Re: [tpm2] TCTI initialization fails with error 0xc000b

From: Roberts, William C <william.c.roberts at intel.com>
To: tpm2@lists.01.org
Subject: Re: [tpm2] TCTI initialization fails with error 0xc000b
Date: Fri, 16 Feb 2018 16:52:40 +0000	[thread overview]
Message-ID: <476DC76E7D1DF2438D32BFADF679FC563FEEA502@ORSMSX101.amr.corp.intel.com> (raw)
In-Reply-To: DBXPR03MB57599CBEB53C27C2CA9D6FEF6F50@DBXPR03MB575.eurprd03.prod.outlook.com

[-- Attachment #1: Type: text/plain, Size: 11708 bytes --]

tpm2-abrmd and tpm2-tools are different code bases, and at the time you stumbled onto this issue and until the ticket
below is closed, both code bases will handle TCTI initialization slightly differently.

We discuss this in this ticket:
https://github.com/tpm2-software/tpm2-abrmd/issues/321

On PR:
https://github.com/tpm2-software/tpm2-abrmd/pull/330

For the tools, the tcti string is just a friendly name or a name/path to a shared object, for example:

# this internally appends libtcti- and .so to the name, so you end up with libtcti-device.so and it follows
# library search rules for dlopen()
tpm2_listpcrs --tcti=device

# Options to the tcti can be specified by appending a colon, and then a string, like so:
tpm2_listpcrs --tcti=device:/dev/tpmrm0

# This would look for this library following dlopen() search rules.
tpm2_listpcrs --tcti=libtcti-foo.so

# This would use the library at path, since it’s a path
tpm2_listpcrs --tcti=/foo/bar/libtcti-foo.so

Currently, the logic in abrmd  is following the third and forth form as noted above, however has
A separate option for the config string, --tcti-conf.

After PR #330 is closed, the tools and abrmd’s tcti init routines will behave the same from a user
perspective.

From: tpm2 [mailto:tpm2-bounces(a)lists.01.org] On Behalf Of Moneeb Azhar
Sent: Wednesday, February 14, 2018 2:06 AM
To: Javier Martinez Canillas <javierm(a)redhat.com>; Tricca, Philip B <philip.b.tricca(a)intel.com>
Cc: tpm2(a)lists.01.org
Subject: Re: [tpm2] TCTI initialization fails with error 0xc000b

I finally got it to work. I looked for a reference to tcti-socket in the source  code and found the following;
./tpm2-tools/lib/tpm2_tcti_ldr.h:37: *  library name: path = libtcti-socket.so
./tpm2-abrmd/scripts/int-test-funcs.sh:113:        tabrmd_opts="$tabrmd_opts --tcti=libtcti-socket.so --tcti-conf=tcp://127.0.0.1:${tabrmd_port}/"

So I tried the following:
$ sudo -u tss tpm2-abrmd --tcti=libtcti-socket.so
Client accepted
Client accepted

Thanks a lot for all the help and quick replies.

Regards,
Moneeb

________________________________
From: Javier Martinez Canillas <javierm(a)redhat.com<mailto:javierm(a)redhat.com>>
Sent: Wednesday, February 14, 2018 1:02 PM
To: Moneeb Azhar; Tricca, Philip B
Cc: tpm2(a)lists.01.org<mailto:tpm2(a)lists.01.org>
Subject: Re: [tpm2] TCTI initialization fails with error 0xc000b

On 02/14/2018 08:42 AM, Moneeb Azhar wrote:
> I am  using the ibm simulator and it starts up fine. However:
>
> $ ls -l /dev/tpm0
> ls: cannot access '/dev/tpm0': No such file or directory
>
>
> Is /dev/tpm0 required while using the simulator?
>

If you are using the simulator, then you need to use the socket TCTI instead
of the device TCTI.

I can't say what's the exact command to do it because there were some changes
in master recently and I still didn't have time to catch up.

Best regards,
--
Javier Martinez Canillas
Software Engineer - Desktop Hardware Enablement
Red Hat

