abrmd crashing - how to debug?
by Kenneth Goldman
Ubuntu focal with WSL, abrmd compiled from source
After about 5 minutes of sending commands, abrmd crashes. I originally
found it with keylime, but I can reproduce it with a simple bash loop on
pcrread.
abrmd exits, the tool output is:
** (process:21067): CRITICAL **: 17:25:10.862: failed to allocate dbus
proxy object: Could not connect: Connection refused
WARNING:tcti:src/tss2-tcti/tctildr.c:79:tcti_from_init() TCTI init for
function 0x7ff5f6dbbe10 failed with a0008
WARNING:tcti:src/tss2-tcti/tctildr.c:109:tcti_from_info() Could not
initialize TCTI named: tcti-abrmd
ERROR:tcti:src/tss2-tcti/tctildr-dl.c:154:tcti_from_file() Could not
initialize TCTI file: tabrmd
ERROR:tcti:src/tss2-tcti/tctildr.c:416:Tss2_TctiLdr_Initialize_Ex() Failed
to instantiate TCTI
ERROR: Could not load tcti, got: "tabrmd:bus_name=com.intel.tss2.Tabrmd"
How would I debug?
I would expect that nothing that a single application does should crash
abrmd.
--
Ken Goldman kgoldman(a)us.ibm.com
914-945-2415 (862-2415)
1 month
FAPI Provision Could not open: /HN
by Roberts, William C
I have never been able to run a successfull tss2 provision command (ever), the most current error is this:
$ tss2 provision
ERROR:fapijson:src/tss2-fapi/ifapi_json_serialize.c:529:ifapi_json_IFAPI_OBJECT_serialize() Invalid call get_json ErrorCode (0x00060001)
ERROR:fapi:src/tss2-fapi/ifapi_keystore.c:710:ifapi_keystore_store_async() ErrorCode (0x00060001) Object for /home/wcrobert/.local/share/tpm2-tss/user/keystore//P_ECCP256SHA256/HN/object.json could not be serialized.
ERROR:fapi:src/tss2-fapi/api/Fapi_Provision.c:1290:Fapi_Provision_Finish() ErrorCode (0x00060001) Could not open: /HN
WARNING:fapi:src/tss2-fapi/ifapi_io.c:421:ifapi_io_remove_directories() Removing: /usr/local/var/lib/tpm2-tss/system/keystore/P_ECCP256SHA256/HS/SRK/object.json
WARNING:fapi:src/tss2-fapi/ifapi_io.c:421:ifapi_io_remove_directories() Removing: /usr/local/var/lib/tpm2-tss/system/keystore/P_ECCP256SHA256/HS/object.json
WARNING:fapi:src/tss2-fapi/ifapi_io.c:421:ifapi_io_remove_directories() Removing: /usr/local/var/lib/tpm2-tss/system/keystore/P_ECCP256SHA256/LOCKOUT/object.json
WARNING:fapi:src/tss2-fapi/ifapi_io.c:421:ifapi_io_remove_directories() Removing: /usr/local/var/lib/tpm2-tss/system/keystore/P_ECCP256SHA256/HE/EK/object.json
WARNING:fapi:src/tss2-fapi/ifapi_io.c:421:ifapi_io_remove_directories() Removing: /usr/local/var/lib/tpm2-tss/system/keystore/P_ECCP256SHA256/HE/object.json
ERROR:fapi:src/tss2-fapi/api/Fapi_Provision.c:168:Fapi_Provision() ErrorCode (0x00060001) Provision
Fapi_Provision(0x60001) - fapi:Catch all for all errors not otherwise specified
Any ideas?
System Details Below:
tpm2-tss version
pkg-config --modversion tss2-fapi
3.1.0-dev
tpm2-tss$ git describe 3.0.0-136-gc651d559d036
tpm2-tools version:
tss2 getrandom --version
tool="getrandom" version="5.0-92-g46ffe7eed571"
I have a working connection to a swtpm via tpm2-abrmd as confirmed by:'
tpm2 getrandom --hex --tcti=tabrmd 4
I have modified my /usr/local/etc/tpm2-tss/fapi-config.json to include:
"ek_cert_less" : "yes"
"tcti": "tabrmd"
My user wcrobert is part of tss group:
$groups
wcrobert adm cdrom sudo dip plugdev lpadmin sambashare kvm libvirt tss docker
1 year, 1 month
does "unique-data" really work?
by Ted Kim
Folks,
Does unique-data option really work?
It did not seem to work for me in that the keys with different
"unique-data" seem identical.
If it does work, what version is needed?
Thanks,
-ted
--
Ted H. Kim, PhD
ted.h.kim(a)oracle.com
+1 310-258-7515
1 year, 1 month
Dockerhub images gone, use Github Container Registry
by Roberts, William C
Dockerhub is no longer, all the images are on Github Container registry:
https://github.com/orgs/tpm2-software/packages
Update your docker pull URLs to:
docker pull ghcr.io/tpm2-software/<image name>
Where <image name> was the tag name in the older Docker image land.
I meant to drop the Docker Hub a while ago, as those images were not getting updated once Dockerhub switched its billing model. When they did that,
the project had to move to Github Actions and the Github Container Registry.
Just as a warning for anyone using them, they are really intended for the CI systems and have never been evaluated beyond that
capacity. Use at your own risk and know they can disappear at any time.
1 year, 2 months
tpm2-abrmd bootstrap error
by Kenneth Goldman
Does anyone have working instructions to build abrmd from source on Ubuntu
16 xenial?
I did this,
http://ftpmirror.gnu.org/autoconf-archive/autoconf-archive-2019.01.06.tar.xz
fix, then got this:
libtoolize: putting auxiliary files in '.'.
libtoolize: linking file './ltmain.sh'
configure.ac:10: installing './compile'
configure.ac:13: installing './config.guess'
configure.ac:13: installing './config.sub'
configure.ac:15: installing './install-sh'
configure.ac:15: installing './missing'
aminclude_static.am:126: warning: .PHONY was already defined in condition
TRUE, which includes condition AUTOCONF_CODE_COVERAGE_2019_01_06 ...
Makefile.am:175: 'aminclude_static.am' included from here
Makefile.am:6: ... '.PHONY' previously defined here
Makefile.am:182: warning: AM_DISTCHECK_CONFIGURE_FLAGS multiply defined in
condition AUTOCONF_CODE_COVERAGE_2019_01_06 and CODE_COVERAGE_ENABLED ...
aminclude_static.am:100: ... 'AM_DISTCHECK_CONFIGURE_FLAGS' previously
defined here
Makefile.am:175: 'aminclude_static.am' included from here
Makefile.am: installing './depcomp'
parallel-tests: installing './test-driver'
--
Ken Goldman kgoldman(a)us.ibm.com
914-945-2415 (862-2415)
1 year, 2 months
[ANNOUNCE] tpm2-pytss python bindings
by Roberts, William C
All,
As you know, the tpm2-pytss project (https://github.com/tpm2-software/tpm2-pytss)
didn't progress the way we were hoping, multiple issues with swig and getting elusive manhours prevented us
from achieving our goal.
However, after many discussions with various community members, and a great initial start years ago by our
very own Andreas Fuchs, we have decided to go the CFFI route. It's still very early, and much work needs to be
done to mature the project, but hopefully the API generated by CFFI will be stable and sane. Preliminary trials
with Esys_CreatePrimary and ESys_GetRandom have been promising.
I'll be dedicating most of my engineering time to this project to help move it along.
I appreciate everyone's feedback, help and patience.
Bill
1 year, 2 months