Unexpected error opening the device (0x00000010)

[krishnanganapathy-amazon]

Hi Peter, I have tried this code using SLB 9670 on two RPIs model Raspberry Pi 3 Model B Rev 1.2. I have also updated the RPI andthe Kernel to the latest version as mentioned in the pre-requisites by you.

Also enabled the SPI interface. After performing these steps when I run the comand sudo ./eltt2 -g

I get the following error:

Error opening the device. Unexpected error: 0x00000010

Another piece of background information Around 31st of May I tried the same TPM with one of the RPIs and I was able to see the TPM information. I had set keys on the Platform & endorsement hierarchy. If you can let me know if I need to reset the TPM and try this out again. I tried to figure out steps to reset the TPM to clear the stored keys but I dont think i succeeded here. It will be great if you have any pointers.

Thanks Krishnan (AWS)

[PeterHuewe]

Hi, /dev/tpm0 is there? Which Kernel version are you using? Can you post your /boot/config.txt? Can you share the output of dmesg?

Peter

[PeterHuewe]

Hi Krishnan, the reason you are getting the error is because the tabrm is already running. (due to your previous work in may).

Try stopping the tpm2-abrmd.service first: sudo systemctl stop tpm2-abrmd.service before running eltt2. After eltt2 works, you can start it again using sudo systemctl start tpm2-abrmd.service

[krishnanganapathy-amazon]

Hi Peter, Thanks so much for the tip. I have been able to proceed and now my GG core is successfully integrated with SLB 9670.

Just pasting the relevant configuration from /greengrass/config/config.json below : "crypto" : { "PKCS11": { "OpenSSLEngine": "/usr/lib/arm-linux-gnueabihf/engines-1.1/pkcs11.so", "P11Provider": "/usr/lib/arm-linux-gnueabihf/pkcs11/libtpm2_pkcs11.so", "SlotLabel": "greengrass18", "SlotUserPin": "123456" }, "principals" : { "IoTCertificate" : { "privateKeyPath" : "pkcs11:model=SLB9670;manufacturer=Infineon;serial=0000000000000000;token=greengrass18;object=greenkey;type=private", "certificatePath" : "file:///greengrass/certs/2330b4c8b2-certificate.pem.crt" }, "MQTTServerCertificate" : { "privateKeyPath" : "pkcs11:model=SLB9670;manufacturer=Infineon;serial=0000000000000000;token=greengrass18;object=greenkey;type=private", "certificatePath" : "file:///greengrass/certs/2330b4c8b2-certificate.pem.crt" } }, I will try to deploy a few lambda functions and subscriptions to verify this further but if there is any other point of validation please let me know.

[krishnanganapathy-amazon]

Just to double-check the integration, i restarted the GG but w/o the SLB9670 plugged into RPi and got the following error:

[pi@raspberrypi:~ $ sudo /greengrass/ggc/core/greengrassd start
Setting up greengrass daemon
Validating hardlink/softlink protection
Waiting for up to 1m10s for Daemon to start

** (process:986): CRITICAL **: failed to allocate dbus proxy object: Error calling StartServiceByName for com.intel.tss2.Tabrmd: GDBus.Error:org.freedesktop.DBus.Error.TimedOut: Failed to activate service 'com.intel.tss2.Tabrmd': timed out
ERROR: tcti init allocation routine failed for library: "tabrmd" options: "(null)"
WARNING:esys:src/tss2-esys/esys_context.c:118:Esys_Finalize() Finalizing NULL context. 
ERROR: Could not initialize tpm ctx: 0x5
2019/07/01 01:24:28 Failed to initialize PKCS#11 library: pkcs11: 0x5: CKR_GENERAL_ERROR
Error occured while generating TLS config: pkcs11: 0x5: CKR_GENERAL_ERROR
The Greengrass daemon process with [pid = 986] died](url)

Trust this is pretty much validates the integration.

[PeterHuewe]

I think we can close this. Feel free to reopen.