September 2019 - tpm2

Error Running tpm2-tools in windows against MSSIM

by Arun Sudhir

Hi, I have managed to compile and run the tpm simulator on Windows as well as build tpm2-tss and build and run tpm2-tools (after quite a bit if work) on Windows 10. I looked at the makefile and on windows, created a project for every tool. IT worked well and built everything. I also got the server up on port 2321 and set the environment variable TPM2TOOLS_TCTI to "mssim:host=localhost,port=2321" I was following instructions listed in https://github.com/tpm2-software/tpm2-tools/wiki/Getting-Started#introduc... and also did not build abrmd. Since i cannot do tpm2_pcrlist (Unix system command), I decided to do a tpm2_getrandom as listed here: https://github.com/tpm2-software/tpm2-tools/wiki/How-to-use-tpm2-tools. When i executed against the hardware tpm (by default it first executes against the hardware tpm using tcti-tbs on windows), it worked well for: *tpm2_getrandom -o random.out 20* Next, i really wanted to try out a few things, so i set the env variable TPM2TOOLS_TCTI to mssim:host=127.0.0.1,port=2321 ( i tried localhost, that failed with a socket connect because it was not resolving to 127.0.0.1). Now i get this error: WARNING:esys:api\Esys_GetCapability.c:303:Esys_GetCapability_Finish() Received TPM Error ERROR:esys:api\Esys_GetCapability.c:107:Esys_GetCapability() Esys Finish ErrorCode (0x00000100) ERROR: Esys_GetCapability(0x100) - tpm:error(2.0): TPM not initialized by TPM2_Startup or already initialized ERROR: Unable to run C:\Users\arunsu\source\repos\tpm2-tools-4.0\vstudio\x64\Debug\tpm2-getrandom.exe This is only for MSSIM. Anyone knows why ??

8 months, 1 week

2
4
0 / 0

How to generate the statically linked executable

by ZhengYu Tsai

Hi everyone, May i ask does anyone know or fixed similar issue as below ? Thanks for your reply Context - Hardware: i686 - Operating system : Ubuntu 16.04.6 LTS Bug Report - Expected Behavior Builds the statically linked executables in tpm2-tools/tools derek@ubuntu:~/workdir/tpm2-tools$ file tools/tpm2_* tools/tpm2_activatecredential: ELF 32-bit LSB executable, Intel 80386, version 1 (GNU/Linux), statically linked, for GNU/Linux 2.6.32, BuildID[sha1]=91a0834f96856f15537fb75b1d6f822e31b07995, not stripped - Actual Behavior Can't compile completely /usr/bin/ld: attempted static link of dynamic object `/usr/lib/i386-linux-gnu/libcurl-gnutls.so' collect2: error: ld returned 1 exit status Makefile:2170: recipe for target 'tools/tpm2_getekcertificate' failed make: *** [tools/tpm2_getekcertificate] Error 1 - Steps to Reproduce // install tpm2-tss ./configure "CFLAGS=--static" --enable-shared=no make sudo make install // Install tpm2-tools ./configure "CFLAGS=--static" --enable-shared=no --disable-hardening make - Possible Solution ./configure --parameter or modify Makefile

8 months, 1 week

2
5
0 / 0

[TPM][tpm2_tools] Why tpm2_nvreadlock can't work normally with the attribute "policyread|policywrite|read_stclear"?

