March 2021 - tpm2 - Ml01.01.Org

by Kenneth Goldman

Ubuntu focal with WSL, abrmd compiled from source After about 5 minutes of sending commands, abrmd crashes. I originally found it with keylime, but I can reproduce it with a simple bash loop on pcrread. abrmd exits, the tool output is: ** (process:21067): CRITICAL **: 17:25:10.862: failed to allocate dbus proxy object: Could not connect: Connection refused WARNING:tcti:src/tss2-tcti/tctildr.c:79:tcti_from_init() TCTI init for function 0x7ff5f6dbbe10 failed with a0008 WARNING:tcti:src/tss2-tcti/tctildr.c:109:tcti_from_info() Could not initialize TCTI named: tcti-abrmd ERROR:tcti:src/tss2-tcti/tctildr-dl.c:154:tcti_from_file() Could not initialize TCTI file: tabrmd ERROR:tcti:src/tss2-tcti/tctildr.c:416:Tss2_TctiLdr_Initialize_Ex() Failed to instantiate TCTI ERROR: Could not load tcti, got: "tabrmd:bus_name=com.intel.tss2.Tabrmd" How would I debug? I would expect that nothing that a single application does should crash abrmd. -- Ken Goldman kgoldman(a)us.ibm.com 914-945-2415 (862-2415)

1 month

6
13
0 / 0

tpm2-tss v2.4.6-rc0

by Tadeusz Struk

Hello, I'm happy to announce that a new release candidate for tpm2-tss v2.4.6-rc0 is out. https://github.com/tpm2-software/tpm2-tss/releases/tag/2.4.6-rc0 All changes and fixes are listed in the CHANGELOG.md file. Any feedback welcomed. Thanks, -- Tadeusz

1 year, 1 month

1
0
0 / 0

tpm2-tss v3.0.4-rc0

by Tadeusz Struk

Hello, I'm happy to announce that a new release candidate for tpm2-tss v3.0.4-rc0 is out. https://github.com/tpm2-software/tpm2-tss/releases/tag/3.0.4-rc0 All changes and fixes are listed in the CHANGELOG.md file. Any feedback welcomed. Thanks, -- Tadeusz

1 year, 1 month

1
0
0 / 0

tpm2-tss v3.1.0-rc0

by Tadeusz Struk

Hello, I'm happy to announce the first release candidate for tpm2-tss v3.1.0. It can be found here: https://github.com/tpm2-software/tpm2-tss/releases/tag/3.1.0-rc0 As always all the changes and fixes are listed in the CHANGELOG.md file. Any feedback welcomed. Thanks, -- Tadeusz

1 year, 1 month

1
0
0 / 0

FAPI Provision Could not open: /HN

by Roberts, William C

I have never been able to run a successfull tss2 provision command (ever), the most current error is this: $ tss2 provision ERROR:fapijson:src/tss2-fapi/ifapi_json_serialize.c:529:ifapi_json_IFAPI_OBJECT_serialize() Invalid call get_json ErrorCode (0x00060001) ERROR:fapi:src/tss2-fapi/ifapi_keystore.c:710:ifapi_keystore_store_async() ErrorCode (0x00060001) Object for /home/wcrobert/.local/share/tpm2-tss/user/keystore//P_ECCP256SHA256/HN/object.json could not be serialized. ERROR:fapi:src/tss2-fapi/api/Fapi_Provision.c:1290:Fapi_Provision_Finish() ErrorCode (0x00060001) Could not open: /HN WARNING:fapi:src/tss2-fapi/ifapi_io.c:421:ifapi_io_remove_directories() Removing: /usr/local/var/lib/tpm2-tss/system/keystore/P_ECCP256SHA256/HS/SRK/object.json WARNING:fapi:src/tss2-fapi/ifapi_io.c:421:ifapi_io_remove_directories() Removing: /usr/local/var/lib/tpm2-tss/system/keystore/P_ECCP256SHA256/HS/object.json WARNING:fapi:src/tss2-fapi/ifapi_io.c:421:ifapi_io_remove_directories() Removing: /usr/local/var/lib/tpm2-tss/system/keystore/P_ECCP256SHA256/LOCKOUT/object.json WARNING:fapi:src/tss2-fapi/ifapi_io.c:421:ifapi_io_remove_directories() Removing: /usr/local/var/lib/tpm2-tss/system/keystore/P_ECCP256SHA256/HE/EK/object.json WARNING:fapi:src/tss2-fapi/ifapi_io.c:421:ifapi_io_remove_directories() Removing: /usr/local/var/lib/tpm2-tss/system/keystore/P_ECCP256SHA256/HE/object.json ERROR:fapi:src/tss2-fapi/api/Fapi_Provision.c:168:Fapi_Provision() ErrorCode (0x00060001) Provision Fapi_Provision(0x60001) - fapi:Catch all for all errors not otherwise specified Any ideas? System Details Below: tpm2-tss version pkg-config --modversion tss2-fapi 3.1.0-dev tpm2-tss$ git describe 3.0.0-136-gc651d559d036 tpm2-tools version: tss2 getrandom --version tool="getrandom" version="5.0-92-g46ffe7eed571" I have a working connection to a swtpm via tpm2-abrmd as confirmed by:' tpm2 getrandom --hex --tcti=tabrmd 4 I have modified my /usr/local/etc/tpm2-tss/fapi-config.json to include: "ek_cert_less" : "yes" "tcti": "tabrmd" My user wcrobert is part of tss group: $groups wcrobert adm cdrom sudo dip plugdev lpadmin sambashare kvm libvirt tss docker

