Re: tpm2_nvread Error:0x9a2
by Desai, Imran
@Luke, did you try specifying the index as the auth handle like tpm2_nvread -x 0x1c00002 -s 1171 -f outfile.out -a 0x1c000002
What you did should have work based on the NV index attributes, unless owner auth is set to non empty value.
________________________________________
From: tpm2-request(a)lists.01.org [tpm2-request(a)lists.01.org]
Sent: Tuesday, October 01, 2019 11:51 AM
To: tpm2(a)lists.01.org
Subject: tpm2 Digest, Vol 27, Issue 30
Send tpm2 mailing list submissions to
tpm2(a)lists.01.org
To subscribe or unsubscribe via email, send a message with subject or
body 'help' to
tpm2-request(a)lists.01.org
You can reach the person managing the list at
tpm2-owner(a)lists.01.org
When replying, please edit your Subject line so it is more specific
than "Re: Contents of tpm2 digest..."
Today's Topics:
1. tpm2_nvread Error:0x9a2 (Luke Hinds)
2. Cannot build tpm2-tss(a)2.2.3 and tpm2-abrmd(a)2.0.3 with Automake 1.6
(Oliver, Dario N)
3. Re: Cannot build tpm2-tss(a)2.2.3 and tpm2-abrmd(a)2.0.3 with Automake 1.6
(Jonas Witschel)
4. Error running tpm2_create: magic does not match! (Arun Sudhir)
----------------------------------------------------------------------
Date: Tue, 1 Oct 2019 12:11:38 +0100
From: Luke Hinds <lhinds(a)redhat.com>
Subject: [tpm2] tpm2_nvread Error:0x9a2
To: tpm2(a)lists.01.org
Message-ID:
<CAKrSGQRr0ZoP5hq9KFtgD45HbpT3dhBF6umG2-cZ73FC8YcEGQ(a)mail.gmail.com>
Content-Type: multipart/alternative;
boundary="000000000000edba810593d777e1"
--000000000000edba810593d777e1
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Hi,
Apologies, that might be hardware specific. but thought it might be worth
asking here, in case anyone has seen the same.
My Intel Nuc 7i7DNHE with an Infineon SLB9665VQ2.0 TPM is no longer
allowing me to read the NV index.
This is after clearing the TPM by removing the yellow jumper and selecting
4 to clear on first boot (and then placing the jumper back into position)
I can run tpm2_takeownership -c with no issues, but not 'tpm2_nvread'
0x1c00002:
hash algorithm:
friendly: sha256
value: 0xB
attributes:
friendly:
ppwrite|writedefine|ppread|ownerread|authread|no_da|written|platformcreate
value: 0x1200762
size: 1177
tpm2_nvread -x 0x1c00002 -s 1171 -f outfile.out
ERROR: Failed to read NVRAM area at index 0x1c00002 (29360130). Error:0x9a2
ERROR: Unable to run tpm2_nvread
tpm2_rc_decode 0x9a2
error layer
hex: 0x0
identifier: TSS2_TPM_RC_LAYER
description: Error produced by the TPM
format 1 error code
hex: 0x22
identifier: TPM2_RC_BAD_AUTH
description: authorization failure without DA implications
session
hex: 0x100
identifier: TPM2_RC_1
description: (null)
Does this ring any bells for anyone?