by Zhao, Shirley

Hi, all, I want to define a NV index with attribute "policyread|policywrite|read_stclear", but get error when tpm2_nvreadlock. Only set the attribute as "policyread|policywrite|ownerwrite|ownerread|read_stclear", tpm2_nvreadlock can work normally. The following is the steps: $ tpm2_nvdefine -x 0x1500018 -a 0x40000001 -s 64 -L pcr.policy -t "policyread|policywrite|read_stclear" $ tpm2_nvwrite -x 0x1500018 -a 0x1500018 -L sha256:7 -o 0 test.bin $ tpm2_nvread -x 0x1500018 -a 0x1500018 -L sha256:7 $ tpm2_nvreadlock -x 0x1500018 -a 0x1500018 ERROR on line: "82" in file: "tools/tpm2_nvreadlock.c": Failed to lock NVRAM area at index 0x1500018 ERROR on line: "81" in file: "./lib/log.h": Tss2_Sys_NV_ReadLock(0x12F) - tpm:error(2.0): authValue or authPolicy is not available for selected entity ERROR on line: "166" in file: "tools/tpm2_tool.c": Unable to run tpm2_nvreadlock Seems tpm2_nvreadlock can't accept the policy option, right? If so, is there any plan to support policy? Thanks a lot. - Shirley

8 months, 2 weeks

2
1
0 / 0

Re: [tpm2] tpm2 Digest, Vol 27, Issue 23

by Trey Weaver

It looked like the command worked OK. It gave me a handle of 0x800000 or something. Then I rebooted my machine and tried the command "tpm2_unseal -c key.ctx" and I got this error: WARNING:esys:src/tss2-esys/api/Esys_ContextLoad.c:279:Esys_ContextLoad_Finish() Received TPM Error ERROR:esys:src/tss2-esys/api/Esys_ContextLoad.c:93:Esys_ContextLoad() Esys Finish ErrorCode (0x000001df) ERROR: Esys_ContextLoad(0x1DF) - tpm:parameter(1):integrity check failed ERROR: Invalid item handle authorization ERROR: Unable to run tpm2_unseal Do I need to do anything before I call the unseal after the power cycle? Thanks. On Fri, Sep 20, 2019, at 3:00 PM, tpm2-request(a)lists.01.org wrote: > Send tpm2 mailing list submissions to > tpm2(a)lists.01.org > > To subscribe or unsubscribe via the World Wide Web, visit > https://lists.01.org/mailman/listinfo/tpm2 > or, via email, send a message with subject or body 'help' to > tpm2-request(a)lists.01.org > > You can reach the person managing the list at > tpm2-owner(a)lists.01.org > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of tpm2 digest..." > > > Today's Topics: > > 1. Putting a persistant string into the tpm2 using tpm2_tools. > (Trey Weaver) > 2. Re: Putting a persistant string into the tpm2 using > tpm2_tools. (Tadeusz Struk) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Fri, 20 Sep 2019 10:34:51 -0400 > From: "Trey Weaver" <treyweaver(a)fastmail.net> > To: tpm2(a)lists.01.org > Subject: [tpm2] Putting a persistant string into the tpm2 using > tpm2_tools. > Message-ID: <62b22807-115d-444b-af44-b1c0ab16daf9(a)www.fastmail.com> > Content-Type: text/plain; charset="us-ascii" > > I want to put a small string into the TPM2 and be able to recall it > over restarts. Here is what I have tried: > > # put data in file that is to be sealed > echo "my sealed data" > seal.dat > > # create a primary key > tpm2_createprimary -c primary.ctx > > # create a child key in public and private parts > tpm2_create -C primary.ctx -u obj.pub -r obj.priv > > # create a sealed object > tpm2_create -C primary.ctx -i seal.dat -u obj.pub -r obj.priv > > # load the private and public portions into the TPM > tpm2_load -C primary.ctx -u obj.pub -r obj.priv -c key.ctx > > # unseal the data > tpm2_unseal -c key.ctx > > But after a power cycle if I run '*tpm2_unseal -c key.ctx*' I get this error: > > *WARNING:esys:src/tss2-esys/api/Esys_ContextLoad.c:279:Esys_ContextLoad_Finish() Received TPM Error ERROR:esys:src/tss2-esys/api/Esys_ContextLoad.c:93:Esys_ContextLoad() Esys Finish ErrorCode (0x000001df) ERROR: Esys_ContextLoad(0x1DF) - tpm:parameter(1):integrity check failed ERROR: Invalid item handle authorization ERROR: Unable to run tpm2_unseal* > > I am using the tpm_server (emulator) if that makes any difference. > > So what is the best way to load a small string into the tpm2 and be > able to pull it out anytime in the future, even after power loss. > > > Thanks > >

