From: Philip Tricca <philip.b.tricca at intel.com>
To: tpm2@lists.01.org
Subject: Re: [tpm2] Problem with Infineon Iridium SLB 9670 TPM2.0
Date: Tue, 20 Mar 2018 12:19:40 -0700 [thread overview]
Message-ID: <20180320191940.GB2354@intel.com> (raw)
In-Reply-To: trinity-07958541-2b38-44f7-9b7d-3b048705f126-1521490653093@3c-app-gmx-bs31
[-- Attachment #1: Type: text/plain, Size: 13650 bytes --]
Hey madprops,
Thanks for the additional data.
On Mon, Mar 19, 2018 at 09:17:33PM +0100, madprops(a)gmx.net wrote:
> <html><head>
> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"></head><body><div style="font-family: Verdana;font-size: 12.0px;"><div>
> <div>Thank you, Philip! I meanwhile noticed the tools work when I stop tpm2-abrmd and connect directly to the TPM: </div>
Well this debunks my theory that your issue was down in the dev tree :)
> <div> </div>
>
> <div>pi(a)raspberrypi:~ $ sudo tpm2_pcrlist -T device:/dev/tpm0<br>
> sha1 :<br>
> 0 : 0000000000000000000000000000000000000000<br>
> 1 : 0000000000000000000000000000000000000000<br>
> [...]</div>
>
> <div> </div>
>
> <div>Please find below the information you asked for. While tpm2-abrmd is running (as root) I still get this:</div>
>
> <div> </div>
>
> <div>pi(a)raspberrypi:~ $ tpm2_pcrlist<br>
> ERROR: Failed to initialize tcti context: 0x1</div>
Seeing this error while the tabrmd is running, but having the tools
execute successfully with it stopped is a big hint. This indicates
that the tools are probably trying to connect to the /dev/tpm0 device
node directly instead of using the tabrmd.
I've only see this happen if / when the tools are built in advance of
building *and* installing the tabrmd. This happens because the tools
build looks for the installed TCTI library for communicating with the
daemon. If it doesn't find this library then the tools can't be linked
against it and the build will fall back to using the device TCTI as
the default. The `config.log` file in the tools build has the output
from the `configure` script and this will tell you which TCTI modules
are enabled / disabled.
Another way to check this theory is to take one of the tools executables
and use `readelf` to dump information about the libraries that it links
to. If the tabrmd TCTI library isn't listed then something it up.
Everything else below looks right.
Regards,
Philip
> <div> </div>
>
> <div>pi(a)raspberrypi:~ $ export TPM2TOOLS_TCTI_NAME=tabrmd<br>
> pi(a)raspberrypi:~ $ tpm2_pcrlist<br>
> ERROR: Unknown tcti, got: "tabrmd"</div>
>
> <div> </div>
>
> <div>======== Versions:</div>
>
> <div>tpm2-abrmd: 1.3.1_rc0<br>
> tpm2-tools: 3.0.3<br>
> tpm2-tss: 1.4.0</div>
>
> <div> </div>
>
> <div>======== /dev/tpm0</div>
>
> <div>pi(a)raspberrypi:~ $ ls -la /dev/tpm0<br>
> crw------- 1 root root 10, 224 Mar 17 21:35 /dev/tpm0</div>
>
> <div>======== tpm2-abrmd LOG</div>
>
> <div>root(a)raspberrypi:/home/pi# tpm2-abrmd<br>
> ** INFO: tabrmd startup<br>
> ** (process:1852): DEBUG: tcti_factory_set_property<br>
> ** (process:1852): DEBUG: PROP_TCTI_TYPE<br>
> ** (process:1852): DEBUG: value: 0x1<br>
> ** (process:1852): DEBUG: tcti_factory_set_property<br>
> ** (process:1852): DEBUG: TctiFactory set device_name: /dev/tpm0<br>
> ** (process:1852): DEBUG: tcti_factory_set_property<br>
> ** (process:1852): DEBUG: TctiFactory set socket_address: 127.0.0.1<br>
