February 2018 - tpm2 - Ml01.01.Org

by Yasuhiro Hosoda

MY name is Yasuhiro Hosoda. I am developing a program using TSS1.0(Nov１．2016). I encountered a problem with PolicySecret error 0x98e and need help. My program uses tpmtest.cpp as a base of development. The situation is as follows: 1 Create TPM Keys like this. EK ｜-------- ｜ | MK AK ｜ SK 2 Execute PolicySecret twice using HMAC session. At first, it ends without error. Then it ends with 0x98e For clarification, I print out the values of Virtual Handle and Real Handle. The value of Virtual/Real Handles differ at 2nd excution of the command. (See NO 25/26 Below) I understand that the resource manager assigns Virtual Handle and my program calculates HMAC using that handles. On the other hand, TPM may calculate HMAC using Real Handle. That is my hypothesis. Any suggestion about the usage of Session Handle? NO Command Virtual/Real Handle LOC 1. CreatePrimary(EK) real=80000000, virtual=80000000 8381 2. HierarchyChangeAuth1 8421 3. HierarchyChangeAuth2 8431 4. StartAuthSession(Policy) real=3000000, virtual=3000000 8480 5. PolicySecret(ENDORSEMENT) 8494 6. Create(MK) 8515 7. PolicySecret(ENDORSEMENT) 8529 8. Load(MK) real=80000001, virtual=80000001 8542 9. Evict(MK) 8552 10. Create(SK) 8590 11. Load(SK) real=80000001, virtual=80000002 8598 12. PolicySecret(ENDORSEMENT) 8609 13. Create(AK) 8635 14. PolicySecret(ENDORSEMENT) 8645 15. Load(AK) real=80000001, virtual=80000003 8655 16. FlushContext(POLICY) 8664 17. StartAuthSession(POLICY) real=3000000, virtual=3000000 8668 18. StartAuthSession(HMAC) real=2000001, virtual=2000001 8678 19. ComputeCommandHMAC(LoadExternal) real=80000000, virtual=80000004 3706 20. ComputeCommandHMAC(HMAC_Start) real=80000001, virtual=80000005 3706 21. PolicySecret(SK) 8711 22. FlushContext(HMAC) 8717 23. FlushContext(POLICY) 8724 24. CertifyCreation(SK) 8738 25. StartAuthSession(POLICY) real=3000000, virtual=3000001 8745 26. StartAuthSession(HMAC) real=2000001, virtual=2000000 8754 27. ComputeCommandHMAC(LoadExternal) real=80000000, virtual=80000005 8782 28. ComputeCommandHMAC(HMAC_Start) real=80000001, virtual=80000004 8782 29. PolicySecret(SK) 8789 The whole source program can be found here. https://github.com/intel/tpm2-tss/files/1516612/tpmtest.cpp_0x98e_2.txt Kind regards, -- Yasuhiro Hosoda NTT Electronics Corporation （NEL) Security Support Project

3 years, 1 month

3
16
0 / 0

[ANNOUNCE] Brace yourself: API & ABI incompatible changes in coming!

by Philip Tricca

Hello, We're getting pretty close to an RC0 for the next major release of the TSS2 libraries. Before we can make RCo though there are a number of changes that still need to be made to the header files to bring them in line with the latest TPM2 and TSS2 specifications. We've just started rolling these out and during this time, due to the nature of the changes, we'll be breaking backward compatibility (API and ABI both). If you're following along at home you've probably seen changes to the TCTI headers and implemnetation happening in rapid succession over the last few days (when our CI isn't down). Expect similar changes to happen in the rest of the public headers over the course of this week. These changes will likely cause some issues for downstream projects but feel free to get on the list and we'll help sort things out. Regards, Philip

3 years, 7 months

1
2
0 / 0

[ANNOUNCE] tpm2-tss version 1.4.0 RC0 tagged

by Philip Tricca

Hello all, We're starting the release candidate cycle for another minor release from the tpm2-tss repo. The changelog should be up to date with info about the minor changes that have gone into this release. Please provide whatever feedback you have and we can roll the RCs forward as necessary. https://github.com/tpm2-software/tpm2-tss/releases/tag/1.4.0-rc0 Best, Philip

3 years, 9 months

1
1
0 / 0

[ANNOUNCE] tpm2-abrmd version 1.3.0 RC0 tagged

by Philip Tricca

Hello all, We're starting the release candidate cycle for another minor release from the tpm2-abrmd repo. The CHANGELOG should be up to date highlighting the changes that are in this release. Please provide whatever feedback you have and we can roll the RCs forward as necessary. https://github.com/tpm2-software/tpm2-abrmd/releases/tag/1.3.0-rc0 Regards, Philip

