Open erdnaxe opened 1 year ago
I have found a workaround for this.
The tss2 utils are using /nix/store/...-tpm2-tss-3.2.0/etc/tpm2-tss/fapi-config.json
for its config. This can be overridden with the TSS2_FAPICONF environment variable.
To fix the issue, set the TSS2_FAPICONF environment variable to the path to a copy of the aforementioned config file, but with "nix/store/...-tpm2-tss-3.2.0" stripped from the values of the "system_dir" and "log_dir" keys (note that "profile_dir" should keep the store path).
The package should be fixed so that it's config file works out of the box, though for now this workaround works.
I have a nixos module to apply the workaround here: https://github.com/accelbread/config-flake/blob/7d23c5b9ecb560ebb10b6df3f2006db224a704a6/nix/nixosModules/tpm2-tss-fapi.nix
can the fix for this be upstreamed? I have the same problem
Describe the bug
tss2_provision is unable to create keystore policy directories, and fails to init the on-disk keystore.
Steps To Reproduce
Steps to reproduce the behavior:
nix-shell -p tpm2-tools --run tss2_provision
Expected behavior
I would expect the keystore to be provisioned from my TPM, without any error messages.
Screenshots
Additional context
These error message are also showed when using OpenSSH with the PKCS11 provider, see https://nixos.wiki/wiki/TPM.
Notify maintainers
@delroth
Metadata
Please run
nix-shell -p nix-info --run "nix-info -m"
and paste the result.