search

tpm2-software / tpm2-tools

The source repository for the Trusted Platform Module (TPM2.0) tools
https://tpm2-software.github.io
719 stars 379 forks source link

TPM2-TOOL use issue #2187

Closed juncorwu closed 4 years ago

juncorwu commented 4 years ago

Hi All:

I had a embedded linxu project used SLB9670. KERENL : 4.9.59 [include sln9670 driver]. SOC : AM3352.

I follow the applicatione node from Infineon.

git clone https://github.com/01org/TPM2.0-TSS.git git checkout 92f7adc

git clone https://github.com/01org/tpm2.0-tools.git git checkout ee62e78

I used the test_all.sh then got 4 errors.[ I didn't record error] The running situation is:

  1. resourcemgr.
  2. tpm2-tss library.
  3. tpm2-tools.

Then I change the TPM2-TSS to 1.x and TPM2-TOOLS to 2.X I want to check the tpm2-tools command as follwoing tpm2_createprimary -A e -g 0x000B -G 0x0001 -C primary_ctx tpm2_create -g 0x000B -G 0x0023 -c primary_ctx -o key_pub -O key_priv tpm2_load -c primary_ctx -u key_pub -r key_priv -n name -C eccsigning_key_ctx tpm2_sign -c eccsigning_key_ctx -g 0x000B -m input_data -s signature tpm2_verifysignature -c eccsigning_key_ctx -g 0x000B -m input_data -s signature -t ticket_data

I always got error when I run the tpm2_sign ERROR: ContextLoad Error. TPM Error:0x902

I think maybe the tpm2-tss and tpm2-tools too old to used. Then I change the TPM2-TSS to 2.0.x and TPM2-TOOLS to 3.X I run the follwoing command tpm2_createprimary -H e -g 0x000B -G 0x0001 -C primary_ctx tpm2_create -g 0x000B -G 0x0023 -c primary_ctx -u key_pub -r key_priv tpm2_load -c primary_ctx -u key_pub -r key_priv -n name -C eccsigning_key_ctx tpm2_sign -c eccsigning_key_ctx -g 0x000B -m input_data -s signature tpm2_verifysignature -c eccsigning_key_ctx -g 0x000B -m input_data -s signature -t ticket_data

I also got error when I run the tpm2_sign ERROR: ContextLoad Error. TPM Error:0x902

I found I build tpm2-tss as static library. I rebuild to dynamic library. But it still not work.

Then , I got idea to chage the parameter as follow.

~ # tpm2_load -c primary_ctx -u key_pub -r key_priv -n name -C eccsigning_key_ctx

Load succ. LoadedHandle: 0x80000003

~ # tpm2_sign -c eccsigning_key_ctx -g 0x000B -m input_data -s signature ERROR: ContextLoad Error. TPM Error:0x902 ERROR: Unable to run tpm2_sign

~ # tpm2_sign -k 0x80000003 -g 0x000B -m input_data -s signature

It's works !!!!! I didn't got any error.

Why??

I can't used the parameter "-c eccsigning_key_ctx" for tpm2_sign. It's HW(ic designed ) issue or I had wrong step for tpm2_sign command??

I export the two parameter.

export TPM2TOOLS_TCTI_NAME=device export TPM2TOOLS_DEVICE_FILE=/dev/tpm0

Thanks, Juncor

williamcroberts commented 4 years ago

-k is the old way of specifying the key handle, -c is the newer way. If you have any scripts created for tpm2-tools less than 4.0, when switching to 4.0 everything is broken. You'll need to update the script to know which version of tools it is, or just require tpm2-tools 4.0 and greater.

You can get the version by passing the option --version to any tool.

juncorwu commented 4 years ago

@williamcroberts

-c eccsigning_key_ctx -> is the paramreter return from tpm2_load.

-k 0x80000003 -> is the handle value that show in the tpm2_load function process.

Thanks, Juncor

juncorwu commented 4 years ago

Hi Sir:

I change to TPM2-TSS V3.0.x and TPM2-TOOLS V4.2.X

export TPM2TOOLS_TCTI='device:/dev/tpm0'

~ # tpm2_createprimary -C o -g sha256 -G rsa2048 -c primary_ctx name-alg: value: sha256 raw: 0xb attributes: value: fixedtpm|fixedparent|sensitivedataorigin|userwithauth|restricted|decrypt raw: 0x30072 type: value: rsa raw: 0x1 exponent: 0x0 bits: 2048 scheme: value: null raw: 0x10 scheme-halg: value: (null) raw: 0x0 sym-alg: value: aes raw: 0x6 sym-mode: value: cfb raw: 0x43 sym-keybits: 128 rsa: 9a2c6ee6a45905fd5f745fb94ae5a974027c56031b1afdfce5b46a583bb3b91cacb6f54eeb3736655b4e5270d11f1cd92eb738005d8143c42a3b61692b1cc7af8bb9331e7ff22f089172d841ed042b745d7da0999c17a5ca7161d5d4b59bca033af1b678a8d845b20b57e4e7ab42d6dd24b12d793a35d1991b9be6e5f0fc2375b24365f705a4e7f6008cb7a237edcafff2710cbc97b148645cbbb96077eea9883cf35d75c8e3f6445ee52af2f3d080fe09bf5c874b18e89a47ebb9a782a61956edaa49e76142e7ce06af20e656da78b8c54ec6f176e8019d49a7d61c80fda04f1591a33371986eaa7f5ad7d5a9646146a89bd0683611413840fb399ed0254c11 ~ # tpm2_create -g sha256 -G hmac -C primary_ctx -u key_pub -r key_priv name-alg: value: sha256 raw: 0xb attributes: value: fixedtpm|fixedparent|sensitivedataorigin|userwithauth|sign raw: 0x40072 type: value: keyedhash raw: 0x8 algorithm: value: hmac raw: 0x5 hash-alg: value: sha256 raw: 0xb keyedhash: 4acc1d5040fb576b55001343c3051b28b2ee5917ee0312706c366aa565cebd7b ~ # tpm2_load -C primary_ctx -u key_pub -r key_priv -n name -c load_ctx ~ # tpm2_sign -c load_ctx -g sha256 -o signature input_data WARNING:esys:src/tss2-esys/api/Esys_ContextLoad.c:279:Esys_ContextLoad_Finish() Received TPM Error ERROR:esys:src/tss2-esys/api/Esys_ContextLoad.c:93:Esys_ContextLoad() Esys Finish ErrorCode (0x00000902) ERROR: Esys_ContextLoad(0x902) - tpm:warn(2.0): out of memory for object contexts ERROR: Invalid key authorization ERROR: Unable to run tpm2_sign ~ #