3 years, 9 months

1
1
0 / 0

tpm2-abrmd can't connect to IBM's tpm_server

by Scheie, Peter M

I'm trying to get tpm2-abrmd to connect to the IBM tpm_server simulator, as described in https://github.com/tpm2-software/tpm2-tools/wiki/Getting-Started, but it fails saying Failed to initialize device TCTI context: 0xa000a I've tried versions 1119 and 974 of tpm_server, but got the same result. For tpm2-abrmd, I'm using version 1.2.0 from the tarball under 'Releases'. Netstat shows tpm_server is listening on ports 2322 and 2321, so I suspect something is wrong on the tpm2-abrmd end. Suggestions? Peter

3 years, 9 months

2
3
0 / 0

Simple (hopefully) git rebase question

by Anderson, Daniel

I am having trouble with git rebase. It seems to be much more complex than it needs to be. All I need to do is to merge commits—no conflicts, no undo. So I edited the rebase file below and changed the last “pick” to “squash” and moved the previous “pick” down two lines (because I think the commits I am rebasing must be together). Here is the session with the file after editing (changes in bold, deleted lines underlined bold). Any hints? Dan $ git rebase --abort $ git rebase -i HEAD~10 pick 1c68b3d tabrmd: Set default tcti & conf string in option structure initialization. pick 98a3dd1 TctiDynamic: Fix bad default TCTI library string. pick 6f8e54d ci: Install libgcrypt development package. pick 52de684 tabrmd: Combine --tcti and --tcti-conf string. pick 377792a tcti-util: Allow shortened TCTI library names to align with the tools. pick 5c4be78 D-Bus: install a service file to allow on-demand systemd unit activation pick 84e9e9a tcti: fix build error due wrong TCTI transmit functions signatures pick fb9bc17 Update our TCTI implementation to align with upstream changes. pick 1317cbe D-Bus: install a service file to allow on-demand systemd unit activation pick 70c9fac INSTALL.md: Document Configure Flags Better [Moved down 2 lines] pick 5c6ec7f tcti: fix build error due wrong TCTI transmit functions signatures pick 3dbc9f2 Update our TCTI implementation to align with upstream changes. pick 70c9fac INSTALL.md: Document Configure Flags Better pick squash 23515f7 INSTALL.md: Document Configure Flags Better # Rebase 1743dca..8e6b37c onto 1743dca (13 command(s)) Rebasing (6/13)Rebasing (7/13)Rebasing (8/13)Rebasing (9/13)The previous cherry-pick is now empty, possibly due to conflict resolution. If you wish to commit it anyway, use: git commit --allow-empty Otherwise, please use 'git reset' interactive rebase in progress; onto 1743dca Last commands done (9 commands done): pick fb9bc17 Update our TCTI implementation to align with upstream changes. pick 1317cbe D-Bus: install a service file to allow on-demand systemd unit activation Next commands to do (4 remaining commands): pick 5c6ec7f tcti: fix build error due wrong TCTI transmit functions signatures pick 3dbc9f2 Update our TCTI implementation to align with upstream changes. You are currently rebasing branch 'dan-diroptions' on '1743dca'. Untracked files: baksrc.sh bug.txt build.sh rebase-push.script rebase.script nothing added to commit but untracked files present Could not apply 1317cbece92af7c94916672bf2f9c49dbe348b01... D-Bus: install a service file to allow on-demand systemd unit activation

3 years, 9 months

2
2
0 / 0

[tpm2-software/tpm2-tools] db54db: lib: fix error array

by GitHub

Branch: refs/heads/master Home: https://github.com/tpm2-software/tpm2-tools Commit: db54dbf23696075336a5a2c25d5544cd66fc0fd9 https://github.com/tpm2-software/tpm2-tools/commit/db54dbf23696075336a5a2... Author: William Roberts <william.c.roberts(a)intel.com> Date: 2018-02-26 (Mon, 26 Feb 2018) Changed paths: M lib/tpm2_error.c Log Message: ----------- lib: fix error array The indices were off in the array, fix this. Signed-off-by: William Roberts <william.c.roberts(a)intel.com> Commit: a8d13a160f46d87f403c6b80ab16ae91bb109e0f https://github.com/tpm2-software/tpm2-tools/commit/a8d13a160f46d87f403c6b... Author: William Roberts <william.c.roberts(a)intel.com> Date: 2018-02-26 (Mon, 26 Feb 2018) Changed paths: M Makefile.am R lib/conversion.c R lib/conversion.h A lib/tpm2_convert.c A lib/tpm2_convert.h M tools/tpm2_certify.c M tools/tpm2_getpubak.c M tools/tpm2_getpubek.c M tools/tpm2_quote.c M tools/tpm2_readpublic.c M tools/tpm2_sign.c Log Message: ----------- lib/conversion: rename to tpm2_convert Update routines/enums to coding standard. Signed-off-by: William Roberts <william.c.roberts(a)intel.com> Commit: 2496a869141d9ea32dd8e1a1f83061076c767240 https://github.com/tpm2-software/tpm2-tools/commit/2496a869141d9ea32dd8e1... Author: William Roberts <william.c.roberts(a)intel.com> Date: 2018-02-26 (Mon, 26 Feb 2018) Changed paths: M tools/tpm2_rsadecrypt.c Log Message: ----------- tpm2_rsadecrypt: fix error output Signed-off-by: William Roberts <william.c.roberts(a)intel.com> Commit: 7a09eaf32c13c3bf07906db86675aa0e966b6fc3 https://github.com/tpm2-software/tpm2-tools/commit/7a09eaf32c13c3bf07906d... Author: William Roberts <william.c.roberts(a)intel.com> Date: 2018-02-26 (Mon, 26 Feb 2018) Changed paths: M tools/tpm2_getpubak.c Log Message: ----------- tpm2_getpubak: fix missing hex identifier on handle FIx the missing 0x base identifier on the loaded-key handle output. Before: loaded-key: handle: 80000001 After: loaded-key: handle: 0x80000001 Signed-off-by: William Roberts <william.c.roberts(a)intel.com> Compare: https://github.com/tpm2-software/tpm2-tools/compare/ea9f944051da...7a09ea...