> ** (process:1852): DEBUG: tcti_factory_set_property<br>
> ** (process:1852): DEBUG: TctiFactory set socket_port: 2321<br>
> ** INFO: logging to stdout<br>
> ** (tpm2-abrmd:1852): DEBUG: tcti_factory_get_tcti<br>
> ** (tpm2-abrmd:1852): DEBUG: TctiDevice set filename: /dev/tpm0<br>
> ** INFO: entering g_main_loop<br>
> ** INFO: init_thread_func start<br>
> ** (tpm2-abrmd:1852): DEBUG: random_class_init<br>
> ** (tpm2-abrmd:1852): DEBUG: opening entropy source: /dev/urandom<br>
> ** (tpm2-abrmd:1852): DEBUG: reading from entropy source: /dev/urandom<br>
> ** (tpm2-abrmd:1852): DEBUG: seeding rand with -1263045295<br>
> ** (tpm2-abrmd:1852): DEBUG: connection_manager_set_property: 0x15c5ef0<br>
> ** (tpm2-abrmd:1852): DEBUG: max_connections: 0x1b<br>
> ** (tpm2-abrmd:1852): DEBUG: ConnectionManager: 0x15c5ef0<br>
> ** (tpm2-abrmd:1852): DEBUG: IpcFrontendDbus set bus_name: com.intel.tss2.Tabrmd<br>
> ** (tpm2-abrmd:1852): DEBUG: ipc_frontend_connect: 0x75b01a08<br>
> ** (tpm2-abrmd:1852): DEBUG: tcti_initialize: 0x15c5200<br>
> ** (tpm2-abrmd:1852): DEBUG: sapi_context_init w/ Tcti: 0x15c5200<br>
> ** (tpm2-abrmd:1852): DEBUG: tcti_peek_context: 0x15c5200<br>
> ** (tpm2-abrmd:1852): DEBUG: Allocating 0x1040 bytes for SAPI context<br>
> ** (tpm2-abrmd:1852): DEBUG: access_broker_set_property: 0x75b0b720<br>
> ** (tpm2-abrmd:1852): DEBUG: sapi_context: 0x75b0a690<br>
> ** (tpm2-abrmd:1852): DEBUG: access_broker_set_property: 0x75b0b720<br>
> ** (tpm2-abrmd:1852): DEBUG: tcti: 0x15c5200<br>
> ** (tpm2-abrmd:1852): DEBUG: created AccessBroker: 0x75b0b720<br>
> ** (tpm2-abrmd:1852): DEBUG: access_broker_init_tpm: 0x75b0b720<br>
> ** INFO: on_bus_acquired: com.intel.tss2.Tabrmd<br>
> ** INFO: on_name_acquired: com.intel.tss2.Tabrmd<br>
> ** (tpm2-abrmd:1852): DEBUG: Got proxy object for DBus daemon.<br>
> ** (tpm2-abrmd:1852): DEBUG: access_broker_get_tpm_properties_fixed<br>
> ** (tpm2-abrmd:1852): DEBUG: command_attrs_class_init<br>
> ** (tpm2-abrmd:1852): DEBUG: created CommandAttrs: 0x75b01260<br>
> ** (tpm2-abrmd:1852): DEBUG: GetCapabilty for 0x500 commands<br>
> ** (tpm2-abrmd:1852): DEBUG: got attributes for 0x5a commands<br>
> ** (tpm2-abrmd:1852): DEBUG: command_source_class_init<br>
> ** (tpm2-abrmd:1852): DEBUG: command_source_set_properties: 0x75b02c50<br>
> ** (tpm2-abrmd:1852): DEBUG: command_attrs: 0x75b01260<br>
> ** (tpm2-abrmd:1852): DEBUG: command_source_set_properties: 0x75b02c50<br>
> ** (tpm2-abrmd:1852): DEBUG: created command source: 0x75b02c50<br>
> ** (tpm2-abrmd:1852): DEBUG: session_list_new with max-per-connection: 0x4<br>
> ** (tpm2-abrmd:1852): DEBUG: session_list_init<br>
> ** (tpm2-abrmd:1852): DEBUG: session_list_set_property: 0x15c5fb0 max-per-connection: 4<br>
> ** (tpm2-abrmd:1852): DEBUG: resource_manager_set_property: 0x75b02ca0<br>
> ** (tpm2-abrmd:1852): DEBUG: in_queue: 0x75b00f90<br>
> ** (tpm2-abrmd:1852): DEBUG: resource_manager_set_property: 0x75b02ca0<br>
> ** (tpm2-abrmd:1852): DEBUG: access_broker: 0x75b0b720<br>
> ** (tpm2-abrmd:1852): DEBUG: resource_manager_set_property: 0x75b02ca0<br>
> ** (tpm2-abrmd:1852): DEBUG: created ResourceManager: 0x75b02ca0<br>
> ** (tpm2-abrmd:1852): DEBUG: response_sink_set_property<br>
> ** (tpm2-abrmd:1852): DEBUG: setting PROP_IN_QUEUE<br>