--=20
Luke Hinds
--000000000000edba810593d777e1
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr"><div>Hi,</div><div><br></div><div>Apologies, that might be=
hardware specific. but thought it might be worth asking here, in case anyo=
ne has seen the same.<br></div><div><br></div><div>My <span class=3D"gmail-=
il">Intel</span> <span class=3D"gmail-il">Nuc</span> 7i7DNHE with <span cla=
ss=3D"gmail-st">an Infineon SLB9665VQ2.0 TPM is no longer allowing me to re=
ad the NV index.<br></span></div><div><span class=3D"gmail-st"><br></span><=
/div><div><span class=3D"gmail-st">This is after clearing the TPM by removi=
ng the yellow jumper and selecting 4 to clear on first boot (and then placi=
ng the jumper back into position)<br></span></div><div><span class=3D"gmail=
-st"><br></span></div><div><span class=3D"gmail-st">I can run tpm2_takeowne=
rship -c with no issues, but not '<span class=3D"gmail-st">tpm2_nvread&=
#39;</span></span></div><div><span class=3D"gmail-st"><br></span></div><div=
><span class=3D"gmail-st">0x1c00002:<br>=C2=A0 hash algorithm:<br>=C2=A0 =
=C2=A0 friendly: sha256<br>=C2=A0 =C2=A0 value: 0xB<br>=C2=A0 attributes:<b=
r>=C2=A0 =C2=A0 friendly: ppwrite|writedefine|ppread|ownerread|authread|no_=
da|written|platformcreate<br>=C2=A0 =C2=A0 value: 0x1200762<br>=C2=A0 size:=
1177<br></span></div><div><span class=3D"gmail-st"><br></span></div><div><=
span class=3D"gmail-st">tpm2_nvread -x 0x1c00002 -s 1171 -f outfile.out<br>=
ERROR: Failed to read NVRAM area at index 0x1c00002 (29360130). Error:0x9a2=
<br>ERROR: Unable to run tpm2_nvread<br></span></div><div><br></div><div>tp=
m2_rc_decode 0x9a2 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 <br>error layer<br>=C2=A0 hex: 0x0<br>=C2=A0 identifier: TSS2_TP=
M_RC_LAYER<br>=C2=A0 description: Error produced by the TPM<br>format 1 err=
or code<br>=C2=A0 hex: 0x22<br>=C2=A0 identifier: TPM2_RC_BAD_AUTH<br>=C2=
=A0 description: authorization failure without DA implications<br>session<b=
r>=C2=A0 hex: 0x100<br>=C2=A0 identifier: TPM2_RC_1<br>=C2=A0 description: =
=C2=A0(null)</div><div><br></div><div>Does this ring any bells for anyone?<=
br></div><div><br></div>-- <br><div dir=3D"ltr" class=3D"gmail_signature" d=
ata-smartmail=3D"gmail_signature"><div dir=3D"ltr"><div><div dir=3D"ltr"><d=
iv><div dir=3D"ltr"><div><div dir=3D"ltr"><span style=3D"font-size:12.8px">=
Luke Hinds</span><br style=3D"font-size:12.8px"></div></div></div></div></d=
iv></div></div></div></div>
--000000000000edba810593d777e1--
------------------------------
Date: Tue, 1 Oct 2019 17:10:04 +0000
From: "Oliver, Dario N" <dario.n.oliver(a)intel.com>
Subject: [tpm2] Cannot build tpm2-tss(a)2.2.3 and tpm2-abrmd(a)2.0.3 with
Automake 1.6
To: "tpm2(a)lists.01.org" <tpm2(a)lists.01.org>
Message-ID: <20A6FE0AC912764FB8B5BC5A1A7CB92B4255A062(a)FMSMSX103.amr.co
rp.intel.com>
Content-Type: text/plain; charset="us-ascii"
Hello,
I just noticed that I am no longer able to build tpm2-tss and tpm-abrmd (the specified versions) with the latest automake 1.6.
I am not sure if tpm2-tools(a)3.2.0 have the same problem.
This is caused by automake 1.6, there are several other persons having the same problem because of broken compatibility, i.e. https://gitlab.gnome.org/GNOME/libgdata/issues/24
The latest versions of tss, abrmd and tools works fine. Maybe there is a fix in those version that you could consider porting to the older versions?
The workaround is not using automake 1.6, and rolling back to 1.5.
In summary,
Versions that do not work with automake 1.6:
- TPM2_TSS_VERSION=2.2.3
- TPM2_ABRMD_VERSION=2.0.3
- TPM2_TOOLS_VERSION=3.2.0 ?
The error will be the following, and using --disable-dependency-tracking will not help (a make error will appear anyways)
config.status: error: Something went wrong bootstrapping makefile fragments
for automatic dependency tracking. Try re-running configure with the
'--disable-dependency-tracking' option to at least be able to build
the package (albeit without support for automatic dependency tracking).
