Closed mlilien closed 2 years ago
is that correct?: https://github.com/Azure/iot-identity-service/blob/c281b76772f16d7389fd6b25872c2119e539eab8/tpm/aziot-tpmd/src/lib.rs#L259
as far as i understand you want to store to tss_minimal::handle::PERSISTENT_OBJECT_BASE + config.shared.auth_key_index
?
@onalante-msft ?
Resolution at #451. My apologies about the inconvenience.
@arsing @onalante-msft
with the new default auth_key_index
from #451 i get the following errors:
Sep 01 05:12:03 raspberrypi4-64 systemd[1]: Started Azure IoT TPM Service.
Sep 01 05:12:03 raspberrypi4-64 aziot-tpmd[626]: 2022-09-01T05:12:03Z [INFO] - Starting service...
Sep 01 05:12:03 raspberrypi4-64 aziot-tpmd[626]: 2022-09-01T05:12:03Z [INFO] - Version - dev build
Sep 01 05:12:03 raspberrypi4-64 aziot-tpmd[626]: 2022-09-01T05:12:03Z [INFO] - Starting server...
Sep 01 05:12:44 raspberrypi4-64 aziot-tpmd[626]: 2022-09-01T05:12:44Z [INFO] - <-- POST /sign_with_auth_key?api-version=2020-09-01 {"content-type": "application/json", "host": "tpmd.sock", "content-length": "103"}
Sep 01 05:12:44 raspberrypi4-64 aziot-tpmd[626]: WARNING:esys:../tpm2-tss-3.2.0/src/tss2-esys/api/Esys_HMAC.c:300:Esys_HMAC_Finish() Received TPM Error
Sep 01 05:12:44 raspberrypi4-64 aziot-tpmd[626]: ERROR:esys:../tpm2-tss-3.2.0/src/tss2-esys/api/Esys_HMAC.c:100:Esys_HMAC() Esys Finish ErrorCode (0x0000018a)
Sep 01 05:12:44 raspberrypi4-64 aziot-tpmd[626]: [[0;1;31m[[0;1;39m[[0;1;31m2022-09-01T05:12:44Z [ERR!] - !!! internal error[[0m
Sep 01 05:12:44 raspberrypi4-64 aziot-tpmd[626]: [[0;1;31m[[0;1;39m[[0;1;31m2022-09-01T05:12:44Z [ERR!] - !!! caused by: could not sign with auth key[[0m
Sep 01 05:12:44 raspberrypi4-64 aziot-tpmd[626]: [[0;1;31m[[0;1;39m[[0;1;31m2022-09-01T05:12:44Z [ERR!] - !!! caused by: tpm:handle(1):the type of the value is not appropriate for the use[[0m
Sep 01 05:12:44 raspberrypi4-64 aziot-tpmd[626]: 2022-09-01T05:12:44Z [INFO] - --> 500 {"content-type": "application/json"}
Sep 01 05:12:44 raspberrypi4-64 aziot-tpmd[626]: 2022-09-01T05:12:44Z [INFO] - <-- GET /get_tpm_keys?api-version=2020-09-01 {"host": "tpmd.sock"}
Sep 01 05:12:44 raspberrypi4-64 aziot-tpmd[626]: 2022-09-01T05:12:44Z [INFO] - --> 200 {"content-type": "application/json"}
Sep 01 05:12:45 raspberrypi4-64 aziot-tpmd[626]: 2022-09-01T05:12:45Z [INFO] - <-- POST /import_auth_key?api-version=2020-09-01 {"content-type": "application/json", "host": "tpmd.sock", "content-length": "1178"}
Sep 01 05:12:45 raspberrypi4-64 aziot-tpmd[626]: WARNING:esys:../tpm2-tss-3.2.0/src/tss2-esys/api/Esys_ActivateCredential.c:321:Esys_ActivateCredential_Finish() Received TPM Error
Sep 01 05:12:45 raspberrypi4-64 aziot-tpmd[626]: ERROR:esys:../tpm2-tss-3.2.0/src/tss2-esys/api/Esys_ActivateCredential.c:105:Esys_ActivateCredential() Esys Finish ErrorCode (0x0000018b)
Sep 01 05:12:45 raspberrypi4-64 aziot-tpmd[626]: [[0;1;31m[[0;1;39m[[0;1;31m2022-09-01T05:12:45Z [ERR!] - !!! internal error[[0m
Sep 01 05:12:45 raspberrypi4-64 aziot-tpmd[626]: [[0;1;31m[[0;1;39m[[0;1;31m2022-09-01T05:12:45Z [ERR!] - !!! caused by: could not import auth key[[0m
Sep 01 05:12:45 raspberrypi4-64 aziot-tpmd[626]: [[0;1;31m[[0;1;39m[[0;1;31m2022-09-01T05:12:45Z [ERR!] - !!! caused by: tpm:handle(1):the handle is not correct for the use[[0m