> ** (tpm2-abrmd:1852): DEBUG: created response source: 0x75b012a8<br>
> ** (tpm2-abrmd:1852): DEBUG: source_add_sink<br>
> ** (tpm2-abrmd:1852): DEBUG: command_soruce_add_sink: CommandSource: 0x75b02c50 , Sink: 0x75b02ca0<br>
> ** (tpm2-abrmd:1852): DEBUG: command_source_set_properties: 0x75b02c50<br>
> ** (tpm2-abrmd:1852): DEBUG: sink: 0x75b02ca0<br>
> ** (tpm2-abrmd:1852): DEBUG: source_add_sink<br>
> ** (tpm2-abrmd:1852): DEBUG: resource_manager_add_sink: ResourceManager: 0x75b02ca0, Sink: 0x75b012a8<br>
> ** (tpm2-abrmd:1852): DEBUG: resource_manager_set_property: 0x75b02ca0<br>
> ** (tpm2-abrmd:1852): DEBUG: sink: 0x75b012a8<br>
> ** INFO: init_thread_func done<br>
> ** (tpm2-abrmd:1852): DEBUG: resource_manager_thread start<br>
> ** (tpm2-abrmd:1852): DEBUG: response_sink_thread blocking on input queue: 0x75b00e50<br>
> ** (tpm2-abrmd:1852): DEBUG: message_queue_dequeue 0x75b00e50<br>
> ** (tpm2-abrmd:1852): DEBUG: message_queue_dequeue 0x75b00f90</div>
>
> <div> </div>
>
> <div>======== MISC</div>
>
> <div>pi(a)raspberrypi:~/TPM/tpm2-tss $ cat /etc/dbus-1/system.d/tpm2-abrmd.conf<br>
> <!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"<br>
> "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd"><br>
> <busconfig><br>
> <!-- ../system.conf have denied everything, so we just punch some holes --><br>
> <policy user="tss"><br>
> <allow own="com.intel.tss2.Tabrmd"/><br>
> </policy><br>
> <policy user="root"><br>
> <allow own="com.intel.tss2.Tabrmd"/><br>
> </policy><br>
> <policy context="default"><br>
> <allow send_destination="com.intel.tss2.Tabrmd"/><br>
> <allow receive_sender="com.intel.tss2.Tabrmd"/><br>
> </policy><br>
> </busconfig></div>
>
> <div> </div>
>
> <div> </div>
>
> <div>
> <div name="quote" style="margin:10px 5px 5px 10px; padding: 10px 0 10px 10px; border-left:2px solid #C3D9E5; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;">
> <div style="margin:0 0 10px 0;"><b>Gesendet:</b> Montag, 19. März 2018 um 06:07 Uhr<br>
> <b>Von:</b> "Philip Tricca" <philip.b.tricca(a)intel.com><br>
> <b>An:</b> madprops(a)gmx.net<br>
> <b>Cc:</b> tpm2(a)lists.01.org<br>
> <b>Betreff:</b> Re: [tpm2] Problem with Infineon Iridium SLB 9670 TPM2.0</div>
>
> <div name="quoted-content">Hey there madprops,<br>
> <br>
> On Sun, Mar 18, 2018 at 02:04:15PM +0100, madprops(a)gmx.net wrote:<br>
> > <html><head><br>
> > <meta http-equiv="Content-Type" content="text/html; charset=utf-8"></head><body><div style="font-family: Verdana;font-size: 12.0px;"><div><br>
> > <div class="signature"><br>
> > <div class="signature"><br>
> > <div>I'm trying to get an &quot;Infineon Iridium SLB 9670 TPM 2.0 SPI Board&quot; run on my Raspberry Pi 3. I have downloaded, compiled and installed the latest versions of tpm2-abrmd, tpm2-tss and tpm2-tools. I started tpm2-abrmd as root, hoping that I can then interact with the Infineon TPM using tpm2-tools. &quot;tpm2_pcrlist&quot; and all other tpm2_* commands, however, return error &quot;ERROR: Failed to initialize tcti context: 0x1&quot;.</div><br>
> ><br>
> <br>
> Can you please provide some more info about your configuration?<br>
> Specifically:<br>
> - the version of the TSS2 libraries you're using<br>
> - the version of the tabrmd you're using<br>
> - the configuration options you're passing to each<br>
> <br>
> A log file from the tabrmd with logging dialed all the way up would be<br>