Versions that work with automake 1.6:
- TPM2_TSS_VERSION=2.3.1
- TPM2_ABRMD_VERSION=2.2.0
- TPM2_TOOLS_VERSION=4.0
Regards,
Nicolas Oliver
------------------------------
Date: Tue, 1 Oct 2019 19:29:14 +0200
From: Jonas Witschel <diabonas(a)gmx.de>
Subject: [tpm2] Re: Cannot build tpm2-tss(a)2.2.3 and tpm2-abrmd(a)2.0.3
with Automake 1.6
To: "Oliver, Dario N" <dario.n.oliver(a)intel.com>, "tpm2(a)lists.01.org"
<tpm2(a)lists.01.org>
Message-ID: <65510ab5-fa9c-9ae5-7d2b-e13de955d035(a)gmx.de>
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="aX3nwywEo3oo70ssI8rjWTr0axwsPUFqi"
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--aX3nwywEo3oo70ssI8rjWTr0axwsPUFqi
Content-Type: multipart/mixed; boundary="UnCCuvj5XsFhkgZbAlDaGKNmsLNyFIlja";
protected-headers="v1"
From: Jonas Witschel <diabonas(a)gmx.de>
To: "Oliver, Dario N" <dario.n.oliver(a)intel.com>,
"tpm2(a)lists.01.org" <tpm2(a)lists.01.org>
Message-ID: <65510ab5-fa9c-9ae5-7d2b-e13de955d035(a)gmx.de>
Subject: Re: [tpm2] Cannot build tpm2-tss(a)2.2.3 and tpm2-abrmd(a)2.0.3 with
Automake 1.6
References: <20A6FE0AC912764FB8B5BC5A1A7CB92B4255A062(a)FMSMSX103.amr.corp.intel.com>
In-Reply-To: <20A6FE0AC912764FB8B5BC5A1A7CB92B4255A062(a)FMSMSX103.amr.corp.intel.com>
--UnCCuvj5XsFhkgZbAlDaGKNmsLNyFIlja
Content-Type: text/plain; charset=utf-8
Content-Language: en-GB-large
Content-Transfer-Encoding: quoted-printable
Hi,
On 2019-10-01 19:10, Oliver, Dario N wrote:
> I just noticed that I am no longer able to build tpm2-tss and tpm-abrmd=
(the specified versions) with the latest automake 1.6.
> [...]
> This is caused by automake 1.6, there are several other persons having =
the same problem because of broken compatibility, i.e. https://gitlab.gno=
me.org/GNOME/libgdata/issues/24
> The latest versions of tss, abrmd and tools works fine. Maybe there is =
a fix in those version that you could consider porting to the older versi=
ons?
> [...]
> Versions that do not work with automake 1.6:
>=20
> - TPM2_TSS_VERSION=3D2.2.3
> - TPM2_ABRMD_VERSION=3D2.0.3
> - TPM2_TOOLS_VERSION=3D3.2.0 ?
these build failures are most probably caused by a breaking change in
Autoconf Archive 2019.01.06, see the following pull requests for the
fixes incorporated in the most recent versions:
- tpm2-tss: https://github.com/tpm2-software/tpm2-tss/pull/1238, fixed
by https://github.com/tpm2-software/tpm2-tss/pull/1256
- tpm2-abrmd: https://github.com/tpm2-software/tpm2-abrmd/pull/574
- tpm2-tools: https://github.com/tpm2-software/tpm2-tools/pull/1292
Best,
Jonas
--UnCCuvj5XsFhkgZbAlDaGKNmsLNyFIlja--
--aX3nwywEo3oo70ssI8rjWTr0axwsPUFqi
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEE0ZGnjxiB84R1PJZ+aGsGOsS8DskFAl2TjPMACgkQaGsGOsS8
DskemBAApuBfgtDeWZzU5XMx4zMy/ak5xPz+AFVwNCeFUF+HDIS+V7QjMWyobH4X
iKLPmgGysSZaXzde+uTrkQBNf9T9S7Wuh1xSlnA5tkIr0fvK4NKqhFVgvnZu8+ei
dE3hLX4AKvkMJbE9Bpd/WZnFaMuRF7rSGklricR1guQYPPdBC2tDbMOzOdS29VSp
ViZHJgvJ+qqx1RS79OChXMnKVXTNleXYrl7MIRjoYpgZZ1K6wxQJg5UB7nd7JDh9
JdbS4KMH1VIdQzr52ikqu8K8Rc15u4inkMP/7zYaDoPEaoTJe1AblFDABaKuaxgv
LlhrNapdTY9MD9RkJmqQuEgZ7F6/VO3qtAmb61IcFnvwcKEZnAJo6FGKHYhiXha7
3Z15pKe3Ag+XyHYqfgyjHx6eaA7p2nGe48p1Qetvrik6hW3xYntT4PbbU6dp/GLO
nvg/5l2+YetV1bsbBHPChCHo0IIkCyGDoSvPrvUXm1833lJPP7k71lkLpRlZtmIR
s9FaglN/PUjht5x51YB0sadoggDND4VthihccRDrc0D+AD0o4wjCbjssOGM4vkrd
oIEANJFCfYh00M43F9BaPpkI85IJ+TT9D30ReFYKQGuyEFHrbujOsQZ/SGa76MRI
71XqDxGsTdr1lHuwporyD/7adeOaLWESjfIiWRCF5uXtDroyj0Y=
=Kzdc
-----END PGP SIGNATURE-----
--aX3nwywEo3oo70ssI8rjWTr0axwsPUFqi--
------------------------------
Date: Tue, 1 Oct 2019 11:50:15 -0700
From: Arun Sudhir <arunsudhir19(a)gmail.com>
Subject: [tpm2] Error running tpm2_create: magic does not match!