8 months, 2 weeks

1
0
0 / 0

Re: [tpm2] Putting a persistant string into the tpm2 using tpm2_tools.

by Desai, Imran

@treyweaver, the issue you are seeing is that all contexts are invalidated after TPM restart. As @tadeusz suggests you can either make the object persistent using the evict control tool. If you do this please remember the persistent handle you specify or the one used by the evictcontrol tool like 0x81000000 and now you can unseal with tpm2_unseal -c 0x81000000 even after TPM restarts. Alternatively you can also repeat the key loading step which gives you a valid key.ctx context file. Thanks and Regards, Imran Desai ________________________________________ From: tpm2 [tpm2-bounces(a)lists.01.org] on behalf of tpm2-request(a)lists.01.org [tpm2-request(a)lists.01.org] Sent: Friday, September 20, 2019 12:00 PM To: tpm2(a)lists.01.org Subject: tpm2 Digest, Vol 27, Issue 23 Send tpm2 mailing list submissions to tpm2(a)lists.01.org To subscribe or unsubscribe via the World Wide Web, visit https://lists.01.org/mailman/listinfo/tpm2 or, via email, send a message with subject or body 'help' to tpm2-request(a)lists.01.org You can reach the person managing the list at tpm2-owner(a)lists.01.org When replying, please edit your Subject line so it is more specific than "Re: Contents of tpm2 digest..." Today's Topics: 1. Putting a persistant string into the tpm2 using tpm2_tools. (Trey Weaver) 2. Re: Putting a persistant string into the tpm2 using tpm2_tools. (Tadeusz Struk) ---------------------------------------------------------------------- Message: 1 Date: Fri, 20 Sep 2019 10:34:51 -0400 From: "Trey Weaver" <treyweaver(a)fastmail.net> To: tpm2(a)lists.01.org Subject: [tpm2] Putting a persistant string into the tpm2 using tpm2_tools. Message-ID: <62b22807-115d-444b-af44-b1c0ab16daf9(a)www.fastmail.com> Content-Type: text/plain; charset="us-ascii" I want to put a small string into the TPM2 and be able to recall it over restarts. Here is what I have tried: # put data in file that is to be sealed echo "my sealed data" > seal.dat # create a primary key tpm2_createprimary -c primary.ctx # create a child key in public and private parts tpm2_create -C primary.ctx -u obj.pub -r obj.priv # create a sealed object tpm2_create -C primary.ctx -i seal.dat -u obj.pub -r obj.priv # load the private and public portions into the TPM tpm2_load -C primary.ctx -u obj.pub -r obj.priv -c key.ctx # unseal the data tpm2_unseal -c key.ctx But after a power cycle if I run '*tpm2_unseal -c key.ctx*' I get this error: *WARNING:esys:src/tss2-esys/api/Esys_ContextLoad.c:279:Esys_ContextLoad_Finish() Received TPM Error ERROR:esys:src/tss2-esys/api/Esys_ContextLoad.c:93:Esys_ContextLoad() Esys Finish ErrorCode (0x000001df) ERROR: Esys_ContextLoad(0x1DF) - tpm:parameter(1):integrity check failed ERROR: Invalid item handle authorization ERROR: Unable to run tpm2_unseal* I am using the tpm_server (emulator) if that makes any difference. So what is the best way to load a small string into the tpm2 and be able to pull it out anytime in the future, even after power loss. Thanks

8 months, 2 weeks

1
0
0 / 0

Putting a persistant string into the tpm2 using tpm2_tools.