> ________________________________
> From: Tricca, Philip B <philip.b.tricca(a)intel.com<mailto:philip.b.tricca(a)intel.com>>
> Sent: Wednesday, February 14, 2018 3:11 AM
> To: Moneeb Azhar
> Cc: tpm2(a)lists.01.org<mailto:tpm2(a)lists.01.org>
> Subject: RE: TCTI initialization fails with error 0xc000b
>
>
> You’re making progress. This time the daemon loaded the TCTI properly but the TCTI initialization function failed. For the device TCTI this is 99% an issue with permissions on /dev/tpm0. Check to see which user can access this device (root?) and then run the daemon as that user. Ideally this will be an unprivileged user and most distros use one called ‘tss’: https://github.com/tpm2-software/tpm2-abrmd/blob/master/INSTALL.md#system-user--group
[https://avatars2.githubusercontent.com/u/34488697?s=400&v=4]<https://github.com/tpm2-software/tpm2-abrmd/blob/master/INSTALL.md#system-user--group>

tpm2-abrmd/INSTALL.md at master - github.com<https://github.com/tpm2-software/tpm2-abrmd/blob/master/INSTALL.md#system-user--group>
github.com
This is a quick set of instructions to build, install and run the tpm2-abrmd. Dependencies. To build and install the tpm2-abrmd software the following dependencies ...

>
> [https://avatars2.githubusercontent.com/u/34488697?s=400&v=4]<https://github.com/tpm2-software/tpm2-abrmd/blob/master/INSTALL.md#system-user--group<https://avatars2.githubusercontent.com/u/34488697?s=400&v=4%5d%3chttps://github.com/tpm2-software/tpm2-abrmd/blob/master/INSTALL.md#system-user--group>>
>
> tpm2-abrmd/INSTALL.md at master - github.com<https://github.com/tpm2-software/tpm2-abrmd/blob/master/INSTALL.md#system-user--group>
[https://avatars2.githubusercontent.com/u/34488697?s=400&v=4]<https://github.com/tpm2-software/tpm2-abrmd/blob/master/INSTALL.md#system-user--group>

tpm2-abrmd/INSTALL.md at master - github.com<https://github.com/tpm2-software/tpm2-abrmd/blob/master/INSTALL.md#system-user--group>
github.com
This is a quick set of instructions to build, install and run the tpm2-abrmd. Dependencies. To build and install the tpm2-abrmd software the following dependencies ...

