Hello everyone,

I am trying to accomplish the following, but did not succeed and I hope someone can help me.

I want to have a docker compose with two containers. In the first container I want to run the swtpm (https://github.com/stefanberger/swtpm) and in the other a python script that uses tpm2-pytss to connect to the swtpm in the first container.

When I run swtpm and the python script in the same container it works.

In order to run them in separate containers I just duplicated the Dockerfile (I know this has some overhead, but to make sure don’t miss any dependencies), changed the docker CMD command to either run the python script or the swtpm and renamed them to Dockerfile_app_test and Dockerfile_tpm_test.

My docker compose file is looking like this:

version: '3.7'
services:

  app:
    container_name: app
    build:
      context: .
      dockerfile: Dockerfile_app_test
    restart: unless-stopped

  tpm:
    container_name: tpm
    build:
      context: .
      dockerfile: Dockerfile_tpm_test
    ports:
      - "2321:2321"
      - "2322:2322"
    restart: unless-stopped

My python script is:

from tpm2_pytss import *

if __name__ == '__main__':
    print("TPM test application")
    tpm = ESAPI(tcti="swtpm:host=tpm,port=2321")
    tpm.startup(TPM2_SU.CLEAR)
    
    r = tpm.get_random(8)
    print("type is ", type(r))
    print("r    is ", str(r))
    print("as int  ", int(str(r), 16))

When I run it in one Dockerfile I used

tpm = ESAPI(tcti="swtpm:host=localhost,port=2321")

so I thought changing the host name to the docker container name should do it but I always get the following errors:

app  | WARNING:tcti:src/util/io.c:262:socket_connect() Failed to connect to host 172.21.0.2, port 2321: errno 111: Connection refused 

app  | ERROR:tcti:src/tss2-tcti/tcti-swtpm.c:614:Tss2_Tcti_Swtpm_Init() Cannot connect to swtpm TPM socket 

app  | ERROR:tcti:src/tss2-tcti/tctildr-dl.c:170:tcti_from_file() Could not initialize TCTI file: swtpm 

app  | ERROR:tcti:src/tss2-tcti/tctildr.c:428:Tss2_TctiLdr_Initialize_Ex() Failed to instantiate TCTI 

app  | Traceback (most recent call last):

app  |   File "/app/main.py", line 70, in <module>

app  |     tpm = ESAPI(tcti="swtpm:host=tpm,port=2321")

app  |   File "/usr/local/lib/python3.10/dist-packages/tpm2_pytss/ESAPI.py", line 123, in __init__

app  |     tcti = TCTILdr.parse(tcti)

app  |   File "/usr/local/lib/python3.10/dist-packages/tpm2_pytss/TCTILdr.py", line 54, in parse

app  |     return cls(name, conf)

app  |   File "/usr/local/lib/python3.10/dist-packages/tpm2_pytss/TCTILdr.py", line 29, in __init__

app  |     _chkrc(lib.Tss2_TctiLdr_Initialize_Ex(name, conf, self._ctx_pp))

app  |   File "/usr/local/lib/python3.10/dist-packages/tpm2_pytss/internal/utils.py", line 32, in _chkr

app  |     raise TSS2_Exception(rc)

app  | tpm2_pytss.TSS2_Exception.TSS2_Exception: tcti:IO failure

app exited with code 1

I know it’s not a plain tpm2-tss question, but does anyone has experience with that and can help me?

Kind regards,
Henry