search

tpm2-software / tpm2-tcti-uefi

TCTI module for use with TSS2 libraries in UEFI environment
BSD 2-Clause "Simplified" License
32 stars 17 forks source link

Unable to run EFI application LibLocateProtocol status: 0xE #21

Closed johnandersen777 closed 5 years ago

johnandersen777 commented 5 years ago

Not sure how to run the efi applications. I'm sure I'm missing something here.

UEFI Interactive Shell v2.2
EDK II
UEFI v2.70 (EDK II, 0x00010000)
Mapping table
      FS0: Alias(s):HD1a1:;BLK3:
          PciRoot(0x0)/Pci(0x1,0x1)/Ata(0x0)/HD(1,MBR,0xBE1AFDFA,0x3F,0xFBFC1)
     BLK2: Alias(s):
          PciRoot(0x0)/Pci(0x1,0x1)/Ata(0x0)
     BLK4: Alias(s):
          PciRoot(0x0)/Pci(0x1,0x1)/Ata(0x0)
     BLK0: Alias(s):
          PciRoot(0x0)/Pci(0x1,0x0)/Floppy(0x0)
     BLK1: Alias(s):
          PciRoot(0x0)/Pci(0x1,0x0)/Floppy(0x1)
Press ESC in 5 seconds to skip startup.nsh or any other key to continue.
Shell> fs0:
FS0:\> ls
Directory of: FS0:\
12/13/2018  11:43                 207  compat.h
12/13/2018  11:43              49,909  get-capability.efi
12/13/2018  11:43           2,856,248  tpm2-get-capability.so
12/13/2018  10:43              32,768  get-capability.o
12/13/2018  10:27              10,959  tpm2-get-capability.c
12/13/2018  10:27                 545  tss2-util.h
12/13/2018  11:43             273,292  tpm2-get-capability.efi
12/13/2018  10:27               1,227  get-capability.c
12/13/2018  11:43              55,608  tpm2-get-capability.o
12/13/2018  10:27                 408  compat.c
12/13/2018  11:43 <DIR>         8,192  .deps
12/13/2018  10:43              36,688  tss2-util.o
12/13/2018  09:26               3,075  tss2-util.c
12/13/2018  19:43               1,958  NvVars
12/13/2018  11:43           2,213,168  get-capability.so
12/13/2018  10:43              27,896  compat.o
         15 File(s)   5,563,956 bytes
          1 Dir(s)
FS0:\> tpm2-get-capability.efi
LibLocateProtocol status: 0xE
FS0:\> get-capability
LibLocateProtocol status: 0xE
FS0:\> load get-capability.efi
Image 'FS0:\get-capability.efi' is not a driver.
FS0:\>
johnandersen777 commented 5 years ago

This appears to be happening in InitializeLib

flihp commented 5 years ago

You are running the UEFI applications. The LibLocateProtocol function is failing though. I didn't write a function to decode the EFI_STATUS values though there may be a strerror equivalent now that you mention it.

Anyways these values are in /usr/include/efi/efierr.h:

#define EFI_NOT_FOUND                     EFIERR(14)

LibLocateProtocol is the function used to locate protocol drivers. In this case the code is searching for the TCG2 protcol driver and it's ... EFI_NOT_FOUND. Likely this means that the TCG2 protocol isn't loaded because your system / QEMU doesn't have a TPM2. Either you need to enable it in your BIOS interface or you need to configure QEMU properly.

flihp commented 5 years ago

Also see docs here: https://github.com/flihp/tpm2-tcti-uefi/blob/master/docs/example.md#qemu-ovmf-and-swtpm and script with example QEMU options to enable TPM2 here: https://github.com/flihp/tpm2-tcti-uefi/blob/master/lib/qemu-tpm2.sh#L8

johnandersen777 commented 5 years ago

I'm working on a test by getting qemu running in travis

johnandersen777 commented 5 years ago

Travis: https://travis-ci.com/pdxjohnny/tpm2-tcti-uefi/builds/94843799 Dockerfile: https://github.com/pdxjohnny/tpm2-tcti-uefi/blob/travis_qemu/Dockerfile

example/run.sh
#!/usr/bin/env bash

sh lib/swtpm2.sh &
sed -i 's/-vnc.*/-nographic \\/g' lib/qemu-tpm2.sh
exec timeout 30s unbuffer sh lib/qemu-tpm2.sh

This Dockerfile / travis build is my second attempt to follow example.md. I can't figure out what I'm configuring wrong, but hopefully you might be able to tell off the bat. If we can get that working then I'll fix the travis build matrix (i took it out for now) and we can have travis test things in QEMU.

flihp commented 5 years ago

This may be a silly question but have you got it working on your development system?

johnandersen777 commented 5 years ago

Nah, still haven't gotten it working

flihp commented 5 years ago

Start there. Doing stuff in travis-ci is like doing that same thing blindfolded and with one hand tied behind your back. You miss out on really valuable output and the test cycle is a lot longer. You went straight to my end goal of building an integration test harness from this mess but I'm expecting that will take some doing.

johnandersen777 commented 5 years ago

Got it! Ubuntu bionic and debian buster have different OVMFs I think. Debian works, ubuntu does not. https://travis-ci.com/pdxjohnny/tpm2-tcti-uefi/builds/95151602

I'll try to get the build matrix working again. I went from the travis file which was xenial to a dockerfile with was bionic for ovmf. However, I should have gone the ground up route and followed your example.md to the letter, it said debian and I tried ubuntu anyway.

flihp commented 5 years ago

Niiiiiiice. Sucks about the Ubuntu packages. I stopped using Ubuntu for similar reasons a long time ago.