> github.com
> This is a quick set of instructions to build, install and run the tpm2-abrmd. Dependencies. To build and install the tpm2-abrmd software the following dependencies ...
>
>
>
>
> Philip
>
>
>
> From: Moneeb Azhar [mailto:moneeb777(a)hotmail.com]
> Sent: 13 February, 2018 12:45
> To: Tricca, Philip B <philip.b.tricca(a)intel.com<mailto:philip.b.tricca(a)intel.com>>
> Cc: tpm2(a)lists.01.org<mailto:tpm2(a)lists.01.org>
> Subject: Re: TCTI initialization fails with error 0xc000b
>
>
>
> The workaround leads to a similar error:
>
>
>
> ubuntu:~/Desktop/ibmtpm974/src$ tpm2-abrmd --tcti=libtcti-device.so
> ** (tpm2-abrmd:4065): WARNING **: failed to initialize device TCTI context: 0xa000a
> ** (tpm2-abrmd:4065): CRITICAL **: TCTI initialization failed: 0xa000a
>
> This is similar to issue #92 but I am already following the steps suggested in the comments there.
>
>
>
>
>
> ________________________________
>
> From: Tricca, Philip B <philip.b.tricca(a)intel.com<mailto:philip.b.tricca(a)intel.com<mailto:philip.b.tricca(a)intel.com%3cmailto:philip.b.tricca(a)intel.com>>>
> Sent: Tuesday, February 13, 2018 11:38 PM
> To: Moneeb Azhar
> Cc: tpm2(a)lists.01.org<mailto:tpm2(a)lists.01.org>
> Subject: RE: TCTI initialization fails with error 0xc000b
>
>
>
> I triaged this last night. It’s a bug in the logic that selects the default TCTI. I’ve got an issue in the tracker for it here: https://github.com/tpm2-software/tpm2-abrmd/issues/327. You can work around it by explicitly selecting the device TCTI with the following option: `--tcti=libtcti-device.so`. I’ll be fixing this up today and likely changing the way we specify the TCTI to align with the tools `--tcti` option.
>
> [https://avatars0.githubusercontent.com/u/1550813?s=400&v=4]<https://github.com/tpm2-software/tpm2-abrmd/issues/327<https://avatars0.githubusercontent.com/u/1550813?s=400&v=4%5d%3chttps://github.com/tpm2-software/tpm2-abrmd/issues/327>>
>
>
> sane default TCTI * Issue #327 * tpm2-software/tpm2-abrmd<https://github.com/tpm2-software/tpm2-abrmd/issues/327>
>
> github.com
>
> It looks like, when provided with no --tcti option we're not picking a sane default value for the TCTI library. If the option is omitted we should default to the device TCTI.
>
>
>
>
> Best,
>
> Philip
>
>
>
> From: Moneeb Azhar [mailto:moneeb777(a)hotmail.com]
> Sent: 13 February, 2018 04:50
> To: Tricca, Philip B <philip.b.tricca(a)intel.com<mailto:philip.b.tricca(a)intel.com<mailto:philip.b.tricca(a)intel.com%3cmailto:philip.b.tricca(a)intel.com>>>
> Cc: tpm2(a)lists.01.org<mailto:tpm2(a)lists.01.org>
> Subject: Re: TCTI initialization fails with error 0xc000b
>
>
>
> Hey,
>
>
>
> So from what I have gathered, tabrmd is designed to connect directly to the simulator without the need to pass any options by using --tcti. I tried doing this and get the exact same error:
>
>
>
> ubuntu:~/Desktop/ibmtpm974/src$ sudo tpm2-abrmd  --allow-root
> ** (tpm2-abrmd:105445): WARNING **: Failed to get reference to symbol: tpm2-abrmd: undefined symbol: Tss2_Tcti_Info
> ** (tpm2-abrmd:105445): CRITICAL **: TCTI initialization failed: 0xc000b
>
> I  must be doing something wrong but I don't know what. Are there any log files I can go through  which could tell me what is happening?
>
> Regards,
> Moneeb
>
>
>
>
>
> ________________________________
>
> From: Tricca, Philip B <philip.b.tricca(a)intel.com<mailto:philip.b.tricca(a)intel.com<mailto:philip.b.tricca(a)intel.com%3cmailto:philip.b.tricca(a)intel.com>>>
> Sent: Monday, February 12, 2018 9:04 PM
> To: Moneeb Azhar
> Cc: tpm2(a)lists.01.org<mailto:tpm2(a)lists.01.org>
> Subject: RE: TCTI initialization fails with error 0xc000b
>
>
>
> Apologies in advance for top posting. I’m stuck on a windows system while traveling.
>
>
>
> It seems as though your issue is related to a recent change to the way we’re initializing the TCTI modules. This caused a few changes to the relevant command line options like `--tcti`. If you’re connecting the tabrmd up to the TPM device and not the simulator as is described in the wiki page you link, then you’ll either need to either leave the `--tcti` option out (the device TCTI should be the default) or use the new form of the `--tcti` option which is documented in our man pages. The source for the man page and the relevant option can be found here: https://github.com/tpm2-software/tpm2-abrmd/blob/master/man/tpm2-abrmd.8.in#L21. Since we’re now loading the TCTI shared object using dlopen the string passed via the `--tcti` option is passed directly to dlopen so the same lookup rules apply. `--tcti=libtcti-device.so` should work for you assuming your LD_CONFIG_PATH is set up right.
>
>
>
> Just a heads up though: https://github.com/tpm2-software/tpm2-abrmd/issues/321 is tracking our work to align the `--tcti` option across the tabrmd and the tools. The tabrmd is very probably going to adopt the same convention that Bill implemented for the tools before the next release.
>
>
>
> Hope this helps,
>
> Philip
>
>
>
> From: tpm2 [mailto:tpm2-bounces(a)lists.01.org] On Behalf Of Moneeb Azhar
> Sent: 12 February, 2018 05:43
> To: tpm2(a)lists.01.org<mailto:tpm2(a)lists.01.org>
> Subject: [tpm2] TCTI initialization fails with error 0xc000b
>
>
>
> Hi,
>
> I am trying to setup a TPM development environment on ubuntu16.04 by following the installation wiki here: https://github.com/tpm2-software/tpm2-tools/wiki/Getting-Started#installing
>
> Everything installs correctly but I get the following error:
>
> $ sudo -u tss tpm2-abrmd --tcti=device
> ** (tpm2-abrmd:104197): WARNING **: failed to dlopen file device: device: cannot open shared object file: No such file or directory
> ** (tpm2-abrmd:104197): CRITICAL **: TCTI initialization failed: 0xc000b
>
> systemctl  show me the following:
> $ sudo systemctl status tpm2-abrmd.service
> ● tpm2-abrmd.service - TPM2 Access Broker and Resource Management Daemon
>    Loaded: loaded (/lib/systemd/system/tpm2-abrmd.service; enabled; vendor preset: enabl
>    Active: inactive (dead)
>
> How would I go about figuring out what is wrong? I am new to this so any help would be highly appreciated.
>
> Regards,
> Moneeb
>
>
>
> _______________________________________________
> tpm2 mailing list
> tpm2(a)lists.01.org<mailto:tpm2(a)lists.01.org>
> https://lists.01.org/mailman/listinfo/tpm2
>

[-- Attachment #2: attachment.html --]
[-- Type: text/html, Size: 27960 bytes --]