search

Advantech-IIoT / UNO-220-POE-

4 stars 1 forks source link

slb9670 authorization #1

Closed ikudryav closed 2 years ago

ikudryav commented 3 years ago

It seems that UNO220POE is an excellent device for quick prototyping. But one issue is that even TPM module tpm-slb9670 is installed and seems working fine, and also tpm2-tools installed as a package, but it is not allowed to claim ownership of the module:

sudo  tpm2_takeownership -o newo -e newe -l newl
ERROR: Could not change hierarchy for Owner. TPM Error:0x9a2
ERROR: Could not change hierarchy for Endorsement. TPM Error:0x9a2
ERROR: Could not change hierarchy for Lockout. TPM Error:0x921
ERROR: Unable to run tpm2_takeownership 

$ tpm2_rc_decode 0x9a2
error layer
  hex: 0x0
  identifier: TSS2_TPM_RC_LAYER
  description: Error produced by the TPM
format 1 error code
  hex: 0x22
  identifier: TPM2_RC_BAD_AUTH
  description: authorization failure without DA implications
session
  hex: 0x100
  identifier: TPM2_RC_1
  description:  (null)

It seems that I don't have authorisation to reclaim ownership and couldn't find any reference to the old password, so presumably, the passwords were not set.

How to resolve it?

Yuchun-Chen-ADV commented 3 years ago

It should be that TPM has been locked out. You can try the following commands to unlock lockout: tpm2_dictionarylockout -c -p passwd (You can refer this for more info. https://github.com/tpm2-software/tpm2-tools/blob/master/man/tpm2_dictionarylockout.1.md) Or Raspberry Pi can try: tpm2_clear -c p (You can refer this for more info. https://github.com/tpm2-software/tpm2-tools/blob/master/man/tpm2_clear.1.md)