April 2021 - tpm2 - Ml01.01.Org

Failed to acquire DBus name com.intel.tss2.Tabrmd

by Kenneth Goldman

This is my variation on what seems to be a frequent issue. Ubuntu groovy, abrmd installed with apt. tpm2-abrmd --tcti=mssim (not as root) Gives this error: ** (tpm2-abrmd:2275): CRITICAL **: 14:38:22.835: Failed to acquire DBus name com.intel.tss2.Tabrmd. UID 1000 must be allowed to "own" this name. Check DBus config and check that this is running as user tss or root. How should I 'own' this name? What's 'DBUS config' and what should be checked What is 'this' that should be running as user tss or root? UID 1000 is kgold My tpm2-abrmd.conf was edited to add: /etc/group has tss:111:kgold -- Ken Goldman kgoldman(a)us.ibm.com 914-945-2415 (862-2415)

8 months, 3 weeks

1
0
0 / 0

get TPM applications to happily co-exist

by Ted Kim

Folks, The question has come up about how to get TPM applications to happily coexist with minimal coordination. One issue in the owner hierarchy is we want each application to to be able to manage it's own objects but not affect those of the other applications. So for example, we only want application A to be able to evict persistent handles owned by that application and not those of another application B. If I understand, tpm2_evictcontrol command, the authorization is on the hierarchy and not on the object. Maybe I am thinking about this wrong, but is there a way in the authorization to look at some property of the object and tell who "owns" it and then figure out if this should be allowed or not ? Otherwise, I think, we end up building some other software which knows how to authorize this on the hierarchy and keeps track of who owns what and then issues the eviction only when the owner of an object is the requester. Am open to any suggestions. Thanks, -ted

8 months, 3 weeks

3
8
0 / 0

does -p (password) work with tpm2_import ?

by Ted Kim

Folks, I tried tpm2_import with the -p option with a password, and it doesn't seem to work for me. Subsequent tpm2_rsadecrypt commands using the key from the import seem to work fine without any -p option. * Does import work with -p ? Is there something I have overlooked in this? I understand that tpm2_rsaencrypt does not take the -p option in line with the idea of using a "public" key. * Is it correct to say that if I want to have authorization on encryption, I have to use tpm2_encryptdecrypt (i.e. use symmetric keys) ? Thanks, -ted

8 months, 3 weeks

2
4
0 / 0

[RELEASE CANDIDATE] tpn2-pkcs11 1.6.0-rc0

by Roberts, William C

Hello, tpm2-pkcs11 version 1.6.0-rc0: https://github.com/tpm2-software/tpm2-pkcs11/releases/tag/1.6.0-rc0 With the following CHANGELOG: ### 1.6.0-rc0 - 2021-04-26 * Spelling and grammar fixes throughout the project. * tpm2_ptool: fix bug in verify commandlet where `--sopin` leads to local variable referenced before assignment. See #624. * Docs: add a document describing SSH Hostkey configuration using tpm2-pkcs11. * Support changes in tpm2-tss-engine using TPM2_RH_OWNER instead of 0. * Since upstream commit tpm2-software/tpm2-tss-engine@06f57a3. * Fix endian issue in test_db. * Fix tpm2_ptool error messages when exceptions are raised during execution of tpm2-tools commands. * Support CKA_DERIVE=true which will support the newest pkcs11-tool EC template. * Fix requirement of having ESYS >= 2.4, see #632 for details. * Fix docs/INITIALIZING.md reference to `--pobj-pin`, should be `--hierarchy-auth`. * Fix missing libyaml dependency in documentation. * Fix bug in DB update logic where errors in handlers were ignored. * Fix NPD bug when ESAPI and FAPI return 0 tokens. * Add support for over TPM sized AES buffers. * Add support for mechanism CKM_AES_CBC_PAD. * Add support for mechanism CKM_AES_CTR. * Add support for RSA 3072 (3k) keys. * Remove usage of function Esys_TR_GetTpmHandle. FAPI Backend will no longer depend on ESAPI 2.4 or greater. * Add **Experimental** RSA 4096 support. **Use at your own risk**. Thanks, Bill

8 months, 4 weeks

1
0
0 / 0

tpm2-tss v3.0.4-rc0

by Roberts, William C

Hello, A new release candidate for tpm2-tss 3.0.4 is out. It can be found here: https://github.com/tpm2-software/tpm2-tss/releases/tag/3.0.4-rc0 All changes and fixed issues are listed in the CHANGELOG.md file. Please give it some testing. Any feedback is appreciated. Thanks, Bill