by Trey Weaver

I want to put a small string into the TPM2 and be able to recall it over restarts. Here is what I have tried: # put data in file that is to be sealed echo "my sealed data" > seal.dat # create a primary key tpm2_createprimary -c primary.ctx # create a child key in public and private parts tpm2_create -C primary.ctx -u obj.pub -r obj.priv # create a sealed object tpm2_create -C primary.ctx -i seal.dat -u obj.pub -r obj.priv # load the private and public portions into the TPM tpm2_load -C primary.ctx -u obj.pub -r obj.priv -c key.ctx # unseal the data tpm2_unseal -c key.ctx But after a power cycle if I run '*tpm2_unseal -c key.ctx*' I get this error: *WARNING:esys:src/tss2-esys/api/Esys_ContextLoad.c:279:Esys_ContextLoad_Finish() Received TPM Error ERROR:esys:src/tss2-esys/api/Esys_ContextLoad.c:93:Esys_ContextLoad() Esys Finish ErrorCode (0x000001df) ERROR: Esys_ContextLoad(0x1DF) - tpm:parameter(1):integrity check failed ERROR: Invalid item handle authorization ERROR: Unable to run tpm2_unseal* I am using the tpm_server (emulator) if that makes any difference. So what is the best way to load a small string into the tpm2 and be able to pull it out anytime in the future, even after power loss. Thanks

8 months, 2 weeks

2
1
0 / 0

swtpm tests question

by Stone, Thomas G

I am trying, unsuccessfully, to see how the TPM_CC_Hash value 0x0000017D gets sent to the swtpm. Additionally, the _test_hashing script is sending the string "1234" to the swtpm and then verifies a twenty byte return, which is 160 bits, against the hash code "97 e9 76 e4 f2 2c d6 d2 4a fd 21 20 85 ad 7a 86 64 7f 2a e5" which does not appear to correspond to to any hash that I separately calculate. Nor do I see where the hashing algorithm to be used is sent to the swtpm (eg 0x0004 for sha1 or 0x000b for sha2. I was hoping to use the existing tests as templates for new tests such as testing TPM_CC_GetRandom. I can't do that if I cannot find where the TPM_CC_Hash is specified or where the hashing algorithm to use is specified. The _test_hashing code is run_swtpm_ioctl ${SWTPM_INTERFACE} -h 1234 if [ $? -ne 0 ]; then echo "Error: Hash command did not work." exit 1 fi # Read PCR 17 Swtpm_open_cmddev ${SWTPM_INTERFACE} 100 RES=$(swtpm_cmd_tx ${SWTPM_INTERFACE} '\x00\xC1\x00\x00\x00\x0E\x00\x00\x00\x15\x00\x00\x00\x11') exp=' 00 c4 00 00 00 1e 00 00 00 00 97 e9 76 e4 f2 2c d6 d2 4a fd 21 20 85 ad 7a 86 64 7f 2a e5' if [ "$RES" != "$exp" ]; then echo "Error: (1) Did not get expected result from TPM_PCRRead(17)" echo "expected: $exp" echo "received: $RES" exit 1 fi Any pointers will be appreciated. This is the first time I have attempted to use a tpm so the answer is probably something obvious that I am overlooking. Thomas Stone, CISSP Information Assurance Engineer Staff Lockheed Martin Missiles and Fire Control Phone (407) 356-6913 Cell (919) 812-0607 Email: thomas.g.stone(a)lmco.com<mailto:thomas.g.stone@lmco.com>

8 months, 2 weeks

3
3
0 / 0

Out from Sept 23 - Oct 21

by Roberts, William C

Reminder that I will be gone from Sept 23 - Oct 21. Any emails sent to me will go into the bitbucket. Make sure to add another maintainer to your email or use the list (preferably use the list). Bill

8 months, 2 weeks

1
0
0 / 0

Incomplete TPM event log on Linux?