> helpful. Since tabrmd uses glib and it's logging infrastructure you dial<br>
> up the debug output all the way by setting `G_MESSAGES_DEBUG=all` in the<br>
> daemon's environment.<br>
> <br>
> > <div>&nbsp;</div><br>
> ><br>
> > <div>Any ideas? Thanks!</div><br>
> <br>
> The most common issue we've seen people run into when installing from<br>
> source is that the default value for the `prefix` and some other<br>
> installation directories aren't what most expect.<br>
> <br>
> Still, if you're running the daemon as root you shouldn't have any<br>
> issues w/r to permissions on the /dev/tpm0 device node so I wonder if<br>
> this node even exists on your platform. You may want to check to see if<br>
> `/dev/tpm0` is even present on your system. You're on an ARM platform<br>
> which means the kernel will only be aware of the TPM2 device you've<br>
> added if you configure the device tree properly.<br>
> <br>
> Regards,<br>
> Philip<br>
> <br>
> > <div>pi(a)raspberrypi:~/TPM/tpm2-abrmd $ uname -a<br><br>
> > Linux raspberrypi 4.4.50-v7&#43; #1 SMP Wed Mar 14 14:01:00 PDT 2018 armv7l GNU/Linux (&lt;== includes patch provided by Infineon)</div><br>
> ><br>
> > <div>&nbsp;</div><br>
> ><br>
> > <div>pi(a)raspberrypi:~/TPM/tpm2-abrmd $ dmesg | grep tpm<br><br>
> > [&nbsp;&nbsp;&nbsp; 3.700384] tpm_spi_tis spi0.1: 2.0 TPM (device-id 0xB6BC, rev-id 16)</div><br>
> ><br>
> > <div>&nbsp;</div><br>
> ><br>
> > <div>pi(a)raspberrypi:/etc $ cat /etc/os-release<br><br>
> > PRETTY_NAME=&quot;Raspbian GNU/Linux 9 (stretch)&quot;<br><br>
> > NAME=&quot;Raspbian GNU/Linux&quot;<br><br>
> > VERSION_ID=&quot;9&quot;<br><br>
> > VERSION=&quot;9 (stretch)&quot;<br><br>
> > ID=raspbian<br><br>
> > ID_LIKE=debian<br><br>
> > HOME_URL=&quot;<a href="http://www.raspbian.org/&quot" target="_blank">http://www.raspbian.org/&quot</a>;<br><br>
> > SUPPORT_URL=&quot;<a href="http://www.raspbian.org/RaspbianForums&quot" target="_blank">http://www.raspbian.org/RaspbianForums&quot</a>;<br><br>
> > BUG_REPORT_URL=&quot;<a href="http://www.raspbian.org/RaspbianBugs&quot" target="_blank">http://www.raspbian.org/RaspbianBugs&quot</a>;</div><br>
> > </div><br>
> > </div><br>
> > </div></div></body></html><br>
> <br>
> > _______________________________________________<br>
> > tpm2 mailing list<br>
> > tpm2(a)lists.01.org<br>
> > <a href="https://lists.01.org/mailman/listinfo/tpm2" target="_blank">https://lists.01.org/mailman/listinfo/tpm2</a><br>
> </div>
> </div>
> </div>
> </div>
>
> <div> </div>
>
> <div class="signature"> </div></div></body></html>
next reply other threads:[~2018-03-20 19:19 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-03-20 19:19 Philip Tricca [this message]
-- strict thread matches above, loose matches on Subject: below --
2018-03-28 17:40 [tpm2] Problem with Infineon Iridium SLB 9670 TPM2.0 Philip Tricca
2018-03-28 15:51 Trevor Woerner
2018-03-23 20:42 Roberts, William C
2018-03-23 20:11 madprops
2018-03-23 19:58 Roberts, William C
2018-03-19 20:17 madprops
2018-03-19 15:31 Philip Tricca
2018-03-19 10:49 Javier Martinez Canillas
2018-03-19 5:07 Philip Tricca
2018-03-18 13:04 madprops
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180320191940.GB2354@intel.com \
--to=tpm2@lists.01.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.