Closed ferdinan4 closed 4 years ago
I don't know what could be wrong with your setup. The test cases for swtpm cover certificate creation, so does make check
succeed, in case you have the sources installed? You should be able to run all these test case with a non-root user.
# ./tests/test_tpm2_swtpm_setup_create_cert
TPM is listening on TCP port 41437.
Test 1: OK
TPM is listening on TCP port 55315.
Test 2: OK
# ./tests/test_tpm2_swtpm_cert
Test 1: OK
Test 2: OK
Test 3: OK
Test 4: OK
# ./tests/test_tpm2_swtpm_cert_ecc
Test 1: OK
Test 2: OK
Test 3: OK
Test 4: OK
Hi Stefan, Sorry for the delay in my answer, I was trying to figure out where it is the problem:
I am doing some modification in the libtpms, in order to add new algorithms (Do you have any example of which files we have to modify to follow as a reference).
I guess at the beguinning that due these modifications, I have this problem:
The tests: [krilin4@localhost tests]$ ./test_tpm2_swtpm_cert_ecc Test 1: OK Test 2: OK Test 3: OK Test 4: OK
[krilin4@localhost tests]$ ./test_tpm2_swtpm_cert Test 1: OK Test 2: OK Test 3: OK Test 4: OK
works well but, the problem it is in [krilin4@localhost swtpm-0.2.0]$ ./tests/test_tpm2_swtpm_setup_create_cert TPM is listening on TCP port 61439. Error: Could not run ./tests/../src/swtpm_setup/swtpm_setup. Logfile output: Starting vTPM manufacturing as krilin4:krilin4 @ Wed 11 Dec 2019 15:44:43 GMT Error: TPM2_Stirrandom() failed Error: expected: 80 01 00 00 00 0a 00 00 00 00 Error: received: 80 01 00 00 00 0a 00 00 01 d5 Error: TPM2_ChangeEPS() failed Error: expected: 80 02 00 00 00 13 00 00 00 00 00 00 00 00 00 00 01 00 00 Error: received: 80 01 00 00 00 0a 00 00 09 9a Error: tpm2_create_ek failed Error: An error occurred. Authoring the TPM state failed. Ending vTPM manufacturing @ Wed 11 Dec 2019 15:44:43 GMT
I found in another issue related with this problem, talking about the permissions of user tss, so after executing this command:
**sudo chown tss: /tmp/myvtpm2/**
**sudo swtpm_setup --tpm-state /tmp/myvtpm2 --create-platform-cert --create-ek-cert**
TPM is listening on TCP port 35275. Successfully created EK. TSS is listening on TCP port 46067. Successfully took ownership of the TPM. Invoking: /usr/share/swtpm/swtpm-localca --type ek --ek 9ff971fb37bc085f8dffb6c5969130d28e375fd0d6b60d65bda6cfa520fe5bf54afbb93b7566f6e1f1545b4dc1a5f3ad8408e43ccd0f0a618eb2df7da65f706e1897cd6e262bd61b44836e2c82eb3d72b1f6cb68ed84cc93a114e53144438a886d5e01142fe9eaed29b432b72ad01d24fc06aff3c5aa2b495e377c21bbba63f2f5ed7b711e2d08f2ef2ea4a9827f88d9d0956e5e28faae1c730c3537236ac04de02496c1dc822b34535ea61f580a86cea76559bdb5500408a690092124990d26a91b39d436ddb96b467caddb4104f12cc7f199105c9a6642f2b7682a2c857825d8d47a1b3610aaabb3f8ed0b98e4fd49e57fa9992afd03656d092818617490c3 --dir /tmp/myvtpm2 --tpm-spec-family 1.2 --tpm-spec-level 2 --tpm-spec-revision 116 --tpm-manufacturer id:00001014 --tpm-model swtpm --tpm-version id:00740001 --configfile "/etc/swtpm-localca.conf" --optsfile "/etc/swtpm-localca.options" swtpm-localca: Creating root CA and a local CA's signing key and issuer cert. swtpm-localca: Successfully created EK certificate locally. Invoking: /usr/share/swtpm/swtpm-localca --type platform --ek 9ff971fb37bc085f8dffb6c5969130d28e375fd0d6b60d65bda6cfa520fe5bf54afbb93b7566f6e1f1545b4dc1a5f3ad8408e43ccd0f0a618eb2df7da65f706e1897cd6e262bd61b44836e2c82eb3d72b1f6cb68ed84cc93a114e53144438a886d5e01142fe9eaed29b432b72ad01d24fc06aff3c5aa2b495e377c21bbba63f2f5ed7b711e2d08f2ef2ea4a9827f88d9d0956e5e28faae1c730c3537236ac04de02496c1dc822b34535ea61f580a86cea76559bdb5500408a690092124990d26a91b39d436ddb96b467caddb4104f12cc7f199105c9a6642f2b7682a2c857825d8d47a1b3610aaabb3f8ed0b98e4fd49e57fa9992afd03656d092818617490c3 --dir /tmp/myvtpm2 --tpm-spec-family 1.2 --tpm-spec-level 2 --tpm-spec-revision 116 --tpm-manufacturer id:00001014 --tpm-model swtpm --tpm-version id:00740001 --configfile "/etc/swtpm-localca.conf" --optsfile "/etc/swtpm-localca.options" swtpm-localca: Successfully created platform certificate locally. Successfully created NVRAM area for EK certificate. Successfully created NVRAM area for platform certificate. Successfully gave up ownership of the TPM. Successfully enabled and activated the TPM
Successfully authored TPM state.
