search

Azure / confidential-computing-cvm-guest-attestation

Confidential VM Platform Guest attestation sample apps
MIT License
61 stars 39 forks source link

Failed to read from TPM NV RAM, code=330 #5

Open noamshalev opened 2 years ago

noamshalev commented 2 years ago

By following the documentation I get the below error. Error is reproduced in more than one confidential VM, and it doesn't matter whether I use the pre-built sample-client or build the sample code locally and execute it. 

azureuser@test:sample-client$ sudo ./AttestationClient

Initiating Guest Attestation
Level: Info Tag: AttestatationClientLib ParseURL:519:Attestation URL info - protocol {https}, domain {sharedeus.eus.test.attest.azure.net}
Level: Info Tag: AttestatationClientLib Attest:99:Attestation URL - https://sharedeus.eus.test.attest.azure.net/attest/AzureGuest?api-version=2020-10-01
Level: Info Tag: AttestatationClientLib GetOSInfo:600:Retrieving OS Info
Level: Info Tag: AttestatationClientLib GetIsolationInfo:670:Retrieving Isolation Info
Level: Debug Tag: AttestatationClientLib GetVCekCert:63:VCek cert received from IMDS successfully
WARNING:esys:src/tss2-esys/api/Esys_NV_Read.c:311:Esys_NV_Read_Finish() Received TPM Error
ERROR:esys:src/tss2-esys/api/Esys_NV_Read.c:105:Esys_NV_Read() Esys Finish ErrorCode (0x0000014a)
Level: Error Tag: AttestatationClientLib GetTpmInfo:574:Failed Tpm operation:330 Error:tpm2-tss exception : message=Failed to read from TPM NV RAM, code=330
Level: Error Tag: AttestatationClientLib getAttestationParameters:462:Failed to get Tpm information with error:tpm2-tss exception : message=Failed to read from TPM NV RAM, code=330
Level: Error Tag: AttestatationClientLib Attest:113:Failed to get attestation parameters with error:tpm2-tss exception : message=Failed to read from TPM NV RAM, code=330
Attestation call failed with following error code: -13 and description: tpm2-tss exception : message=Failed to read from TPM NV RAM, code=330

Any hints?

demirsenturk commented 2 years ago

Encountered the same error with DC2ads_v5 (8GB RAM). Here is what worked for me: Used bigger VM sizes like DC4ads_v5 (16GB RAM), DC8ads_v5 (32GB RAM) line 35 of main.cpp - Set the Attestation URL to "https://sharedeus2.eus2.attest.azure.net" as follows: std::string attestation_url = "https://sharedeus2.eus2.attest.azure.net";

noamshalev commented 2 years ago

@demirsenturk thanks! Worked like a charm