To: tpm2(a)lists.01.org
Message-ID:
<CAJLNp_XZ0UonxQane-no3GVCzGq4X-X7p9Y0_fva5qZO9bOrVg(a)mail.gmail.com>
Content-Type: multipart/alternative;
boundary="00000000000050f90b0593ddd367"
--00000000000050f90b0593ddd367
Content-Type: text/plain; charset="UTF-8"
I hve ported tpm2_tools to windows and and am able to run tpm2_getrandom,
tpm2_createprimary etc. I am using the ctx file generated by
tpm2_createprimary to run tpm2_create.
HEre are the commands i used:
tpm2_createprimary -c primary.ctx (works)tpm2_create -C primary.ctx -u
obj.pub -r obj.priv (fails)
This is the error i get:
ERROR: Found magic 0x40000001 did not match expected magic of 0xbadcc0de!
WARN: The loaded tpm context does not appear to be in the proper format,
assuming old format, this will be converted on the next save.
ERROR: Could not load tpm context file
ERROR: Failed to load_tpm_context_file()
ERROR: Unable to run
C:\Users\arunsu\source\repos\tpm2-tools-4.0\vstudio\x64\Debug\tpm2-create.exe
I see from files.c that the magic is hardcoded.
/**
* This is the magic for the file header. The header is organized
* as a big endian U32 (BEU32) of MAGIC followed by a BEU32 of the
* version number. Tools can define their own, individual file
* formats as they make sense, but they should always have the header.
*/
static const UINT32 MAGIC = 0xBADCC0DE;
Is this a windows vs Linux issue? Should i change the magic value?
--00000000000050f90b0593ddd367
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr"><div>I hve ported tpm2_tools to windows and and am able to=
run tpm2_getrandom, tpm2_createprimary etc. I am using the ctx file genera=
ted by tpm2_createprimary to run tpm2_create.=C2=A0</div><div><br></div><di=
v>HEre are the commands i used:</div><div><br></div><div><pre class=3D"gmai=
l-indent-7" style=3D"box-sizing:border-box;overflow-x:auto;font-family:SFMo=
no-Regular,Consolas,"Liberation Mono",Menlo,Courier,monospace;fon=
t-size:0.9rem;margin-top:0px;margin-bottom:0px;padding-left:2rem;color:rgb(=
51,51,51);background-color:rgb(247,247,247)"><code style=3D"box-sizing:bord=
er-box;font-family:SFMono-Regular,Consolas,"Liberation Mono",Menl=
o,Courier,monospace;font-size:0.9rem">tpm2_createprimary=C2=A0-c=C2=A0prima=
ry.ctx (works)
</code>tpm2_create=C2=A0-C=C2=A0primary.ctx=C2=A0-u=C2=A0obj.pub=C2=A0-r=C2=
=A0obj.priv (fails)</pre><pre class=3D"gmail-indent-7" style=3D"box-sizing:=
border-box;overflow-x:auto;font-family:SFMono-Regular,Consolas,"Libera=
tion Mono",Menlo,Courier,monospace;font-size:0.9rem;margin-top:0px;mar=
gin-bottom:0px;padding-left:2rem;color:rgb(51,51,51);background-color:rgb(2=
47,247,247)"><code style=3D"box-sizing:border-box;font-family:SFMono-Regula=
r,Consolas,"Liberation Mono",Menlo,Courier,monospace;font-size:0.=
9rem">
</code></pre></div><div><br></div><div>This is the error i get:=C2=A0</div>=
<div><br></div>ERROR: Found magic 0x40000001 did not match expected magic o=
f 0xbadcc0de!<br>WARN: The loaded tpm context does not appear to be in the =
proper format, assuming old format, this will be converted on the next save=
.<br>ERROR: Could not load tpm context file<br>ERROR: Failed to load_tpm_co=
ntext_file()<br>ERROR: Unable to run C:\Users\arunsu\source\repos\tpm2-tool=
s-4.0\vstudio\x64\Debug\tpm2-create.exe<br><div><br></div><div><br></div><d=
iv>I see from files.c that the magic is hardcoded.</div><div><font face=3D"=
monospace">/**<br>=C2=A0* This is the magic for the file header. The header=