Looks as it is working properly for TPM 1.2 but not for TPM 2.0.
Any idea about how can I debug or trace this data?
Error: TPM2_Stirrandom() failed Error: expected: 80 01 00 00 00 0a 00 00 00 00 Error: received: 80 01 00 00 00 0a 00 00 01 d5
Error: TPM2_ChangeEPS() failed Error: expected: 80 02 00 00 00 13 00 00 00 00 00 00 00 00 00 00 01 00 00 Error: received: 80 01 00 00 00 0a 00 00 09 9a Error: tpm2_create_ek failed
Many Thanks in advance..
Fernando
What algorithm are you trying to add?
As for this error here:
Error: TPM2_Stirrandom() failed Error: expected: 80 01 00 00 00 0a 00 00 00 00 Error: received: 80 01 00 00 00 0a 00 00 01 d5
The error code 0x1d5 means 'structure is the wrong size Parameter number 1'. Did you change something on the swtpm_setup side?
No, Just some modification in libtpms. :S
Do you know how can I trace the error?
Thanks
I am trying to add Kyber
You could either look for a simpler client tool to cause the issue or you would have to go into swtpm_setup.sh{.in} and add a 'sleep 20' or something like that into the script to give you time to determine the process id of swtpm and then hook gdb via gdb pid <pid>
onto swtpm and then set a breakpoint at TPM2_Process
or at _rpc__Send_Command
to then single step through the code.
Another strategy would be to disable some of the code you added to libtpms to see which changes are breaking the client tool.
As for Kyper I would suggest to go through the TPM working group to get this [spec'ed and] accepted. Prototyping with libtpms is fine, of course, but TCG needs to accept it and possibly extend specs and add it to the algorithm registry.
I don't think I can help with this issue and since this error occurs only after you made modifications to libtpms, can you close it?
hello there, i am having a possibly related issue...
"Days must be a positive number."
i can confirm this problem with: ubuntu 21.10 ubuntu 21.04
problem does not happen with: debian 11 bullseye ubuntu 20.04 lts windows 11 current windows 10 current
"situation": running libvirt / qemu on a ubuntu 20.04 lts host machine
hardware on host: cpu: intel core i3, passed through to the guest. host is rocking the current generic kernel (also tried with 5.8 "lts kernel" on host, same result)
swtpm version: current from git, built like this: "sudo make clean install"
Starting vTPM manufacturing as tss:tss @ Thu 14 Oct 2021 07:10:31 PM CEST Successfully created RSA 2048 EK with handle 0x81010001. Invoking /usr/local/share/swtpm/swtpm-localca --type ek --ek af522c8509e78ab4506a6b6975371d47710406965b1c4b5f6d433ddaa129e16ccf677d0ba620863410372c9874ec64a69e383d255d0923a86bbc050f7ab6f2351ee46e749923b3eeaa00b4f16599fbf050c5d174b0aa803505089f699b503d5f309844850b494e0c564c4a08f680eba3b1b92b81e590ea43e417224c2cf2ba0c597530907aa724b80cefd28e8b620d7a754c34698922e3786674433678e2263847eb7e22f70d943dad86ca92025450ec8753bdd21eb601454fde6c5b32358c79a7176b0026b2366d00f0b566c19c77dbe59e869b10858e730567e5258ac8b1d7be8715babc1133bdf393b7fa7c401ad6813634426c55c8a26204c1f3e572d9a5 --dir /tmp/swtpm_setup.certs.21WIB1 --logfile /var/log/swtpm/libvirt/qemu/ubuntu2110-swtpm.log --vmid ubuntu2110:c685c55f-fdee-4d85-af20-cac9ee28ca28 --tpm-spec-family 2.0 --tpm-spec-level 0 --tpm-spec-revision 164 --tpm-manufacturer id:00001014 --tpm-model swtpm --tpm-version id:20191023 --tpm2 --configfile /usr/local/etc/swtpm-localca.conf --optsfile /usr/local/etc/swtpm-localca.options Could not create EK certificate locally Days must be a positive number.