1 year, 1 month

2
2
0 / 0

does "unique-data" really work?

by Ted Kim

Folks, Does unique-data option really work? It did not seem to work for me in that the keys with different "unique-data" seem identical. If it does work, what version is needed? Thanks, -ted -- Ted H. Kim, PhD ted.h.kim(a)oracle.com +1 310-258-7515

1 year, 1 month

2
1
0 / 0

Dockerhub images gone, use Github Container Registry

by Roberts, William C

Dockerhub is no longer, all the images are on Github Container registry: https://github.com/orgs/tpm2-software/packages Update your docker pull URLs to: docker pull ghcr.io/tpm2-software/<image name> Where <image name> was the tag name in the older Docker image land. I meant to drop the Docker Hub a while ago, as those images were not getting updated once Dockerhub switched its billing model. When they did that, the project had to move to Github Actions and the Github Container Registry. Just as a warning for anyone using them, they are really intended for the CI systems and have never been evaluated beyond that capacity. Use at your own risk and know they can disappear at any time.

1 year, 2 months

1
0
0 / 0

tpm2-abrmd bootstrap error

by Kenneth Goldman

Does anyone have working instructions to build abrmd from source on Ubuntu 16 xenial? I did this, http://ftpmirror.gnu.org/autoconf-archive/autoconf-archive-2019.01.06.tar.xz fix, then got this: libtoolize: putting auxiliary files in '.'. libtoolize: linking file './ltmain.sh' configure.ac:10: installing './compile' configure.ac:13: installing './config.guess' configure.ac:13: installing './config.sub' configure.ac:15: installing './install-sh' configure.ac:15: installing './missing' aminclude_static.am:126: warning: .PHONY was already defined in condition TRUE, which includes condition AUTOCONF_CODE_COVERAGE_2019_01_06 ... Makefile.am:175: 'aminclude_static.am' included from here Makefile.am:6: ... '.PHONY' previously defined here Makefile.am:182: warning: AM_DISTCHECK_CONFIGURE_FLAGS multiply defined in condition AUTOCONF_CODE_COVERAGE_2019_01_06 and CODE_COVERAGE_ENABLED ... aminclude_static.am:100: ... 'AM_DISTCHECK_CONFIGURE_FLAGS' previously defined here Makefile.am:175: 'aminclude_static.am' included from here Makefile.am: installing './depcomp' parallel-tests: installing './test-driver' -- Ken Goldman kgoldman(a)us.ibm.com 914-945-2415 (862-2415)

1 year, 2 months

2
1
0 / 0

build abrmd fails with ax_is_release.m4 is outdated.

by Kenneth Goldman

Ubuntu 16, x86 running bootstrap The error says this. apt upgrade says everything is current. configure.ac:15: installing './install-sh' configure.ac:15: installing './missing' Makefile.am: installing './depcomp' parallel-tests: installing './test-driver' ERROR: ax_is_release.m4 is outdated. ./configure will fail. Please download from http://ftpmirror.gnu.org/autoconf-archive/autoconf-archive-2019.01.06.tar.xz -- Ken Goldman kgoldman(a)us.ibm.com 914-945-2415 (862-2415)

1 year, 2 months

1
0
0 / 0

[ANNOUNCE] tpm2-pytss python bindings

by Roberts, William C

All, As you know, the tpm2-pytss project (https://github.com/tpm2-software/tpm2-pytss) didn't progress the way we were hoping, multiple issues with swig and getting elusive manhours prevented us from achieving our goal. However, after many discussions with various community members, and a great initial start years ago by our very own Andreas Fuchs, we have decided to go the CFFI route. It's still very early, and much work needs to be done to mature the project, but hopefully the API generated by CFFI will be stable and sane. Preliminary trials with Esys_CreatePrimary and ESys_GetRandom have been promising. I'll be dedicating most of my engineering time to this project to help move it along. I appreciate everyone's feedback, help and patience. Bill

1 year, 2 months

1
0
0 / 0

2022

2021

2020

2019

2018

2017

tpm2 March 2021