle, which can be confusing when multiple handles are loaded, augment the tpm2_loadexternal to output it. Signed-off-by: William Roberts <william.c.roberts(a)intel.com> Commit: 5b5a44a42c332bb7a02456130097703c2afbce3d https://github.com/tpm2-software/tpm2-tools/commit/5b5a44a42c332bb7a02456... Author: William Roberts <william.c.roberts(a)intel.com> Date: 2018-03-01 (Thu, 01 Mar 2018) Changed paths: M lib/files.h Log Message: ----------- lib/files: add missing prototype The prototype for serializing a TPM2B_SENSITIVE to disk was missing. Add it. Signed-off-by: William Roberts <william.c.roberts(a)intel.com> Commit: b968df8ec4a1bb8d770257ce005be4c53c04950c https://github.com/tpm2-software/tpm2-tools/commit/b968df8ec4a1bb8d770257... Author: William Roberts <william.c.roberts(a)intel.com> Date: 2018-03-01 (Thu, 01 Mar 2018) Changed paths: M lib/files.c M lib/files.h M man/tpm2_createak.1.md M tools/tpm2_create.c M tools/tpm2_createak.c M tools/tpm2_import.c M tools/tpm2_load.c Log Message: ----------- tpm2_createak: support private key output Support output of the private key via -r option. Some of the tools were still improperly serializing data to disk, fix this here to keep "git bisectability" Signed-off-by: William Roberts <william.c.roberts(a)intel.com> Commit: 40b70a694a93bf3c1da051c7440a9daa996d1f9d https://github.com/tpm2-software/tpm2-tools/commit/40b70a694a93bf3c1da051... Author: William Roberts <william.c.roberts(a)intel.com> Date: 2018-03-01 (Thu, 01 Mar 2018) Changed paths: M tools/tpm2_load.c Log Message: ----------- tpm2_load: output error on invalid handle Output an error when the parent key handle is invalid. Signed-off-by: William Roberts <william.c.roberts(a)intel.com> Commit: 24a7caf5c261222efda5f4d9a22f269cca6401e8 https://github.com/tpm2-software/tpm2-tools/commit/24a7caf5c261222efda5f4... Author: William Roberts <william.c.roberts(a)intel.com> Date: 2018-03-01 (Thu, 01 Mar 2018) Changed paths: M tools/tpm2_createak.c Log Message: ----------- tpm2_createak: refactor Move the structures around to make it clear what values are being used where. Signed-off-by: William Roberts <william.c.roberts(a)intel.com> Compare: https://github.com/tpm2-software/tpm2-tools/compare/9725b2b5f624...24a7ca...

4 years, 5 months

1
0
0 / 0

[tpm2-software/tpm2-tools] 0f7b2f: update to YES/NO removal

by GitHub

Branch: refs/heads/master Home: https://github.com/tpm2-software/tpm2-tools Commit: 0f7b2f68afb4dfdf2d31a6eb2de7b45e5eadfaf9 https://github.com/tpm2-software/tpm2-tools/commit/0f7b2f68afb4dfdf2d31a6... Author: William Roberts <william.c.roberts(a)intel.com> Date: 2018-03-01 (Thu, 01 Mar 2018) Changed paths: M tools/tpm2_clearlock.c M tools/tpm2_encryptdecrypt.c M tools/tpm2_flushcontext.c M tools/tpm2_getcap.c Log Message: ----------- update to YES/NO removal Signed-off-by: William Roberts <william.c.roberts(a)intel.com> Commit: 9725b2b5f62495cf1fee8a2adcd8d74a0b87e2bb https://github.com/tpm2-software/tpm2-tools/commit/9725b2b5f62495cf1fee8a... Author: William Roberts <william.c.roberts(a)intel.com> Date: 2018-03-01 (Thu, 01 Mar 2018) Changed paths: A .ci/docker.env A .ci/docker.run A .ci/download-deps.sh R .ci/travis-build-and-run-tests.sh R .ci/travis-tss-install.sh M .travis.yml Log Message: ----------- travis: use a custom docker container Travis uses ancient docker and VM images. Switch to a custom docker image that has all dependencies for the TSS stack pre-installed. This has a few benefits: 1. Local testing by just running the docker command in the travis.yml file 2. Less dependency setup code in the travis.yml 3. ESAPI builds work on Travis now (the tools can start switching over) This has a major draw backs: 1. Back on travis VM based builds, which can have long wait queues. A. A workaround to this, is you can run your full CI buildup locally so you can just merge outside of travis if need-be. Signed-off-by: William Roberts <william.c.roberts(a)intel.com> Compare: https://github.com/tpm2-software/tpm2-tools/compare/7a09eaf32c13...9725b2...

4 years, 5 months

1
0
0 / 0

Re: [tpm2] tpm2-abrmd can't connect to IBM's tpm_server

by Anderson, Daniel

For me at, I found this did not work when connecting to tpm2-abrmd: $ sudo -u tss /usr/local/sbin/tpm2-abrmd --tcti socket I used this (I added a "=" after "--tcti"): $ sudo -u tss /usr/local/sbin/tpm2-abrmd --tcti=socket Dan

4 years, 5 months

1
0
0 / 0

2022

2021

2020

2019

2018

2017

tpm2 March 2018