swtpm-localca exit with status 256: An error occurred. Authoring the TPM state failed. Error getting next filename: No child processes Ending vTPM manufacturing @ Thu 14 Oct 2021 07:10:31 PM CEST Starting vTPM manufacturing as tss:tss @ Thu 14 Oct 2021 10:23:58 PM CEST Successfully created RSA 2048 EK with handle 0x81010001. Invoking /usr/local/share/swtpm/swtpm-localca --type ek --ek c61089aa20e57c23552e60995cd1448508318b6ce197279caefc94755fc37e8dcee08368ff2d4b0b37645c686fd2fa8d07598dbadb2473059f46e3248bc39aebdf55971c8fb9b6120770dfedbbeb3722d9a6c8f653165e73d259959882106706ef28077ddf5809a07380684fb9291dc463baf4c13fb60c61ab3ee35e98ff54b213a0132e2d7706fc09ca2d1f62525555217e974209cfbe49fcb122f1e2bea848f8bbb1e0963ce34b5cf3d8ae1afa4c6ef0a16359b4258cf121bf226a6d23df04efd56c32b5cc61d18fabd898b1ecc7227f36f89218ac5d9ce11d03ef2d7c4100d0bb958182378668b57c41b46b03e3f5b90901fe3836ec7343bbb0a95d3e1097 --dir /tmp/swtpm_setup.certs.TDNHB1 --logfile /var/log/swtpm/libvirt/qemu/ubuntu2110-swtpm.log --vmid ubuntu2110:c685c55f-fdee-4d85-af20-cac9ee28ca28 --tpm-spec-family 2.0 --tpm-spec-level 0 --tpm-spec-revision 164 --tpm-manufacturer id:00001014 --tpm-model swtpm --tpm-version id:20191023 --tpm2 --configfile /usr/local/etc/swtpm-localca.conf --optsfile /usr/local/etc/swtpm-localca.options Could not create EK certificate locally Days must be a positive number.
swtpm-localca exit with status 256: An error occurred. Authoring the TPM state failed. Error getting next filename: No child processes Ending vTPM manufacturing @ Thu 14 Oct 2021 10:23:58 PM CEST Starting vTPM manufacturing as tss:tss @ Thu 14 Oct 2021 10:24:19 PM CEST Successfully created RSA 2048 EK with handle 0x81010001. Invoking /usr/local/share/swtpm/swtpm-localca --type ek --ek 87dec0f3eef318e9bec5ab9c18439aea421b5b85df81a9d621c62ae77726534f443164d1e47fa0730495e009199d96653273f694acc7e443f8ec5c20a105b3b8c33850d88daa0f52fc16ebf1322da276246aa4e0f31de93d23c9d59f34551585d75144b626f6a3980f1d415eb41755786858219148d587b7401745880143cecf25f7602cf3d327e680191c4b1896624ce1e2cab0093d630fd820cf9a75bb24c1299d8e16296182f4dd68137d95f138b2f78ff02c081434b477f1ed9cd91d94deb6d9be78784e174c02dc5c8929416040ba06bc500d4f2b71439ab79f872adae4f2ab369d0760e0a1ef3e5ceabc0787da9f9fc19be804353e7772d8abc0952e93 --dir /tmp/swtpm_setup.certs.3YJBB1 --logfile /var/log/swtpm/libvirt/qemu/ubuntu2110-swtpm.log --vmid ubuntu2110:c685c55f-fdee-4d85-af20-cac9ee28ca28 --tpm-spec-family 2.0 --tpm-spec-level 0 --tpm-spec-revision 164 --tpm-manufacturer id:00001014 --tpm-model swtpm --tpm-version id:20191023 --tpm2 --configfile /usr/local/etc/swtpm-localca.conf --optsfile /usr/local/etc/swtpm-localca.options Could not create EK certificate locally Days must be a positive number.
swtpm-localca exit with status 256: An error occurred. Authoring the TPM state failed. Error getting next filename: No child processes Ending vTPM manufacturing @ Thu 14 Oct 2021 10:24:19 PM CEST Starting vTPM manufacturing as tss:tss @ Fri 15 Oct 2021 11:09:55 PM CEST Successfully created RSA 2048 EK with handle 0x81010001. Invoking /usr/local/share/swtpm/swtpm-localca --type ek --ek a1efbadef5d04d5a8dc73882484326b5674f33e98bf48825f05f48e75a1393ded2ce6d705bfe0a0ea26e02aad7b0f90d7a5ba73886ff19fd6f0d8af34d79029f220d523b491a1f079f7526565e7c58af25364f35bfeeadf8a88c1b864937ca165c6ac3768b7882df3616a886f3b97c848061ca2cc794d9daebd9d0b9e2fb83268d0ee2ccd9e2034129d8550d933378f6be605c152dbcf62ee7ff3ee138400c0469a4136c5c731e558f38addbd44086374719ca142a63edc6b6409d9b368b70d28e17c2d1fb63157c872c2a12be6af85fe3fbf6dad8dc94df17a6e0cc179b12303fe625e0c06196035cd65b6267121e82af934d4c2e2684aff445b5fb98ef569b --dir /tmp/swtpm_setup.certs.0T4XA1 --logfile /var/log/swtpm/libvirt/qemu/ubuntu2110-swtpm.log --vmid ubuntu2110:c685c55f-fdee-4d85-af20-cac9ee28ca28 --tpm-spec-family 2.0 --tpm-spec-level 0 --tpm-spec-revision 164 --tpm-manufacturer id:00001014 --tpm-model swtpm --tpm-version id:20191023 --tpm2 --configfile /usr/local/etc/swtpm-localca.conf --optsfile /usr/local/etc/swtpm-localca.options Could not create EK certificate locally Days must be a positive number.