by Matthew Dempsky

I'm trying to validate the PCR values computed by my TPM. They're mostly okay, but PCR 7 is giving me a weird value. I'm wondering if I'm missing something. I'm running Debian 10.1 on an X1 Carbon (gen 6). I don't believe I have any system software installed and configured to use the TPM. (E.g., I have full disk encryption enabled, but it's currently using a password rather than the TPM.) When I run tpm2_pcrread to read the PCRs, I get: $ sudo tpm2_pcrread | head -9 sha1: 0 : 0x2365D6AB190CC51FD04911A36A6620578F5A15B7 1 : 0x90CDA14DCFA4B62CDE2898625606298C71A94F7C 2 : 0xB2A83B0EBF2F8374299A5B2BDFC31EA955AD7236 3 : 0xB2A83B0EBF2F8374299A5B2BDFC31EA955AD7236 4 : 0x9C27A66C20926B86EA3120FA36CC75D0EE870E0D 5 : 0xA842C2C96B7D8813837174751AEADB5314316ACB 6 : 0xB2A83B0EBF2F8374299A5B2BDFC31EA955AD7236 7 : 0xDB9CFC01DCC5C88ACBE9C6E2DB0E6BC4EA231AC6 And when I replay the event log from /sys/kernel/security/tpm0/binary_bios_measurements, I get: $ python sum.py < binary_bios_measurements 0 2365D6AB190CC51FD04911A36A6620578F5A15B7 1 90CDA14DCFA4B62CDE2898625606298C71A94F7C 2 B2A83B0EBF2F8374299A5B2BDFC31EA955AD7236 3 B2A83B0EBF2F8374299A5B2BDFC31EA955AD7236 4 9C27A66C20926B86EA3120FA36CC75D0EE870E0D 5 A842C2C96B7D8813837174751AEADB5314316ACB 6 B2A83B0EBF2F8374299A5B2BDFC31EA955AD7236 7 37A1A97D5F0BE67FBD544A1604C843BCEE4EE3B2 [I've attached the binary_bios_measurement file, and I've also included my sum.py script below.] Note that PCRs 0 through 6 match, but PCR 7 has a different value. I haven't manually written anything into PCR 7, and I get the same mismatched results even after rebooting. I noticed that Shim is generating malformed event log entries (see https://github.com/rhboot/shim/issues/184 for details), but even my attempts to correct for that don't seem to resolve the discrepancy (not that I'd expect them to anyway---I'm just running out of ideas). My best guess is that *something* (Shim? Grub? The Linux kernel? Some Debian userspace program?) is writing to PCR 7, but not recording a log entry (or logging somewhere other than binary_bios_measurements). However, I'm at a loss for what that might be, or how to track it down. Any recommendations would be greatly appreciated. Thanks, Matthew # sum.py import hashlib import struct import sys pcrs = ['\x00' * 20] * 8 def extend(pcr, digest): h = hashlib.sha1() h.update(pcrs[pcr]) h.update(digest) pcrs[pcr] = h.digest() events = sys.stdin.read() while events: pcr, kind, digest, size = struct.unpack("<II20sI", events[:32]) events = events[32 + size:] extend(pcr, digest) for i, pcr in enumerate(pcrs): print i, pcr.encode('hex').upper()