3 years, 9 months

1
0
0 / 0

[tpm2-software/tpm2-tools] ea9f94: tools: Fix typos in tpm2_send and tpm2_tool

by GitHub

Branch: refs/heads/master Home: https://github.com/tpm2-software/tpm2-tools Commit: ea9f944051daa4c0ee61e52f0624361b24527ec1 https://github.com/tpm2-software/tpm2-tools/commit/ea9f944051daa4c0ee61e5... Author: Manolis Ragkousis <manolis837(a)gmail.com> Date: 2018-02-26 (Mon, 26 Feb 2018) Changed paths: M tools/tpm2_send.c M tools/tpm2_tool.c Log Message: ----------- tools: Fix typos in tpm2_send and tpm2_tool Without this patch build fails with 'implicit declaration of function'. * tools/tpm2_send.c (tpm2_tool_onrun): Replace tss2_tcti_transmit with Tss2_Tcti_Transmit. Replace tss2_tcti_receive with Tss2_Tcti_Receive. * tools/tpm2_tool.c (tcti_teardown): Replace tss2_tcti_finalize with Tss2_Tcti_Finalize. Signed-off-by: Manolis Ragkousis <manolis837(a)gmail.com>

3 years, 9 months

1
0
0 / 0

[tpm2-software/tpm2-tools] 031f72: Update README.md

by GitHub

Branch: refs/heads/master Home: https://github.com/tpm2-software/tpm2-tools Commit: 031f72d938d8e5b952d9f9d75eee2dab8389a760 https://github.com/tpm2-software/tpm2-tools/commit/031f72d938d8e5b952d9f9... Author: William Roberts <william.c.roberts(a)intel.com> Date: 2018-02-23 (Fri, 23 Feb 2018) Changed paths: M README.md Log Message: ----------- Update README.md

3 years, 9 months

1
0
0 / 0

TCTI initialization fails with error 0xc000b

by Anderson, Daniel

I have been getting the same error and cannot start the tpm2-service: $ sudo systemctl start tpm2-abrmd.service Job for tpm2-abrmd.service failed because the control process exited with error code. See "systemctl status tpm2-abrmd.service" and "journalctl -xe" for details. $ systemctl status tpm2-abrmd.service tpm2-abrmd.service: Main process exited, code=exited, status=1/FA Failed to start TPM2 Access Broker and Resource Management Daemon Unit entered failed state. Failed with result 'exit-code'. # Start manually: $ /usr/local/sbin/tpm2-abrmd& ** (tpm2-abrmd:1596): WARNING **: failed to initialize device TCTI context: 0xa000a ** (tpm2-abrmd:1596): CRITICAL **: TCTI Initializaiton: 0xa000a $ tpm2_rc_decode 0xa000a tcti:IO failure So it seems that this is a known bug: https://github.com/tpm2-software/tpm2-abrmd/issues/321 https://github.com/tpm2-software/tpm2-abrmd/pull/330 Is there a workaround? The discussion is too cryptic for me. For example, I can't find a tpm2_listpcrs command in tpm2-tools (or -abrmd or -tss). I am running on Ubuntu Linux with a simulator. Dan -----Original Message----- From: tpm2 [mailto:tpm2-bounces@lists.01.org] On Behalf Of tpm2-request(a)lists.01.org Sent: Friday, February 16, 2018 8:47 AM To: tpm2(a)lists.01.org Subject: tpm2 Digest, Vol 8, Issue 14 Send tpm2 mailing list submissions to tpm2(a)lists.01.org To subscribe or unsubscribe via the World Wide Web, visit https://lists.01.org/mailman/listinfo/tpm2 or, via email, send a message with subject or body 'help' to tpm2-request(a)lists.01.org You can reach the person managing the list at tpm2-owner(a)lists.01.org When replying, please edit your Subject line so it is more specific than "Re: Contents of tpm2 digest..." Today's Topics: 1. Re: TCTI initialization fails with error 0xc000b (Roberts, William C)

3 years, 9 months

4
8
0 / 0

2021

2020

2019

2018

2017

tpm2 February 2018