swtpm-localca exit with status 256: An error occurred. Authoring the TPM state failed. Error getting next filename: No child processes Ending vTPM manufacturing @ Fri 15 Oct 2021 11:09:55 PM CEST Starting vTPM manufacturing as tss:tss @ Fri 15 Oct 2021 11:10:05 PM CEST Successfully created RSA 2048 EK with handle 0x81010001. Invoking /usr/local/share/swtpm/swtpm-localca --type ek --ek fc14c65366b1732bb101622c9116cb98d8ba2b89026a5aabd892395c758a6dc16f92c103204784083de0dca8c5e542eeb7a344bb44044f7c9da8dff80794d45549d3519b392703c45e66a6d8484b8c77c181dd7d5cf9c3afead6197a1e98724fa914a541b32ed217b827d2699a62804e1a850ff87ea3aa22e1079263be680fae883b06cca3f5022b396ba495b420401daf8b57402d13e3e610cbbc074b934b2f181de0976e0c71aa21ffdf104ef78b4d53a7b111349e2747d6b1d49026a77fd4767ea4ba24a386279a0d01ed75722b2863ea079b3981235fba753da77a28b5d28d6ff520fd6f0885281bc6034abf032095fa1ae4d55232c7f32d28043bcd2fdd --dir /tmp/swtpm_setup.certs.4F1AB1 --logfile /var/log/swtpm/libvirt/qemu/ubuntu2110-swtpm.log --vmid ubuntu2110:c685c55f-fdee-4d85-af20-cac9ee28ca28 --tpm-spec-family 2.0 --tpm-spec-level 0 --tpm-spec-revision 164 --tpm-manufacturer id:00001014 --tpm-model swtpm --tpm-version id:20191023 --tpm2 --configfile /usr/local/etc/swtpm-localca.conf --optsfile /usr/local/etc/swtpm-localca.options Could not create EK certificate locally Days must be a positive number.
swtpm-localca exit with status 256: An error occurred. Authoring the TPM state failed. Error getting next filename: No child processes Ending vTPM manufacturing @ Fri 15 Oct 2021 11:10:05 PM CEST
Did you re-compile swtpm_cert yourself and install it? It sounds like it's an older version of swtpm_cert on your system.
This is what the output of the compiled version should be when you are in the swtpm git checkout directory:
./src/swtpm_cert/swtpm_cert --help | grep days -A1
--days <number> : Number of days the cert is valid;
-1 for no expiration
The installed version should have the same:
swtpm_cert --help | grep days -A1
--days <number> : Number of days the cert is valid;
-1 for no expiration
Maybe you don't have gnutls-devel / gnutls-dev package installed on your system and swtpm_cert didn't get built and installed. You need this package and then ./autogen --prefix=/usr
again, build, and then install.
swtpm_cert --help | grep days -A1
--days
8def57f HEAD@{0}: pull: Fast-forward (git reflog top hash)
i havent had "gnutls-dev" installed, however... theres no gutls-dev with ubuntu 20.04 lts, the package i have installed: libgnutls28-dev, which is described as gnutls development headers.
after an ./autogen.sh --prefix=/usr && sudo make clean install, nothing really changed, hes still missing the parameter...
Starting vTPM manufacturing as tss:tss @ Thu 14 Oct 2021 07:10:31 PM CEST Successfully created RSA 2048 EK with handle 0x81010001. Invoking /usr/local/share/swtpm/swtpm-localca --type ek --ek af522c8509e78ab4506a6b6975371d47710406965b1c4b5f6d433ddaa129e16ccf677d0ba620863410372c9874ec64a69e383d255d0923a86bbc050f7ab6f2351ee46e749923b3eeaa00b4f16599fbf050c5d174b0aa803505089f699b503d5f309844850b494e0c564c4a08f680eba3b1b92b81e590ea43e417224c2cf2ba0c597530907aa724b80cefd28e8b620d7a754c34698922e3786674433678e2263847eb7e22f70d943dad86ca92025450ec8753bdd21eb601454fde6c5b32358c79a7176b0026b2366d00f0b566c19c77dbe59e869b10858e730567e5258ac8b1d7be8715babc1133bdf393b7fa7c401ad6813634426c55c8a26204c1f3e572d9a5 --dir /tmp/swtpm_setup.certs.21WIB1 --logfile /var/log/swtpm/libvirt/qemu/ubuntu2110-swtpm.log --vmid ubuntu2110:c685c55f-fdee-4d85-af20-cac9ee28ca28 --tpm-spec-family 2.0 --tpm-spec-level 0 --tpm-spec-revision 164 --tpm-manufacturer id:00001014 --tpm-model swtpm --tpm-version id:20191023 --tpm2 --configfile /usr/local/etc/swtpm-localca.conf --optsfile /usr/local/etc/swtpm-localca.options Could not create EK certificate locally Days must be a positive number.
