[tpm2] tpm2-pytss connect to dockerized swtpm

[henry.gadacz at stud.h-da.de]

[-- Attachment #1: Type: text/plain, Size: 3174 bytes --]

Hello everyone,

 

I am trying to accomplish the following, but did not succeed and I hope
someone can help me.

I want to have a docker compose with two containers. In the first container
I want to run the swtpm (https://github.com/stefanberger/swtpm) and in the
other a python script that uses tpm2-pytss to connect to the swtpm in the
first container. 

 

When I run swtpm and the python script in the same container it works.

In order to run them in separate containers I just duplicated the Dockerfile
(I know this has some overhead, but to make sure don't miss any
dependencies), changed the docker CMD command to either run the python
script or the swtpm and renamed them to Dockerfile_app_test and
Dockerfile_tpm_test.

 

My docker compose file is looking like this:

version: '3.7'
services:

  app:
    container_name: app
    build:
      context: .
      dockerfile: Dockerfile_app_test
    restart: unless-stopped

  tpm:
    container_name: tpm
    build:
      context: .
      dockerfile: Dockerfile_tpm_test
    ports:
      - "2321:2321"
      - "2322:2322"
    restart: unless-stopped

 

 

My python script is:

from tpm2_pytss import *
if __name__ == '__main__':
    print("TPM test application")
    tpm = ESAPI(tcti="swtpm:host=tpm,port=2321")
    tpm.startup(TPM2_SU.CLEAR)
    
    r = tpm.get_random(8)
    print("type is ", type(r))
    print("r    is ", str(r))
    print("as int  ", int(str(r), 16))

 

When I run it in one Dockerfile I used 

tpm = ESAPI(tcti="swtpm:host=localhost,port=2321")

so I thought changing the host name to the docker container name should do
it but I always get the following errors:

app  | WARNING:tcti:src/util/io.c:262:socket_connect() Failed to connect to
host 172.21.0.2, port 2321: errno 111: Connection refused 
app  | ERROR:tcti:src/tss2-tcti/tcti-swtpm.c:614:Tss2_Tcti_Swtpm_Init()
Cannot connect to swtpm TPM socket 
app  | ERROR:tcti:src/tss2-tcti/tctildr-dl.c:170:tcti_from_file() Could not
initialize TCTI file: swtpm 
app  | ERROR:tcti:src/tss2-tcti/tctildr.c:428:Tss2_TctiLdr_Initialize_Ex()
Failed to instantiate TCTI 
app  | Traceback (most recent call last):
app  |   File "/app/main.py", line 70, in <module>
app  |     tpm = ESAPI(tcti="swtpm:host=tpm,port=2321")
app  |   File "/usr/local/lib/python3.10/dist-packages/tpm2_pytss/ESAPI.py",
line 123, in __init__
app  |     tcti = TCTILdr.parse(tcti)
app  |   File
"/usr/local/lib/python3.10/dist-packages/tpm2_pytss/TCTILdr.py", line 54, in
parse
app  |     return cls(name, conf)
app  |   File
"/usr/local/lib/python3.10/dist-packages/tpm2_pytss/TCTILdr.py", line 29, in
__init__
app  |     _chkrc(lib.Tss2_TctiLdr_Initialize_Ex(name, conf, self._ctx_pp))
app  |   File
"/usr/local/lib/python3.10/dist-packages/tpm2_pytss/internal/utils.py", line
32, in _chkr
app  |     raise TSS2_Exception(rc)
app  | tpm2_pytss.TSS2_Exception.TSS2_Exception: tcti:IO failure
app exited with code 1

 

 

I know it's not a plain tpm2-tss question, but does anyone has experience
with that and can help me? 

 

Kind regards, 
Henry

 


[-- Attachment #2: attachment.htm --]
[-- Type: text/html, Size: 12184 bytes --]