Errors on the simplest forms of the command

treyweaver commented 4 years ago

I am using the new version of ubuntu 20.04. And then downloaded clevis from the Ubuntu repository and ran the simplest command from you man page: clevis encrypt tpm2 '{}' < msg.in > msg.out

And here is what I got out:

WARNING:esys:src/tss2-esys/api/Esys_CreatePrimary.c:389:Esys_CreatePrimary_Finish() Received TPM Error ERROR:esys:src/tss2-esys/api/Esys_CreatePrimary.c:135:Esys_CreatePrimary() Esys Finish ErrorCode (0x000009a2) ERROR: Esys_CreatePrimary(0x9A2) - tpm:session(1):authorization failure without DA implications ERROR: Unable to run tpm2_createprimary Creating TPM2 primary key failed!

Tried the second example on you man page: clevis encrypt tpm2 '{"hash":"sha1","key":"rsa"}' < msg.in > msg.out

And got: "Parsing the requested policy failed!"

I just want to encrypt and decrypt a file using TPM2.

sergio-correia commented 4 years ago

I am using the new version of ubuntu 20.04. And then downloaded clevis from the Ubuntu repository and ran the simplest command from you man page: clevis encrypt tpm2 '{}' < msg.in > msg.out

And here is what I got out:

WARNING:esys:src/tss2-esys/api/Esys_CreatePrimary.c:389:Esys_CreatePrimary_Finish() Received TPM Error ERROR:esys:src/tss2-esys/api/Esys_CreatePrimary.c:135:Esys_CreatePrimary() Esys Finish ErrorCode (0x000009a2) ERROR: Esys_CreatePrimary(0x9A2) - tpm:session(1):authorization failure without DA implications ERROR: Unable to run tpm2_createprimary Creating TPM2 primary key failed!

What's the output of tpm2_getcap algorithms?

Tried the second example on you man page: clevis encrypt tpm2 '{"hash":"sha1","key":"rsa"}' < msg.in > msg.out

And got: "Parsing the requested policy failed!"

This issue was fixed in clevis-13; as a workaround, try to specify an empty list of pcr_ids: '{"hash":"sha1","key":"rsa","pcr_ids":""}'

I just want to encrypt and decrypt a file using TPM2.

alexsmartens commented 4 years ago

I'm having errors with every command on Ubuntu 20.04, examples:

$ echo foo | clevis encrypt tpm2 '{}' > secret.jwe

Command 'clevis-encrypt-tpm2-{}' is invalid

Usage: clevis COMMAND [OPTIONS]

  clevis decrypt      Decrypts using the policy defined at encryption time
  clevis encrypt sss  Encrypts using a Shamir's Secret Sharing policy
  clevis encrypt tang Encrypts using a Tang binding server policy
  clevis luks bind    Binds a LUKS device using the specified policy
  clevis luks unbind  Unbinds a pin bound to a LUKS volume
  clevis luks unlock  Unlocks a LUKS volume

or

echo foo | clevis encrypt tpm2 '{"key": "rsa", "pcr_ids": "7"}' > secret.jwe

Command 'clevis-encrypt-tpm2-{"key": "rsa", "pcr_ids": "7"}' is invalid

Any ideas?

sergio-correia commented 4 years ago

I'm having errors with every command on Ubuntu 20.04, examples:

$ echo foo | clevis encrypt tpm2 '{}' > secret.jwe

Command 'clevis-encrypt-tpm2-{}' is invalid

Usage: clevis COMMAND [OPTIONS]

  clevis decrypt      Decrypts using the policy defined at encryption time
  clevis encrypt sss  Encrypts using a Shamir's Secret Sharing policy
  clevis encrypt tang Encrypts using a Tang binding server policy
  clevis luks bind    Binds a LUKS device using the specified policy
  clevis luks unbind  Unbinds a pin bound to a LUKS volume
  clevis luks unlock  Unlocks a LUKS volume

or

echo foo | clevis encrypt tpm2 '{"key": "rsa", "pcr_ids": "7"}' > secret.jwe

Command 'clevis-encrypt-tpm2-{"key": "rsa", "pcr_ids": "7"}' is invalid

Any ideas?

Do you have the clevis-tpm2 package installed?

alexsmartens commented 4 years ago

I only installed clevis clevis-dracut clevis-udisks2 as per the instruction on the main page.

Thanks @sergio-correia, installing clevis-tpm2 solved my problem

latchset / clevis

Errors on the simplest forms of the command #198