swtpm-localca exit with status 256: An error occurred. Authoring the TPM state failed. Error getting next filename: No child processes Ending vTPM manufacturing @ Thu 14 Oct 2021 07:10:31 PM CEST Starting vTPM manufacturing as tss:tss @ Thu 14 Oct 2021 10:23:58 PM CEST Successfully created RSA 2048 EK with handle 0x81010001. Invoking /usr/local/share/swtpm/swtpm-localca --type ek --ek c61089aa20e57c23552e60995cd1448508318b6ce197279caefc94755fc37e8dcee08368ff2d4b0b37645c686fd2fa8d07598dbadb2473059f46e3248bc39aebdf55971c8fb9b6120770dfedbbeb3722d9a6c8f653165e73d259959882106706ef28077ddf5809a07380684fb9291dc463baf4c13fb60c61ab3ee35e98ff54b213a0132e2d7706fc09ca2d1f62525555217e974209cfbe49fcb122f1e2bea848f8bbb1e0963ce34b5cf3d8ae1afa4c6ef0a16359b4258cf121bf226a6d23df04efd56c32b5cc61d18fabd898b1ecc7227f36f89218ac5d9ce11d03ef2d7c4100d0bb958182378668b57c41b46b03e3f5b90901fe3836ec7343bbb0a95d3e1097 --dir /tmp/swtpm_setup.certs.TDNHB1 --logfile /var/log/swtpm/libvirt/qemu/ubuntu2110-swtpm.log --vmid ubuntu2110:c685c55f-fdee-4d85-af20-cac9ee28ca28 --tpm-spec-family 2.0 --tpm-spec-level 0 --tpm-spec-revision 164 --tpm-manufacturer id:00001014 --tpm-model swtpm --tpm-version id:20191023 --tpm2 --configfile /usr/local/etc/swtpm-localca.conf --optsfile /usr/local/etc/swtpm-localca.options Could not create EK certificate locally Days must be a positive number.
swtpm-localca exit with status 256: An error occurred. Authoring the TPM state failed. Error getting next filename: No child processes Ending vTPM manufacturing @ Thu 14 Oct 2021 10:23:58 PM CEST Starting vTPM manufacturing as tss:tss @ Thu 14 Oct 2021 10:24:19 PM CEST Successfully created RSA 2048 EK with handle 0x81010001. Invoking /usr/local/share/swtpm/swtpm-localca --type ek --ek 87dec0f3eef318e9bec5ab9c18439aea421b5b85df81a9d621c62ae77726534f443164d1e47fa0730495e009199d96653273f694acc7e443f8ec5c20a105b3b8c33850d88daa0f52fc16ebf1322da276246aa4e0f31de93d23c9d59f34551585d75144b626f6a3980f1d415eb41755786858219148d587b7401745880143cecf25f7602cf3d327e680191c4b1896624ce1e2cab0093d630fd820cf9a75bb24c1299d8e16296182f4dd68137d95f138b2f78ff02c081434b477f1ed9cd91d94deb6d9be78784e174c02dc5c8929416040ba06bc500d4f2b71439ab79f872adae4f2ab369d0760e0a1ef3e5ceabc0787da9f9fc19be804353e7772d8abc0952e93 --dir /tmp/swtpm_setup.certs.3YJBB1 --logfile /var/log/swtpm/libvirt/qemu/ubuntu2110-swtpm.log --vmid ubuntu2110:c685c55f-fdee-4d85-af20-cac9ee28ca28 --tpm-spec-family 2.0 --tpm-spec-level 0 --tpm-spec-revision 164 --tpm-manufacturer id:00001014 --tpm-model swtpm --tpm-version id:20191023 --tpm2 --configfile /usr/local/etc/swtpm-localca.conf --optsfile /usr/local/etc/swtpm-localca.options Could not create EK certificate locally Days must be a positive number.
