Re: [tpm2] Get error 0x99D in function Tss2_Sys_AC_Send() when sending data from TPM to AC

Re: [tpm2] Get error 0x99D in function Tss2_Sys_AC_Send() when sending data from TPM to AC

[Shen, Songwu]

[-- Attachment #1: Type: text/plain, Size: 1278 bytes --]

Hi Tadeusz,



Thank you for correction:)
I look into the spec and I'm sending TPM2_AC_SEND command,
it mentioned that policySession->commandCode of policy session context is required to be TPM_CC_AC_SEND, otherwise it will report TPM_RC_POLICY_FAIL.
But I can't find the definition of policySession in TPM spec part2, and commandCode:



[cid:image001.png(a)01D4E619.3AC002A0]

Could you help?



Thanks

Songwu



-----Original Message-----
From: Struk, Tadeusz
Sent: Friday, March 29, 2019 6:37 AM
To: Shen, Songwu <songwu.shen(a)intel.com>; tpm2(a)lists.01.org; Tricca, Philip B <philip.b.tricca(a)intel.com>
Subject: Re: Get error 0x99D in function Tss2_Sys_AC_Send() when sending data from TPM to AC



Hello,

On 3/28/19 1:06 AM, Shen, Songwu wrote:

> Under Windows, I encounter an error 0x99D response from the TPM when calling function Tss2_Sys_AC_Send() to send data from TPM to Attached Component.

>

> And searching in the TPM spec, looks like this is the error:



As far as I can see the 0x99D is a policy check failed.

The spec says that for TPM2_AC_Send the authorization for sendObject is required to be a policy session.

Make sure that you setup your authorization correctly.



Thanks,

--

Tadeusz

[-- Attachment #2: attachment.html --]
[-- Type: text/html, Size: 5145 bytes --]

[-- Attachment #3: image001.png --]
[-- Type: image/png, Size: 69007 bytes --]

Re: [tpm2] Get error 0x99D in function Tss2_Sys_AC_Send() when sending data from TPM to AC

[Shen, Songwu]

[-- Attachment #1: Type: text/plain, Size: 1976 bytes --]

Hi Tadeusz,

Maybe before calling TSS2_Sys_AC_SEND(), we should call Tss2_Sys_PolicyCommandCode() to set policySession->commandCode to TPM2_CC_AC_Send according to the spec.

But I still don't know how to program it, could you provide any sample for Tss2_Sys_PolicyCommandCode() and Tss2_Sys_AC_SEND()?

Thanks
Songwu

From: Shen, Songwu
Sent: Friday, March 29, 2019 10:24 AM
To: Struk, Tadeusz <tadeusz.struk(a)intel.com>; tpm2(a)lists.01.org; Tricca, Philip B <philip.b.tricca(a)intel.com>
Subject: RE: Get error 0x99D in function Tss2_Sys_AC_Send() when sending data from TPM to AC


Hi Tadeusz,



Thank you for correction:)
I look into the spec and I'm sending TPM2_AC_SEND command,
it mentioned that policySession->commandCode of policy session context is required to be TPM_CC_AC_SEND, otherwise it will report TPM_RC_POLICY_FAIL.
But I can't find the definition of policySession in TPM spec part2, and commandCode:



[cid:image001.png(a)01D4E619.3AC002A0]

Could you help?



Thanks

Songwu



-----Original Message-----
From: Struk, Tadeusz
Sent: Friday, March 29, 2019 6:37 AM
To: Shen, Songwu <songwu.shen(a)intel.com<mailto:songwu.shen(a)intel.com>>; tpm2(a)lists.01.org<mailto:tpm2(a)lists.01.org>; Tricca, Philip B <philip.b.tricca(a)intel.com<mailto:philip.b.tricca(a)intel.com>>
Subject: Re: Get error 0x99D in function Tss2_Sys_AC_Send() when sending data from TPM to AC



Hello,

On 3/28/19 1:06 AM, Shen, Songwu wrote:

> Under Windows, I encounter an error 0x99D response from the TPM when calling function Tss2_Sys_AC_Send() to send data from TPM to Attached Component.

>

> And searching in the TPM spec, looks like this is the error:



As far as I can see the 0x99D is a policy check failed.

The spec says that for TPM2_AC_Send the authorization for sendObject is required to be a policy session.

Make sure that you setup your authorization correctly.



Thanks,

--

Tadeusz

[-- Attachment #2: attachment.html --]
[-- Type: text/html, Size: 6820 bytes --]

[-- Attachment #3: image001.png --]
[-- Type: image/png, Size: 69007 bytes --]

Re: [tpm2] Get error 0x99D in function Tss2_Sys_AC_Send() when sending data from TPM to AC

[Tadeusz Struk]

[-- Attachment #1: Type: text/plain, Size: 517 bytes --]

Hello,
On 3/28/19 1:06 AM, Shen, Songwu wrote:
> Under Windows, I encounter an error 0x99D response from the TPM when calling function Tss2_Sys_AC_Send() to send data from TPM to Attached Component.
> 
> And searching in the TPM spec, looks like this is the error:

As far as I can see the 0x99D is a policy check failed.
The spec says that for TPM2_AC_Send the authorization for sendObject is required to be a policy session.
Make sure that you setup your authorization correctly. 

Thanks,
-- 
Tadeusz

[tpm2] Get error 0x99D in function Tss2_Sys_AC_Send() when sending data from TPM to AC

[Shen, Songwu]

[-- Attachment #1: Type: text/plain, Size: 948 bytes --]

Dear sir,

Under Windows, I encounter an error 0x99D response from the TPM when calling function Tss2_Sys_AC_Send() to send data from TPM to Attached Component.
And searching in the TPM spec, looks like this is the error:
[cid:image001.jpg(a)01D4E580.3C4ED180]
But I don't understand which one is the 6th authorization session handle for the function:
TSS2_RC Tss2_Sys_AC_Send(
    TSS2_SYS_CONTEXT *sysContext,
    TPMI_DH_OBJECT       sendObject,
    TPMI_RH_NV_AUTH authHandle,
    TPMI_RH_AC                ac,
    TSS2L_SYS_AUTH_COMMAND const *cmdAuthsArray,
    TPM2B_MAX_BUFFER *acDataIn,
    TPMS_AC_OUTPUT *acDataOut,
TSS2L_SYS_AUTH_RESPONSE *rspAuthsArray)

Could anybody help me out here? And there is no sample code to show how to use this function, so I'm stuck by this issue.

Thanks in advance!

Songwu Shen
Shanghai, China
Tel: 86-18702108195
Email: songwu.shen(a)intel.com<mailto:songwu.shen(a)intel.com>


[-- Attachment #2: attachment.html --]
[-- Type: text/html, Size: 5566 bytes --]

[-- Attachment #3: image001.jpg --]
[-- Type: image/jpeg, Size: 12849 bytes --]