TPM commands test failures

filipleple commented 7 months ago

Component

Dasharo firmware

Device

Protectli VP2420

Dasharo version

v1.2.0

Dasharo Tools Suite version

No response

Brief summary

Multiple TPM2 Commands tests fail

How reproducible

No response

How to reproduce

Run the TPM2 Commands test

Expected behavior

The test should pass

Actual behavior

Multiple test cases fail:

TPMCMD005.001 CREATEPRIMARY Function Verification
TPMCMD006.001 NVDEFINE and NVUNDEFINE Functions Verification
TPMCMD007.001 CREATE Function
TPMCMD007.002 CREATELOADED Function
TPMCMD008.001 Signing the file
TPMCMD011.001 Performing HMAC operation on the file

Screenshots

Full test log:

https://cloud.3mdeb.com/index.php/s/mGAnQC7J5A9K3FH

Additional context

==============================================================================
Tpm2-Commands
==============================================================================

Checking if tpm2-tools is installed...

Package tpm2-tools is installed
TPMCMD001.001 Check if both SHA1 and SHA256 PCRs are enabled (Ubun... | PASS |
------------------------------------------------------------------------------
TPMCMD002.001 PCRREAD Function Verification (Ubuntu 22.04) :: This... | PASS |
------------------------------------------------------------------------------
TPMCMD003.001 PCREXTEND And PCRRESET Functions (Ubuntu 22.04) :: T... | PASS |
------------------------------------------------------------------------------
TPMCMD003.002 PCREXTEND And PCRRESET Functions - locality protecti... | PASS |
------------------------------------------------------------------------------
TPMCMD004.001 PCREVENT Function (Ubuntu 22.04) :: This test aims t... | PASS |
------------------------------------------------------------------------------
TPMCMD005.001 CREATEPRIMARY Function Verification (Ubuntu 22.04) :... | FAIL |
'WARNING:esys:src/tss2-esys/api/Esys_CreatePrimary.c:400:Esys_CreatePrimary_Finish() Received TPM Error
ERROR:esys:src/tss2-esys/api/Esys_CreatePrimary.c:135:Esys_CreatePrimary() Esys Finish ErrorCode (0x000009a2)
ERROR: Esys_CreatePrimary(0x9A2) - tpm:session(1):authorization failure without DA implications
ERROR: Unable to run tpm2_createprimary' does not contain 'value: sha256'
------------------------------------------------------------------------------
TPMCMD006.001 NVDEFINE and NVUNDEFINE Functions Verification (Ubun... | FAIL |
'WARNING:esys:src/tss2-esys/api/Esys_NV_ReadPublic.c:309:Esys_NV_ReadPublic_Finish() Received TPM Error
ERROR:esys:src/tss2-esys/esys_tr.c:209:Esys_TR_FromTPMPublic_Finish() Error NV_ReadPublic ErrorCode (0x0000018b)
ERROR:esys:src/tss2-esys/esys_tr.c:320:Esys_TR_FromTPMPublic() Error TR FromTPMPublic ErrorCode (0x0000018b)
ERROR: Esys_TR_FromTPMPublic(0x18B) - tpm:handle(1):the handle is not correct for the use
ERROR: Unable to run tpm2_nvread=' does not contain 'nvtest'
------------------------------------------------------------------------------
TPMCMD007.001 CREATE Function (Ubuntu 22.04) :: This test aims to ... | FAIL |
'ERROR: Incorrect handle value, got: "primary.ctx", expected expected [o|p|e|n|l] or a handle number
ERROR: Cannot make sense of object context "primary.ctx"
ERROR: Unable to run tpm2_create' does not contain 'value: sha256'
------------------------------------------------------------------------------
TPMCMD007.002 CREATELOADED Function (Ubuntu 22.04) :: This test ai... | FAIL |
'ERROR: Incorrect handle value, got: "primary.ctx", expected expected [o|p|e|n|l] or a handle number
ERROR: Cannot make sense of object context "primary.ctx"
ERROR: Unable to run tpm2_create' does not contain 'value: sha256'
------------------------------------------------------------------------------
TPMCMD008.001 Signing the file (Ubuntu 22.04) :: Check whether the... | FAIL |
'WARNING:esys:src/tss2-esys/api/Esys_CreatePrimary.c:400:Esys_CreatePrimary_Finish() Received TPM Error
ERROR:esys:src/tss2-esys/api/Esys_CreatePrimary.c:135:Esys_CreatePrimary() Esys Finish ErrorCode (0x000009a2)
ERROR: Esys_CreatePrimary(0x9A2) - tpm:session(1):authorization failure without DA implications
ERROR: Unable to run tpm2_createprimary' contains one or more of 'WARN' or 'ERROR'
------------------------------------------------------------------------------
TPMCMD009.001 Encryption and Decryption of the file (Ubuntu 22.04)... | SKIP |
TPM doesn't supports TPM2_EncryptDecrypt nor TPM2_EncryptDecrypt2
------------------------------------------------------------------------------
TPMCMD010.001 Hashing the file (Ubuntu 22.04) :: Check whether the... | PASS |
------------------------------------------------------------------------------
TPMCMD011.001 Performing HMAC operation on the file (Ubuntu 22.04)... | FAIL |
'WARNING:esys:src/tss2-esys/api/Esys_CreatePrimary.c:400:Esys_CreatePrimary_Finish() Received TPM Error
ERROR:esys:src/tss2-esys/api/Esys_CreatePrimary.c:135:Esys_CreatePrimary() Esys Finish ErrorCode (0x000009a2)
ERROR: Esys_CreatePrimary(0x9A2) - tpm:session(1):authorization failure without DA implications
ERROR: Unable to run tpm2_createprimary' contains one or more of 'WARN' or 'ERROR'
------------------------------------------------------------------------------
Tpm2-Commands                                                         | FAIL |
13 tests, 6 passed, 6 failed, 1 skipped
==============================================================================