swtpm-localca exit with status 256: An error occurred. Authoring the TPM state failed. Error getting next filename: No child processes Ending vTPM manufacturing @ Thu 14 Oct 2021 10:24:19 PM CEST Starting vTPM manufacturing as tss:tss @ Fri 15 Oct 2021 11:09:55 PM CEST Successfully created RSA 2048 EK with handle 0x81010001. Invoking /usr/local/share/swtpm/swtpm-localca --type ek --ek a1efbadef5d04d5a8dc73882484326b5674f33e98bf48825f05f48e75a1393ded2ce6d705bfe0a0ea26e02aad7b0f90d7a5ba73886ff19fd6f0d8af34d79029f220d523b491a1f079f7526565e7c58af25364f35bfeeadf8a88c1b864937ca165c6ac3768b7882df3616a886f3b97c848061ca2cc794d9daebd9d0b9e2fb83268d0ee2ccd9e2034129d8550d933378f6be605c152dbcf62ee7ff3ee138400c0469a4136c5c731e558f38addbd44086374719ca142a63edc6b6409d9b368b70d28e17c2d1fb63157c872c2a12be6af85fe3fbf6dad8dc94df17a6e0cc179b12303fe625e0c06196035cd65b6267121e82af934d4c2e2684aff445b5fb98ef569b --dir /tmp/swtpm_setup.certs.0T4XA1 --logfile /var/log/swtpm/libvirt/qemu/ubuntu2110-swtpm.log --vmid ubuntu2110:c685c55f-fdee-4d85-af20-cac9ee28ca28 --tpm-spec-family 2.0 --tpm-spec-level 0 --tpm-spec-revision 164 --tpm-manufacturer id:00001014 --tpm-model swtpm --tpm-version id:20191023 --tpm2 --configfile /usr/local/etc/swtpm-localca.conf --optsfile /usr/local/etc/swtpm-localca.options Could not create EK certificate locally Days must be a positive number.
swtpm-localca exit with status 256: An error occurred. Authoring the TPM state failed. Error getting next filename: No child processes Ending vTPM manufacturing @ Fri 15 Oct 2021 11:09:55 PM CEST Starting vTPM manufacturing as tss:tss @ Fri 15 Oct 2021 11:10:05 PM CEST Successfully created RSA 2048 EK with handle 0x81010001. Invoking /usr/local/share/swtpm/swtpm-localca --type ek --ek fc14c65366b1732bb101622c9116cb98d8ba2b89026a5aabd892395c758a6dc16f92c103204784083de0dca8c5e542eeb7a344bb44044f7c9da8dff80794d45549d3519b392703c45e66a6d8484b8c77c181dd7d5cf9c3afead6197a1e98724fa914a541b32ed217b827d2699a62804e1a850ff87ea3aa22e1079263be680fae883b06cca3f5022b396ba495b420401daf8b57402d13e3e610cbbc074b934b2f181de0976e0c71aa21ffdf104ef78b4d53a7b111349e2747d6b1d49026a77fd4767ea4ba24a386279a0d01ed75722b2863ea079b3981235fba753da77a28b5d28d6ff520fd6f0885281bc6034abf032095fa1ae4d55232c7f32d28043bcd2fdd --dir /tmp/swtpm_setup.certs.4F1AB1 --logfile /var/log/swtpm/libvirt/qemu/ubuntu2110-swtpm.log --vmid ubuntu2110:c685c55f-fdee-4d85-af20-cac9ee28ca28 --tpm-spec-family 2.0 --tpm-spec-level 0 --tpm-spec-revision 164 --tpm-manufacturer id:00001014 --tpm-model swtpm --tpm-version id:20191023 --tpm2 --configfile /usr/local/etc/swtpm-localca.conf --optsfile /usr/local/etc/swtpm-localca.options Could not create EK certificate locally Days must be a positive number.
swtpm-localca exit with status 256: An error occurred. Authoring the TPM state failed. Error getting next filename: No child processes Ending vTPM manufacturing @ Fri 15 Oct 2021 11:10:05 PM CEST Starting vTPM manufacturing as tss:tss @ Sun 17 Oct 2021 07:03:34 PM CEST Successfully created RSA 2048 EK with handle 0x81010001. Invoking /usr/local/share/swtpm/swtpm-localca --type ek --ek d331cd54f65e1898d63fce65a1eef002d24278e76a7de8069f91e224a8042f5dc09985e21ca376cfb848504e58da4122906f4230203571de42f3a206aaf1d1076d8ad7ba27ff19f78d4254d1d59a20b0792d7f526e243123f4c6d7e463d26c88d68bc8dbb99a059c0cae2a36bd7f4412812a403edd95bb27bd100495e6b507d9ac8da413f8aaa6684bda6966ae14009b1a9577c5b238fe44b7a731e029e0867e651b56122c0b6ae9e02e56ebe9f3e1866d8d3ac1d1cf569b13c9c91314589b98db4ccd1d237e1e98a02ba9f8b9d94597d6e109cb79a929078b5eae3a0d699f9db8e0e7043588df61c2b8c88182c3966ecd2e8f725a9e1d4ce00d9ddd4f69bb2d --dir /tmp/swtpm_setup.certs.X2TCB1 --logfile /var/log/swtpm/libvirt/qemu/ubuntu2110-swtpm.log --vmid ubuntu2110:c685c55f-fdee-4d85-af20-cac9ee28ca28 --tpm-spec-family 2.0 --tpm-spec-level 0 --tpm-spec-revision 164 --tpm-manufacturer id:00001014 --tpm-model swtpm --tpm-version id:20191023 --tpm2 --configfile /usr/local/etc/swtpm-localca.conf --optsfile /usr/local/etc/swtpm-localca.options Could not create EK certificate locally Days must be a positive number.