is organized<br>=C2=A0* as a big endian U32 (BEU32) of MAGIC followed by a=
BEU32 of the<br>=C2=A0* version number. Tools can define their own, indivi=
dual file<br>=C2=A0* formats as they make sense, but they should always hav=
e the header.<br>=C2=A0*/<br>static const UINT32 MAGIC =3D 0xBADCC0DE;</fon=
t><br></div><div><font face=3D"arial, sans-serif">Is this a windows vs Linu=
x issue? Should i change the magic value?</font></div></div>
--00000000000050f90b0593ddd367--
------------------------------
Subject: Digest Footer
_______________________________________________
tpm2 mailing list -- tpm2(a)lists.01.org
To unsubscribe send an email to tpm2-leave(a)lists.01.org
%(web_page_url)slistinfo%(cgiext)s/%(_internal_name)s
------------------------------
End of tpm2 Digest, Vol 27, Issue 30
************************************
2 years, 7 months
Cannot build tpm2-tss@2.2.3 and tpm2-abrmd@2.0.3 with Automake 1.6
by Oliver, Dario N
Hello,
I just noticed that I am no longer able to build tpm2-tss and tpm-abrmd (the specified versions) with the latest automake 1.6.
I am not sure if tpm2-tools(a)3.2.0 have the same problem.
This is caused by automake 1.6, there are several other persons having the same problem because of broken compatibility, i.e. https://gitlab.gnome.org/GNOME/libgdata/issues/24
The latest versions of tss, abrmd and tools works fine. Maybe there is a fix in those version that you could consider porting to the older versions?
The workaround is not using automake 1.6, and rolling back to 1.5.
In summary,
Versions that do not work with automake 1.6:
- TPM2_TSS_VERSION=2.2.3
- TPM2_ABRMD_VERSION=2.0.3
- TPM2_TOOLS_VERSION=3.2.0 ?
The error will be the following, and using --disable-dependency-tracking will not help (a make error will appear anyways)
config.status: error: Something went wrong bootstrapping makefile fragments
for automatic dependency tracking. Try re-running configure with the
'--disable-dependency-tracking' option to at least be able to build
the package (albeit without support for automatic dependency tracking).
Versions that work with automake 1.6:
- TPM2_TSS_VERSION=2.3.1
- TPM2_ABRMD_VERSION=2.2.0
- TPM2_TOOLS_VERSION=4.0
Regards,
Nicolas Oliver
2 years, 7 months
tpm2_nvread Error:0x9a2
by Luke Hinds
Hi,
Apologies, that might be hardware specific. but thought it might be worth
asking here, in case anyone has seen the same.
My Intel Nuc 7i7DNHE with an Infineon SLB9665VQ2.0 TPM is no longer
allowing me to read the NV index.
This is after clearing the TPM by removing the yellow jumper and selecting
4 to clear on first boot (and then placing the jumper back into position)
I can run tpm2_takeownership -c with no issues, but not 'tpm2_nvread'
0x1c00002:
hash algorithm:
friendly: sha256
value: 0xB
attributes:
friendly:
ppwrite|writedefine|ppread|ownerread|authread|no_da|written|platformcreate
value: 0x1200762
size: 1177
tpm2_nvread -x 0x1c00002 -s 1171 -f outfile.out
ERROR: Failed to read NVRAM area at index 0x1c00002 (29360130). Error:0x9a2
ERROR: Unable to run tpm2_nvread
tpm2_rc_decode 0x9a2
error layer
hex: 0x0
identifier: TSS2_TPM_RC_LAYER
description: Error produced by the TPM
format 1 error code
hex: 0x22
identifier: TPM2_RC_BAD_AUTH
description: authorization failure without DA implications
session
hex: 0x100
identifier: TPM2_RC_1
description: (null)
Does this ring any bells for anyone?
--
Luke Hinds
2 years, 7 months