8 months, 4 weeks

1
1
0 / 0

tpm2-tss v2.4.6-rc0

by Roberts, William C

Hello, A new release candidate for tpm2-tss 2.4.6 is out. It can be found here: https://github.com/tpm2-software/tpm2-tss/releases/tag/2.4.6-rc0 All changes and fixed issues are listed in the CHANGELOG.md file. Please give it some testing. Any feedback is appreciated. Thanks, Bill

8 months, 4 weeks

1
0
0 / 0

Failing to build tss tools - Ubuntu groovy

by Kenneth Goldman

My project specifies branch 3.X, which fails because it uses python, not python3. checking for module yaml in python... Traceback (most recent call last): File "<stdin>", line 1, in <module> ImportError: No module named yaml ~~~~~~~~~~~~~~~~~~~~~~~~~~ I tried instead branch 3.0.x. Is that newer or older than 3.X. This one failed because - what - sapi is not installed or it's the wrong version??? checking for sapi >= 1.3.0 sapi < 2.0.0... no The tpm2-tss is 2.4.x. The project wants 2.0.x but that did not build. ~~~ Is there a patch for 3.X or 3.0.X that I can use to build? -- Ken Goldman kgoldman(a)us.ibm.com 914-945-2415 (862-2415)

8 months, 4 weeks

2
2
0 / 0

Help - invalid count value

by Chat Overlay Streaming

Hi there, I tried to use the TPM2 AES256 / AES256CTR to encrypt a file. When I ran the following command, I got an error message in an infinite loop and had to reboot my machine. $ tpm2_encryptdecrypt -c 0x81010000 --iv=iv.input:iv.output -p ${pswd} -o enc_test.data test.data The error message was tpm tpm0 invalid count value ffffffff 1000 tpm tpm0 invalid count value ffffffff 1000 ... tpm tpm0 invalid count value ffffffff 1000 Digging the location where the error message comes from, I found it was in the tpm driver file: file tpm-interface.c static ssize_t *tpm_try_transmit*(struct tpm_chip *chip, void *buf, size_t bufsiz) { struct tpm_header *header = buf; ... *count = be32_to_cpu(header->length); // ---> count = ffffffff * ... *if (count > bufsiz) { // ---> bufsiz = 1000 dev_err(&chip->dev, "invalid count value %x %zx\n", count, bufsiz); *return -E2BIG; * }* .... } My question is did someone meet the same problem? And how can I debug this problem? I double checked the tpm2-abrmd service. It was running okay. The builds for my test are: 1. rpi-kernel: 5.4.y 2. tpm2-tss: 3.0.x 3. tpm2-abrmd: 2.3.2 4. tpm2-tools: 4.2.X 5. tpm2-tss-engine: v1.1.x My test environments: RPI 3B & 4B AES in the TPM was enabled. Attached is my test script. Thanks a lot, Ben

8 months, 4 weeks

2
4
0 / 0

Delta-8 For Sale

by taliamyers017＠gmail.com

Delta-8 for sale has been around the world for a long time. The strain Delta-8 cannabis is a favorite among many people. But, it comes with a big warning. Most Delta-8 cannabis products are full of psychoactive CBD. Delta-8 CBD products for sale can have a high CBD content. Many of Delta-8 cannabis products for sale are high in CBD. This is because Delta-8 contains a psychoactive ingredient called THC or tetrahydrocannabinol. The delta-8 THC is popular with many stoners and often goes by other names such as HHO, Cloud, Honey and Butter. Delta-8 cannabis is highly addictive. Visit: https://area52.com/delta-8-products/

9 months

1
0
0 / 0

How to use tpm2 tool to unload an external key

by Chenxi Z

Hi, I loaded an ecdsa P256 key, which was generated by openssl, into TPM. Once the key is not longer needed for my use case, I would like to unload the key. Can I know what tpm2 tool command that I can use to unload the external key? I am assuming if I don't unload the key, the key context/memory will forever be held by TPM (unless reboot). If I never release that and I keep loading new keys into TPM, the TPM will eventually run out of memory. ref: https://github.com/tpm2-software/tpm2-tools/blob/master/man/tpm2_loadexte... openssl ecparam -genkey -name prime256v1 -noout -out ec256-key-pair.pem tpm2_loadexternal -C n -G ecc -r ec256-key-pair.pem -c eckey.ctx Thanks Chenxi

9 months

3
4
0 / 0

2022

2021

2020

2019

2018

2017

tpm2 April 2021