8 months, 3 weeks

4
7
0 / 0

Re: [tpm2] Incomplete TPM event log on Linux

by Oliver, Dario N

Hello Matthew, I had some problems before related to discrepancies between the TPM Event Log and the actual PCR values. For my case, it was with Fedora and the PCR-9, "Missing TPM Event Log entry for initramfs measurement" (https://bugzilla.redhat.com/show_bug.cgi?id=1730785) What solved the issue was, apparently, a fedora kernel update. I was initially using a 5.0.16 kernel when I found the issue, and it was solved in the kernel 5.1.17 You have existing parsers as well that will tell which is the measured component (and maybe if something is missing): iml2text, and https://github.com/ValdikSS/binary_bios_measurements_parser Which version of the debian provided kernel are you using? Maybe for your case, a kernel update could help too. ------------------------------ Message: 2 Date: Wed, 18 Sep 2019 03:14:57 -0700 From: Matthew Dempsky <matthew(a)dempsky.org> To: tpm2(a)lists.01.org Subject: [tpm2] Incomplete TPM event log on Linux? Message-ID: <CANKkrzEDDXdGVFRA8QCpP_p-0XnHf10mTjJ+LW-tAtSH=sv2Mg(a)mail.gmail.com> Content-Type: text/plain; charset="utf-8" I'm trying to validate the PCR values computed by my TPM. They're mostly okay, but PCR 7 is giving me a weird value. I'm wondering if I'm missing something. I'm running Debian 10.1 on an X1 Carbon (gen 6). I don't believe I have any system software installed and configured to use the TPM. (E.g., I have full disk encryption enabled, but it's currently using a password rather than the TPM.) When I run tpm2_pcrread to read the PCRs, I get: $ sudo tpm2_pcrread | head -9 sha1: 0 : 0x2365D6AB190CC51FD04911A36A6620578F5A15B7 1 : 0x90CDA14DCFA4B62CDE2898625606298C71A94F7C 2 : 0xB2A83B0EBF2F8374299A5B2BDFC31EA955AD7236 3 : 0xB2A83B0EBF2F8374299A5B2BDFC31EA955AD7236 4 : 0x9C27A66C20926B86EA3120FA36CC75D0EE870E0D 5 : 0xA842C2C96B7D8813837174751AEADB5314316ACB 6 : 0xB2A83B0EBF2F8374299A5B2BDFC31EA955AD7236 7 : 0xDB9CFC01DCC5C88ACBE9C6E2DB0E6BC4EA231AC6 And when I replay the event log from /sys/kernel/security/tpm0/binary_bios_measurements, I get: $ python sum.py < binary_bios_measurements 0 2365D6AB190CC51FD04911A36A6620578F5A15B7 1 90CDA14DCFA4B62CDE2898625606298C71A94F7C 2 B2A83B0EBF2F8374299A5B2BDFC31EA955AD7236 3 B2A83B0EBF2F8374299A5B2BDFC31EA955AD7236 4 9C27A66C20926B86EA3120FA36CC75D0EE870E0D 5 A842C2C96B7D8813837174751AEADB5314316ACB 6 B2A83B0EBF2F8374299A5B2BDFC31EA955AD7236 7 37A1A97D5F0BE67FBD544A1604C843BCEE4EE3B2 [I've attached the binary_bios_measurement file, and I've also included my sum.py script below.] Note that PCRs 0 through 6 match, but PCR 7 has a different value. I haven't manually written anything into PCR 7, and I get the same mismatched results even after rebooting. I noticed that Shim is generating malformed event log entries (see https://github.com/rhboot/shim/issues/184 for details), but even my attempts to correct for that don't seem to resolve the discrepancy (not that I'd expect them to anyway---I'm just running out of ideas). My best guess is that *something* (Shim? Grub? The Linux kernel? Some Debian userspace program?) is writing to PCR 7, but not recording a log entry (or logging somewhere other than binary_bios_measurements). However, I'm at a loss for what that might be, or how to track it down. Any recommendations would be greatly appreciated. Thanks, Matthew # sum.py import hashlib import struct import sys pcrs = ['\x00' * 20] * 8 def extend(pcr, digest): h = hashlib.sha1() h.update(pcrs[pcr]) h.update(digest) pcrs[pcr] = h.digest() events = sys.stdin.read() while events: pcr, kind, digest, size = struct.unpack("<II20sI", events[:32]) events = events[32 + size:] extend(pcr, digest) for i, pcr in enumerate(pcrs): print i, pcr.encode('hex').upper()

8 months, 3 weeks

1
0
0 / 0

2020

2019

2018

2017

tpm2 September 2019