swtpm-localca exit with status 256: An error occurred. Authoring the TPM state failed. Error getting next filename: No child processes Ending vTPM manufacturing @ Sun 17 Oct 2021 07:03:34 PM CEST
The name of the package on Ubuntu is gnutls-dev
.
You have to see this configure/autogen.sh output to have swtpm_cert
built:
[...]
with_gnutls : yes (no = swtpm_cert will NOT be built)
[...]
[...] with_gnutls : yes (no = swtpm_cert will NOT be built) [...]
seems to be ready...
about the package name... that is weird, because:
lsb_release -a No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu 20.04.3 LTS Release: 20.04 Codename: focal
also... which swtpm_cert /usr/local/bin/swtpm_cert
i might add, that the swtpm_cert bin is from september, so theres that... so youre on the right route, however...
2622044 132K -rwxr-xr-x 1 root root 129K Sep 19 01:15 /usr/local/bin/swtpm_cert
build log:
Libraries have been installed in: /usr/lib/swtpm
If you ever happen to want to link against installed libraries in a given directory, LIBDIR, you must either use libtool, and specify the full pathname of the library, or use the '-LLIBDIR' flag during linking and do at least one of the following:
make[3]: Verzeichnis „/storage4/git/swtpm/src/swtpm“ wird verlassen make[2]: Verzeichnis „/storage4/git/swtpm/src/swtpm“ wird verlassen Making install in swtpm_bios make[2]: Verzeichnis „/storage4/git/swtpm/src/swtpm_bios“ wird betreten CC swtpm_bios-tpm_bios.o CCLD swtpm_bios make[3]: Verzeichnis „/storage4/git/swtpm/src/swtpm_bios“ wird betreten /usr/bin/mkdir -p '/usr/bin' /bin/bash ../../libtool --mode=install /usr/bin/install -c swtpm_bios '/usr/bin' libtool: install: /usr/bin/install -c swtpm_bios /usr/bin/swtpm_bios make[3]: Für das Ziel „install-data-am“ ist nichts zu tun. make[3]: Verzeichnis „/storage4/git/swtpm/src/swtpm_bios“ wird verlassen make[2]: Verzeichnis „/storage4/git/swtpm/src/swtpm_bios“ wird verlassen Making install in swtpm_cert make[2]: Verzeichnis „/storage4/git/swtpm/src/swtpm_cert“ wird betreten CC swtpm_cert-ek-cert.o CCLD swtpm_cert make[3]: Verzeichnis „/storage4/git/swtpm/src/swtpm_cert“ wird betreten /usr/bin/mkdir -p '/usr/bin' /bin/bash ../../libtool --mode=install /usr/bin/install -c swtpm_cert '/usr/bin' libtool: install: /usr/bin/install -c swtpm_cert /usr/bin/swtpm_cert make[3]: Für das Ziel „install-data-am“ ist nichts zu tun. make[3]: Verzeichnis „/storage4/git/swtpm/src/swtpm_cert“ wird verlassen make[2]: Verzeichnis „/storage4/git/swtpm/src/swtpm_cert“ wird verlassen Making install in swtpm_ioctl make[2]: Verzeichnis „/storage4/git/swtpm/src/swtpm_ioctl“ wird betreten CC swtpm_ioctl-tpm_ioctl.o CCLD swtpm_ioctl make[3]: Verzeichnis „/storage4/git/swtpm/src/swtpm_ioctl“ wird betreten /usr/bin/mkdir -p '/usr/bin' /bin/bash ../../libtool --mode=install /usr/bin/install -c swtpm_ioctl '/usr/bin' libtool: install: /usr/bin/install -c swtpm_ioctl /usr/bin/swtpm_ioctl make[3]: Für das Ziel „install-data-am“ ist nichts zu tun. make[3]: Verzeichnis „/storage4/git/swtpm/src/swtpm_ioctl“ wird verlassen make[2]: Verzeichnis „/storage4/git/swtpm/src/swtpm_ioctl“ wird verlassen Making install in swtpm_localca make[2]: Verzeichnis „/storage4/git/swtpm/src/swtpm_localca“ wird betreten CC swtpm_localca-swtpm_localca.o CC swtpm_localca-swtpm_localca_utils.o CCLD swtpm_localca make[3]: Verzeichnis „/storage4/git/swtpm/src/swtpm_localca“ wird betreten /usr/bin/mkdir -p '/usr/bin' /bin/bash ../../libtool --mode=install /usr/bin/install -c swtpm_localca '/usr/bin' libtool: install: /usr/bin/install -c swtpm_localca /usr/bin/swtpm_localca make[3]: