Issues with TPM connections in Release Mode

[CZEMacLeod]

When compiling in Release mode after adding a connection with Hardware Security I get the following

3>C:\Program Files (x86)\MSBuild\Microsoft\.NetNative\ARM\ilc\IlcInternals.targets(936,5): warning : ILTransform_0000:       MCG : warning MCG0006: Unresolved P/Invoke method 'Tbsi_Context_Create!tbs.dll' in assembly 'TSS.UWP, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null' because it is not available in UWP applications. Please either use an another API , or use [DllImport(ExactSpelling=true) to indicate that you understand the implications of using non-UWP application APIs.
3>C:\Program Files (x86)\MSBuild\Microsoft\.NetNative\ARM\ilc\IlcInternals.targets(936,5): warning : ILTransform_0000:       MCG : warning MCG0006: Unresolved P/Invoke method 'Tbsip_Context_Close!tbs.dll' in assembly 'TSS.UWP, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null' because it is not available in UWP applications. Please either use an another API , or use [DllImport(ExactSpelling=true) to indicate that you understand the implications of using non-UWP application APIs.
3>C:\Program Files (x86)\MSBuild\Microsoft\.NetNative\ARM\ilc\IlcInternals.targets(936,5): warning : ILTransform_0000:       MCG : warning MCG0006: Unresolved P/Invoke method 'Tbsip_Submit_Command!tbs.dll' in assembly 'TSS.UWP, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null' because it is not available in UWP applications. Please either use an another API , or use [DllImport(ExactSpelling=true) to indicate that you understand the implications of using non-UWP application APIs.

When running the code there are 6 TypeLoadExceptions in TSS.UWP.dll and the values from GetHostName() etc. are all empty. Exception thrown: 'System.TypeLoadException' in TSS.UWP.dll

I don't know if this is an issue with something missing from the project that the extension should add or an issue with the TPM packages themselves.

The code runs as expected and returns the values when in Debug mode.

[arturl]

Thanks @CZEMacLeod for reporting it, we know about it and working on a fix. For now, if you can disable compilation with .Net Native, it should work.

[jpiaggio]

I'm having the same issue, but not able to create the package and facing some errors as well

Error at SerializationAssemblyGenerator.Program.AddKnownContractsLists(McgCodeTypeDeclaration container, ContractTables tables) Error at SerializationAssemblyGenerator.Program.GenerateDataContractSerializerHelper(IEnumerable1 contracts, IEnumerable1 jsonContracts, GeneratorSettings settings, String intermediateAssembly, IEnumerable1 wcfSerializers) Error at SerializationAssemblyGenerator.Program.GenerateDataContractSerializerHelperCode(IEnumerable1 contracts, IEnumerable1 jsonContracts, IEnumerable1 wcfSerializers) Error at SerializationAssemblyGenerator.Program.Main(String[] args) Error at System.Collections.Generic.Dictionary2.get_Item(TKey key)

[mms-]

Been a while, no activity on this it seems. Is there a workaround for this or does the runtime basically block tbs.dll api at runtime for .Net Native and the only solution is wait for the SDK to support these? Does this mean we can't publish these apps to the store? For IoT native compilation makes a big difference.

To get rid of the serialization generation error you can do this https://github.com/Microsoft/TSS.MSR/issues/8

Not much help however, complies but does not run.

[arturl]

We have a plan to fix this, but it will take a while. One work-around could be to use ProcessLauncher to launch limpet.exe outside of UWP and collect its output. We are working on a project that utilizes this approach, it will go public in about a month. I'll update this issue with a link.

[mms-]

I see, what is the actual blocking issue here though? Because it looks like .Net Native is not allow access to native methods in tbl.dll!?

[arturl]

Correct, TBS APIs are currently not allowed in UWP.

[mms-]

Could UWP on Windows IoT expose TBS APIs directly via Windows IoT Extensions for UWP? It seems to expose others such as ShutdownManger.

After what will soon be a year is there seriously no real solution to this from the UWP platform itself? Does not inspire confidence. TPM on IoT is somewhat essential. And without .Net Native support we can't publish to Windows Store to get the IoT device to auto update (currently on way supported).. Perhaps we need to turn to other platforms.

[VadimUmojo]

We just faced with this blocking point for our IoT project that is UWP on Windows IoT Core connecting to Azure IoT Hub and having Azure connection information (hub name, device id, device key) saved in TPM of an IoT device. It looks like an absolutely normal real world scenario, but for some reason this case is missed, and we cannot have the auto update through the store by this way.

[arturl]

Here is a work-around that you can use until we get the TBS APIs fixed for UWP:

async Task<string> GetConnectionStringFromTPM()
{
    var processLauncherOptions = new ProcessLauncherOptions();
    var standardOutput = new InMemoryRandomAccessStream();

    processLauncherOptions.StandardOutput = standardOutput;
    processLauncherOptions.StandardError = null;
    processLauncherOptions.StandardInput = null;

    var processLauncherResult = await ProcessLauncher.RunToCompletionAsync(@"c:\windows\system32\limpet.exe", "0 -ast", processLauncherOptions);
    if (processLauncherResult.ExitCode == 0)
    {
        using (var outStreamRedirect = standardOutput.GetInputStreamAt(0))
        {
            var size = standardOutput.Size;
            using (var dataReader = new DataReader(outStreamRedirect))
            {
                var bytesLoaded = await dataReader.LoadAsync((uint)size);
                var stringRead = dataReader.ReadString(bytesLoaded);
                var result = stringRead.Trim();
                return result;
            }
        }
    }
    else
    {
        throw new Exception("Cannot get connection string");
    }
}

Two things before you can run this:

• Your app must have systemManagement capability enabled in appxmanifest file:

  <Capabilities>
  <Capability Name="internetClient" />
  <iot:Capability Name="systemManagement" />
  </Capabilities>

• Allow ProcessLauncher to execute limpet.exe by running this on the IoT device:

  reg.exe ADD "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\EmbeddedMode\ProcessLauncher" /v AllowedExecutableFilesList /t REG_MULTI_SZ /d "c:\windows\system32\limpet.exe\0"

  More info on ProcessLauncher is here.

[Businesshacker]

Any news on this subject?

[cmassman]

Any progress on this?

[arturl]

Not yet, this is going to take us a bit longer. Is the work-around above not acceptable?

[cmassman]

I did finally get the workaround to work. Thanks!

[mms-]

Are TBS APIs fixed now with Creators or Fall update?

[cmassman]

Does anyone know the command line arguments for limpet.exe? In particular for the -ast argument. I would like to not have it expire. or at least set it for the maximum value.

[Businesshacker]

it is possible, that this feature does not work at all with the newest update (Windows 10 IoT Core 16299)? The azure connector went down on 200 devices in the field ...

[mms-]

Other issue: provision a new device with Azure using IoT Dashboard app, this code can no longer read the device identity.

[zyofeng]

Are there any updates on this? Microsoft.Devices.Tpm haven't been updated since last year and no effort seems to have been made to address this issue. Is Microsoft giving up on Windows IoT and Azure iot Hub?