On Thu, Jul 19, 2018 at 11:24:23AM +0100, Joshua Lock wrote: > > > On 18/07/2018 22:17, Scheie, Peter M wrote: > >By the way, does abrmd default to trying to connect to /dev/tpm0?  When > >working with the emulator on my laptop, I have to start abrmd with > >'--tcti=libtss2-tcti-mssim.so' but I assume that's just for when there is > >no TPM device, right? > > Correct, if no --tcti value is passed abrmd defaults to using the device > tcti: > https://github.com/tpm2-software/tpm2-abrmd/blob/2296d48a1004aff5f93d6ec23a50819f2a5c5584/src/tcti-dynamic.c#L138 > > At line 142 you can see where the default value of the TCTI library file > property is set to "libtss2-tcti-device.so". > > >So, with tpm2-abrmd running, if I call, say, tpm2_pcrlist or tpm2_nvlist, > >to just query the TPM, it will display the PCRs or the NV indexes but then > >follow that with a "Segmentation fault", and syslog shows things like > >this: > > > >Jun 27 22:32:42 localhost audit[1432]: ANOM_ABEND auid=1000 uid=1000 > >gid=1000 ses=1 pid=1432 comm="gdbus" exe="/usr/bin/tpm2_pcrlist" sig=11 > > > >Jun 27 22:32:42 localhost kernel: gdbus[1432]: segfault at 7f8327acc750 ip > >00007f8327acc750 sp 00007f8326ab2c38 error 14 in > >libtss2-mu.so.0.0.0[7f8328284000+3f000] > > > >Jun 27 22:32:42 localhost kernel[363]: gdbus[1432]: segfault at > >7f8327acc750 ip 00007f8327acc750 sp 00007f8326ab2c38 error 14 in > >libtss2-mu.so.0.0.0[7f8328284000+3f000] > > > >Trying to write to the TPM, e.g., take ownership, doesn't work at all: > > > >localhost:~$ tpm2_takeownership -o ownerpass -e endorsepass -l lockpass > > > >ERROR: Could not change hierarchy for Owner. TPM Error:0x9a2 > > I just recently learned about tpm2_rc_decode[1], it tells me: > > $ ./tools/aux/tpm2_rc_decode 0x9a2 > tpm:session(1):authorization failure without DA implications > > Is this TPM already configured? Have you replicated on more than one system? 100% recommend verifying this configuration on a more "typical" Linux distro since this is nearly impossible for us to repro. Also WRL is based on OpenEmbedded? Can you get a working system up on a stock Sumo build? Philip