Für das Ziel „install-data-am“ ist nichts zu tun. make[3]: Verzeichnis „/storage4/git/swtpm/src/swtpm_localca“ wird verlassen make[2]: Verzeichnis „/storage4/git/swtpm/src/swtpm_localca“ wird verlassen Making install in swtpm_setup make[2]: Verzeichnis „/storage4/git/swtpm/src/swtpm_setup“ wird betreten CC swtpm_setup-swtpm.o CC swtpm_setup-swtpm_setup.o CC swtpm_setup-swtpm_setup_utils.o CC swtpm_setup-swtpm_backend_dir.o CC swtpm_setup-swtpm_backend_file.o CCLD swtpm_setup make[3]: Verzeichnis „/storage4/git/swtpm/src/swtpm_setup“ wird betreten /usr/bin/mkdir -p '/usr/bin' /bin/bash ../../libtool --mode=install /usr/bin/install -c swtpm_setup '/usr/bin' libtool: install: /usr/bin/install -c swtpm_setup /usr/bin/swtpm_setup make[3]: Für das Ziel „install-data-am“ ist nichts zu tun. make[3]: Verzeichnis „/storage4/git/swtpm/src/swtpm_setup“ wird verlassen make[2]: Verzeichnis „/storage4/git/swtpm/src/swtpm_setup“ wird verlassen make[2]: Verzeichnis „/storage4/git/swtpm/src“ wird betreten make[3]: Verzeichnis „/storage4/git/swtpm/src“ wird betreten make[3]: Für das Ziel „install-exec-am“ ist nichts zu tun. make[3]: Für das Ziel „install-data-am“ ist nichts zu tun. make[3]: Verzeichnis „/storage4/git/swtpm/src“ wird verlassen make[2]: Verzeichnis „/storage4/git/swtpm/src“ wird verlassen make[1]: Verzeichnis „/storage4/git/swtpm/src“ wird verlassen Making install in tests make[1]: Verzeichnis „/storage4/git/swtpm/tests“ wird betreten make[2]: Verzeichnis „/storage4/git/swtpm/tests“ wird betreten make[2]: Für das Ziel „install-exec-am“ ist nichts zu tun. make[2]: Für das Ziel „install-data-am“ ist nichts zu tun. make[2]: Verzeichnis „/storage4/git/swtpm/tests“ wird verlassen make[1]: Verzeichnis „/storage4/git/swtpm/tests“ wird verlassen make[1]: Verzeichnis „/storage4/git/swtpm“ wird betreten cd . && /bin/bash ./config.status config.h config.status: creating config.h config.status: config.h is unchanged make[2]: Verzeichnis „/storage4/git/swtpm“ wird betreten make[2]: Für das Ziel „install-exec-am“ ist nichts zu tun. make[2]: Für das Ziel „install-data-am“ ist nichts zu tun. make[2]: Verzeichnis „/storage4/git/swtpm“ wird verlassen make[1]: Verzeichnis „/storage4/git/swtpm“ wird verlassen
If you have an older version on your system you will have to install the newer version on top of the older one or remove the older one first like this unless you can remove it as a package:
./configure --prefix=/usr/local
sudo make uninstall
./configure --prefix=/usr
make -j32
sudo make install
hello stefan
thanks for the tip
moving the installation directory to /usr rather than /usr/local somehow helped. swtpm_cert got build there.
All set now?
a simple uninstall and reinstall in /usr/local didnt set it though, i had to first change directories...
Hi Stefan!,
When I am trying to create certificates for a tpm2.0 I got an error. I tried to follow your wiki, but it doesn't work for me.
after launch the command : sudo swtpm_setup --tpmstate /tmp/myvtpm2 --create-ek-cert --create-platform-cert --allow-signing --tpm2
Starting vTPM manufacturing as root:root @ Thu 28 Nov 2019 09:33:39 GMT
TPM is listening on TCP port 53659. Error: TPM2_Stirrandom() failed Error: expected: 80 01 00 00 00 0a 00 00 00 00 Error: received: 80 01 00 00 00 0a 00 00 01 d5 Error: TPM2_ChangeEPS() failed Error: expected: 80 02 00 00 00 13 00 00 00 00 00 00 00 00 00 00 01 00 00 Error: received: 80 01 00 00 00 0a 00 00 09 9a Error: tpm2_create_ek failed Error: An error occurred. Authoring the TPM state failed. Ending vTPM manufacturing @ Thu 28 Nov 2019 09:33:39 GMT
any idea?
Thanks in advance