Solutions you've tried

No response

macpijan commented 7 months ago

@krystian-hebel Here we have some more failures than in: https://github.com/Dasharo/open-source-firmware-validation/issues/217

Do you think it is also related to the TPM module?

It is this one here: https://eu.protectli.com/product/tpm02/

@pkubaj The same module should be in use on VP6000 series. What are your results here?

macpijan commented 6 months ago

@filipleple Can you summarize this after retesting and fixes (https://github.com/Dasharo/open-source-firmware-validation/pull/266) ? Do we still have that many failures, or maybe just this one https://github.com/Dasharo/open-source-firmware-validation/issues/217 ?

filipleple commented 6 months ago

@macpijan after the fixes this issue seems to be resolved:

==============================================================================
Tpm2-Commands
==============================================================================

Checking if tpm2-tools is installed...

Package tpm2-tools is installed
TPMCMD001.001 Check if both SHA1 and SHA256 PCRs are enabled (Ubun... | PASS |
------------------------------------------------------------------------------
TPMCMD002.001 PCRREAD Function Verification (Ubuntu 22.04) :: This... | PASS |
------------------------------------------------------------------------------
TPMCMD003.001 PCREXTEND And PCRRESET Functions (Ubuntu 22.04) :: T... | PASS |
------------------------------------------------------------------------------
TPMCMD003.002 PCREXTEND And PCRRESET Functions - locality protecti... | PASS |
------------------------------------------------------------------------------
TPMCMD004.001 PCREVENT Function (Ubuntu 22.04) :: This test aims t... | PASS |
------------------------------------------------------------------------------
TPMCMD005.001 CREATEPRIMARY Function Verification (Ubuntu 22.04) :... | PASS |
------------------------------------------------------------------------------
TPMCMD006.001 NVDEFINE and NVUNDEFINE Functions Verification (Ubun... | PASS |
------------------------------------------------------------------------------
TPMCMD007.001 CREATE Function (Ubuntu 22.04) :: This test aims to ... | PASS |
------------------------------------------------------------------------------
TPMCMD007.002 CREATELOADED Function (Ubuntu 22.04) :: This test ai... | PASS |
------------------------------------------------------------------------------
TPMCMD008.001 Signing the file (Ubuntu 22.04) :: Check whether the... | PASS |
------------------------------------------------------------------------------
TPMCMD009.001 Encryption and Decryption of the file (Ubuntu 22.04)... | SKIP |
TPM doesn't supports TPM2_EncryptDecrypt nor TPM2_EncryptDecrypt2
------------------------------------------------------------------------------
TPMCMD010.001 Hashing the file (Ubuntu 22.04) :: Check whether the... | PASS |
------------------------------------------------------------------------------
TPMCMD011.001 Performing HMAC operation on the file (Ubuntu 22.04)... | PASS |
------------------------------------------------------------------------------
Tpm2-Commands                                                         | PASS |
13 tests, 12 passed, 0 failed, 1 skipped
==============================================================================

Dasharo / dasharo-issues

TPM commands test failures #782

Component

Device

Dasharo version

Dasharo Tools Suite version

Brief summary

How reproducible

How to reproduce

Expected behavior

Actual behavior

Screenshots

Additional context

Solutions you've tried