Sep 01 05:12:45 raspberrypi4-64 aziot-tpmd[626]: 2022-09-01T05:12:45Z [INFO] - --> 500 {"content-type": "application/json"}
Sep 01 05:12:50 raspberrypi4-64 aziot-tpmd[626]: 2022-09-01T05:12:50Z [INFO] - <-- POST /sign_with_auth_key?api-version=2020-09-01 {"content-type": "application/json", "host": "tpmd.sock", "content-length": "103"}
Sep 01 05:12:50 raspberrypi4-64 aziot-tpmd[626]: WARNING:esys:../tpm2-tss-3.2.0/src/tss2-esys/api/Esys_HMAC.c:300:Esys_HMAC_Finish() Received TPM Error
Sep 01 05:12:50 raspberrypi4-64 aziot-tpmd[626]: ERROR:esys:../tpm2-tss-3.2.0/src/tss2-esys/api/Esys_HMAC.c:100:Esys_HMAC() Esys Finish ErrorCode (0x00000184)
Sep 01 05:12:50 raspberrypi4-64 aziot-tpmd[626]: [[0;1;31m[[0;1;39m[[0;1;31m2022-09-01T05:12:50Z [ERR!] - !!! internal error[[0m
Sep 01 05:12:50 raspberrypi4-64 aziot-tpmd[626]: [[0;1;31m[[0;1;39m[[0;1;31m2022-09-01T05:12:50Z [ERR!] - !!! caused by: could not sign with auth key[[0m
Sep 01 05:12:50 raspberrypi4-64 aziot-tpmd[626]: [[0;1;31m[[0;1;39m[[0;1;31m2022-09-01T05:12:50Z [ERR!] - !!! caused by: tpm:handle(1):value is out of range or is not correct for the context[[0m
Sep 01 05:12:50 raspberrypi4-64 aziot-tpmd[626]: 2022-09-01T05:12:50Z [INFO] - --> 500 {"content-type": "application/json"}
Sep 01 05:12:50 raspberrypi4-64 aziot-tpmd[626]: 2022-09-01T05:12:50Z [INFO] - <-- GET /get_tpm_keys?api-version=2020-09-01 {"host": "tpmd.sock"}
Sep 01 05:12:50 raspberrypi4-64 aziot-tpmd[626]: WARNING:esys:../tpm2-tss-3.2.0/src/tss2-esys/api/Esys_ReadPublic.c:320:Esys_ReadPublic_Finish() Received TPM Error
Sep 01 05:12:50 raspberrypi4-64 aziot-tpmd[626]: ERROR:esys:../tpm2-tss-3.2.0/src/tss2-esys/api/Esys_ReadPublic.c:104:Esys_ReadPublic() Esys Finish ErrorCode (0x0000018b)
Sep 01 05:12:50 raspberrypi4-64 aziot-tpmd[626]: [[0;1;31m[[0;1;39m[[0;1;31m2022-09-01T05:12:50Z [ERR!] - !!! internal error[[0m
Sep 01 05:12:50 raspberrypi4-64 aziot-tpmd[626]: [[0;1;31m[[0;1;39m[[0;1;31m2022-09-01T05:12:50Z [ERR!] - !!! caused by: could not get TPM keys[[0m
Sep 01 05:12:50 raspberrypi4-64 aziot-tpmd[626]: [[0;1;31m[[0;1;39m[[0;1;31m2022-09-01T05:12:50Z [ERR!] - !!! caused by: tpm:handle(1):the handle is not correct for the use[[0m
Sep 01 05:12:50 raspberrypi4-64 aziot-tpmd[626]: 2022-09-01T05:12:50Z [INFO] - --> 500 {"content-type": "application/json"}
Sep 01 05:12:55 raspberrypi4-64 aziot-tpmd[626]: 2022-09-01T05:12:55Z [INFO] - <-- POST /sign_with_auth_key?api-version=2020-09-01 {"content-type": "application/json", "host": "tpmd.sock", "content-length": "103"}
...
isn't the new default PERSISTENT_OBJECT_BASE + default_ak_index() == STORAGE_ROOT_KEY
and therefore i get the errors above?
if i configure auth_key_index = 0x00_10_10
in config.toml
it works.
Yes, the storage root key is also incorrect. It should be PERSISTENT_OBJECT_BASE + 0x00_00_01
[^1]. The default authentication key index should also be reverted to PERSISTENT_OBJECT_BASE + 0x00_01_00
.
[^1]: https://trustedcomputinggroup.org/wp-content/uploads/TCG-TPM-v2.0-Provisioning-Guidance-Published-v1r1.pdf Table 2
@mlilien I ran tests with a VM, but could you also try the current main
with your device?
it works, thank you (tested with 1.4 + 451.diff + 454.diff).
my /etc/aziot/config.toml is configured with
failure log of
aziot-tpmd
is:available persistent handles: