From mboxrd@z Thu Jan 1 00:00:00 1970 Content-Type: multipart/mixed; boundary="===============2260795995739197658==" MIME-Version: 1.0 From: Philip Tricca Subject: Re: [tpm2] Problem with Infineon Iridium SLB 9670 TPM2.0 Date: Tue, 20 Mar 2018 12:19:40 -0700 Message-ID: <20180320191940.GB2354@intel.com> In-Reply-To: trinity-07958541-2b38-44f7-9b7d-3b048705f126-1521490653093@3c-app-gmx-bs31 List-ID: To: tpm2@lists.01.org --===============2260795995739197658== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Hey madprops, Thanks for the additional data. On Mon, Mar 19, 2018 at 09:17:33PM +0100, madprops(a)gmx.net wrote: > > =
>
Thank you, Philip! I meanwhile noticed the tools work when I stop tp= m2-abrmd and connect directly to the TPM: 
Well this debunks my theory that your issue was down in the dev tree :) >
 
> = >
pi(a)raspberrypi:~ $ sudo tpm2_pcrlist -T device:/dev/tpm0
> sha1 :
>   0  : 0000000000000000000000000000000000000000
>   1  : 0000000000000000000000000000000000000000
> [...]
> = >
 
> = >
Please find below the information you asked for. While tpm2-abrmd is= running (as root) I still get this:
> = >
 
> = >
pi(a)raspberrypi:~ $ tpm2_pcrlist
> ERROR: Failed to initialize tcti context: 0x1
Seeing this error while the tabrmd is running, but having the tools execute successfully with it stopped is a big hint. This indicates that the tools are probably trying to connect to the /dev/tpm0 device node directly instead of using the tabrmd. I've only see this happen if / when the tools are built in advance of building *and* installing the tabrmd. This happens because the tools build looks for the installed TCTI library for communicating with the daemon. If it doesn't find this library then the tools can't be linked against it and the build will fall back to using the device TCTI as the default. The `config.log` file in the tools build has the output from the `configure` script and this will tell you which TCTI modules are enabled / disabled. Another way to check this theory is to take one of the tools executables and use `readelf` to dump information about the libraries that it links to. If the tabrmd TCTI library isn't listed then something it up. Everything else below looks right. Regards, Philip >
 
> = >
pi(a)raspberrypi:~ $ export TPM2TOOLS_TCTI_NAME=3Dtabrmd
> pi(a)raspberrypi:~ $ tpm2_pcrlist
> ERROR: Unknown tcti, got: "tabrmd"
> = >
 
> = >
=3D=3D=3D=3D=3D=3D=3D=3D Versions:
> = >
tpm2-abrmd: 1.3.1_rc0
> tpm2-tools: 3.0.3
> tpm2-tss: 1.4.0
> = >
 
> = >
=3D=3D=3D=3D=3D=3D=3D=3D /dev/tpm0
> = >
pi(a)raspberrypi:~ $ ls -la /dev/tpm0
> crw------- 1 root root 10, 224 Mar 17 21:35 /dev/tpm0
> = >
=3D=3D=3D=3D=3D=3D=3D=3D tpm2-abrmd LOG
> = >
root(a)raspberrypi:/home/pi# tpm2-abrmd
> ** INFO: tabrmd startup
> ** (process:1852): DEBUG: tcti_factory_set_property
> ** (process:1852): DEBUG:   PROP_TCTI_TYPE
> ** (process:1852): DEBUG:   value: 0x1
> ** (process:1852): DEBUG: tcti_factory_set_property
> ** (process:1852): DEBUG: TctiFactory set device_name: /dev/tpm0
> ** (process:1852): DEBUG: tcti_factory_set_property
> ** (process:1852): DEBUG: TctiFactory set socket_address: 127.0.0.1
> ** (process:1852): DEBUG: tcti_factory_set_property
> ** (process:1852): DEBUG: TctiFactory set socket_port: 2321
> ** INFO: logging to stdout
> ** (tpm2-abrmd:1852): DEBUG: tcti_factory_get_tcti
> ** (tpm2-abrmd:1852): DEBUG: TctiDevice set filename: /dev/tpm0
> ** INFO: entering g_main_loop
> ** INFO: init_thread_func start
> ** (tpm2-abrmd:1852): DEBUG: random_class_init
> ** (tpm2-abrmd:1852): DEBUG: opening entropy source: /dev/urandom
> ** (tpm2-abrmd:1852): DEBUG: reading from entropy source: /dev/urandom
> ** (tpm2-abrmd:1852): DEBUG: seeding rand with -1263045295
> ** (tpm2-abrmd:1852): DEBUG: connection_manager_set_property: 0x15c5ef0 > ** (tpm2-abrmd:1852): DEBUG:   max_connections: 0x1b
> ** (tpm2-abrmd:1852): DEBUG: ConnectionManager: 0x15c5ef0
> ** (tpm2-abrmd:1852): DEBUG: IpcFrontendDbus set bus_name: com.intel.tss2= .Tabrmd
> ** (tpm2-abrmd:1852): DEBUG: ipc_frontend_connect: 0x75b01a08
> ** (tpm2-abrmd:1852): DEBUG: tcti_initialize: 0x15c5200
> ** (tpm2-abrmd:1852): DEBUG: sapi_context_init w/ Tcti: 0x15c5200
> ** (tpm2-abrmd:1852): DEBUG: tcti_peek_context: 0x15c5200
> ** (tpm2-abrmd:1852): DEBUG: Allocating 0x1040 bytes for SAPI context
> ** (tpm2-abrmd:1852): DEBUG: access_broker_set_property: 0x75b0b720
> ** (tpm2-abrmd:1852): DEBUG:   sapi_context: 0x75b0a690
> ** (tpm2-abrmd:1852): DEBUG: access_broker_set_property: 0x75b0b720
> ** (tpm2-abrmd:1852): DEBUG:   tcti: 0x15c5200
> ** (tpm2-abrmd:1852): DEBUG: created AccessBroker: 0x75b0b720
> ** (tpm2-abrmd:1852): DEBUG: access_broker_init_tpm: 0x75b0b720
> ** INFO: on_bus_acquired: com.intel.tss2.Tabrmd
> ** INFO: on_name_acquired: com.intel.tss2.Tabrmd
> ** (tpm2-abrmd:1852): DEBUG: Got proxy object for DBus daemon.
> ** (tpm2-abrmd:1852): DEBUG: access_broker_get_tpm_properties_fixed
> ** (tpm2-abrmd:1852): DEBUG: command_attrs_class_init
> ** (tpm2-abrmd:1852): DEBUG: created CommandAttrs: 0x75b01260
> ** (tpm2-abrmd:1852): DEBUG: GetCapabilty for 0x500 commands
> ** (tpm2-abrmd:1852): DEBUG: got attributes for 0x5a commands
> ** (tpm2-abrmd:1852): DEBUG: command_source_class_init
> ** (tpm2-abrmd:1852): DEBUG: command_source_set_properties: 0x75b02c50
> ** (tpm2-abrmd:1852): DEBUG:   command_attrs: 0x75b01260
> ** (tpm2-abrmd:1852): DEBUG: command_source_set_properties: 0x75b02c50
> ** (tpm2-abrmd:1852): DEBUG: created command source: 0x75b02c50
> ** (tpm2-abrmd:1852): DEBUG: session_list_new with max-per-connection: 0x= 4
> ** (tpm2-abrmd:1852): DEBUG: session_list_init
> ** (tpm2-abrmd:1852): DEBUG: session_list_set_property: 0x15c5fb0 max-per= -connection: 4
> ** (tpm2-abrmd:1852): DEBUG: resource_manager_set_property: 0x75b02ca0
> ** (tpm2-abrmd:1852): DEBUG:   in_queue: 0x75b00f90
> ** (tpm2-abrmd:1852): DEBUG: resource_manager_set_property: 0x75b02ca0
> ** (tpm2-abrmd:1852): DEBUG:   access_broker: 0x75b0b720
> ** (tpm2-abrmd:1852): DEBUG: resource_manager_set_property: 0x75b02ca0
> ** (tpm2-abrmd:1852): DEBUG: created ResourceManager: 0x75b02ca0
> ** (tpm2-abrmd:1852): DEBUG: response_sink_set_property
> ** (tpm2-abrmd:1852): DEBUG:   setting PROP_IN_QUEUE
> ** (tpm2-abrmd:1852): DEBUG: created response source: 0x75b012a8
> ** (tpm2-abrmd:1852): DEBUG: source_add_sink
> ** (tpm2-abrmd:1852): DEBUG: command_soruce_add_sink: CommandSource: 0x75= b02c50 , Sink: 0x75b02ca0
> ** (tpm2-abrmd:1852): DEBUG: command_source_set_properties: 0x75b02c50
> ** (tpm2-abrmd:1852): DEBUG:   sink: 0x75b02ca0
> ** (tpm2-abrmd:1852): DEBUG: source_add_sink
> ** (tpm2-abrmd:1852): DEBUG: resource_manager_add_sink: ResourceManager: = 0x75b02ca0, Sink: 0x75b012a8
> ** (tpm2-abrmd:1852): DEBUG: resource_manager_set_property: 0x75b02ca0
> ** (tpm2-abrmd:1852): DEBUG:   sink: 0x75b012a8
> ** INFO: init_thread_func done
> ** (tpm2-abrmd:1852): DEBUG: resource_manager_thread start
> ** (tpm2-abrmd:1852): DEBUG: response_sink_thread blocking on input queue= : 0x75b00e50
> ** (tpm2-abrmd:1852): DEBUG: message_queue_dequeue 0x75b00e50
> ** (tpm2-abrmd:1852): DEBUG: message_queue_dequeue 0x75b00f90
> >
 
> = >
=3D=3D=3D=3D=3D=3D=3D=3D MISC
> = >
pi(a)raspberrypi:~/TPM/tpm2-tss $ cat /etc/dbus-1/system.d/tpm2-abrm= d.conf
> <!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configu= ration 1.0//EN"
>  "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd&q= uot;>
> <busconfig>
>   <!-- ../system.conf have denied everything, so we just punch so= me holes -->
>   <policy user=3D"tss">
>     <allow own=3D"com.intel.tss2.Tabrmd"/>=
>   </policy>
>   <policy user=3D"root">
>     <allow own=3D"com.intel.tss2.Tabrmd"/>=
>   </policy>
>   <policy context=3D"default">
>     <allow send_destination=3D"com.intel.tss2.Tabr= md"/>
>     <allow receive_sender=3D"com.intel.tss2.Tabrmd= "/>
>   </policy>
> </busconfig>
> = >
 
> = >
 
> = >
  >
>
Gesendet: Montag, 19. M=C3= =A4rz 2018 um 06:07 Uhr
> Von: "Philip Tricca" <philip.b.tricca(a)intel.co= m>
> An: madprops(a)gmx.net
> Cc: tpm2(a)lists.01.org
> Betreff: Re: [tpm2] Problem with Infineon Iridium SLB 9670 TP= M2.0
> = >
Hey there madprops,
>
> On Sun, Mar 18, 2018 at 02:04:15PM +0100, madprops(a)gmx.net wrote: > > <html><head>
> > <meta http-equiv=3D"Content-Type" content=3D"text/= html; charset=3Dutf-8"></head><body><div style=3D&qu= ot;font-family: Verdana;font-size: 12.0px;"><div>
> > <div class=3D"signature">
> > <div class=3D"signature">
> > <div>I'm trying to get an &quot;Infineon Iridium SLB 9670 = TPM 2.0 SPI Board&quot; run on my Raspberry Pi 3. I have downloaded, co= mpiled and installed the latest versions of tpm2-abrmd, tpm2-tss and tpm2-t= ools. I started tpm2-abrmd as root, hoping that I can then interact with th= e Infineon TPM using tpm2-tools. &quot;tpm2_pcrlist&quot; and all o= ther tpm2_* commands, however, return error &quot;ERROR: Failed to init= ialize tcti context: 0x1&quot;.</div>
> >
>
> Can you please provide some more info about your configuration?
> Specifically:
> - the version of the TSS2 libraries you're using
> - the version of the tabrmd you're using
> - the configuration options you're passing to each
>
> A log file from the tabrmd with logging dialed all the way up would be
> helpful. Since tabrmd uses glib and it's logging infrastructure you dial<= br> > up the debug output all the way by setting `G_MESSAGES_DEBUG=3Dall` in th= e
> daemon's environment.
>
> > <div>&nbsp;</div>
> >
> > <div>Any ideas? Thanks!</div>
>
> The most common issue we've seen people run into when installing from
> source is that the default value for the `prefix` and some other
> installation directories aren't what most expect.
>
> Still, if you're running the daemon as root you shouldn't have any
> issues w/r to permissions on the /dev/tpm0 device node so I wonder if
> this node even exists on your platform. You may want to check to see if > `/dev/tpm0` is even present on your system. You're on an ARM platform
> which means the kernel will only be aware of the TPM2 device you've
> added if you configure the device tree properly.
>
> Regards,
> Philip
>
> > <div>pi(a)raspberrypi:~/TPM/tpm2-abrmd $ uname -a<br>
> > Linux raspberrypi 4.4.50-v7&#43; #1 SMP Wed Mar 14 14:01:00 PDT = 2018 armv7l GNU/Linux (&lt;=3D=3D includes patch provided by Infineon)&= lt;/div>
> >
> > <div>&nbsp;</div>
> >
> > <div>pi(a)raspberrypi:~/TPM/tpm2-abrmd $ dmesg | grep tpm<b= r>
> > [&nbsp;&nbsp;&nbsp; 3.700384] tpm_spi_tis spi0.1: 2.0 TP= M (device-id 0xB6BC, rev-id 16)</div>
> >
> > <div>&nbsp;</div>
> >
> > <div>pi(a)raspberrypi:/etc $ cat /etc/os-release<br>
> > PRETTY_NAME=3D&quot;Raspbian GNU/Linux 9 (stretch)&quot;<= br>
> > NAME=3D&quot;Raspbian GNU/Linux&quot;<br>
> > VERSION_ID=3D&quot;9&quot;<br>
> > VERSION=3D&quot;9 (stretch)&quot;<br>
> > ID=3Draspbian<br>
> > ID_LIKE=3Ddebian<br>
> > HOME_URL=3D&quot;http://www.raspbian.org/&quot;<br>
> > SUPPORT_URL=3D&quot;http://www.raspbian.org/RaspbianForums&am= p;quot;<br>
> > BUG_REPORT_URL=3D&quot;http://www.raspbian.org/RaspbianBugs&= ;quot;</div>
> > </div>
> > </div>
> > </div></div></body></html>
>
> > _______________________________________________
> > tpm2 mailing list
> > tpm2(a)lists.01.org
> > https://lists.01.org/mailman/listinfo/tpm2
>  
>
>
>
> = >
 
> = >
 
--===============2260795995739197658==--