From: Fuchs, Andreas <andreas.fuchs at sit.fraunhofer.de>
To: tpm2@lists.01.org
Subject: [tpm2] Re: Some Errors
Date: Fri, 10 Jan 2020 14:16:04 +0000 [thread overview]
Message-ID: <9F48E1A823B03B4790B7E6E69430724D0163C47D73@EXCH2010B.sit.fraunhofer.de> (raw)
In-Reply-To: trinity-716f3f37-844f-4325-ba0b-1792d13a4d87-1578662912999@3c-app-1and1-bs04
[-- Attachment #1: Type: text/plain, Size: 3217 bytes --]
This is now a different error code.
It's an authorization error.
Did you set the owner authorization (aka storage hierarchy) ?
That needs to be passed using -P
________________________________
From: Alexander Lieb [alexander.lieb(a)online.de]
Sent: Friday, January 10, 2020 14:28
To: Fuchs, Andreas
Cc: tpm2(a)lists.01.org
Subject: Aw: RE: [tpm2] Some Errors
Still not working :(
# tpm2_evictcontrol -c ak.ctx 0x81010002
WARNING:esys:src/tss2-esys/api/Esys_EvictControl.c:326:Esys_EvictControl_Finish() Received TPM Error
ERROR:esys:src/tss2-esys/api/Esys_EvictControl.c:114:Esys_EvictControl() Esys Finish ErrorCode (0x000009a2)
ERROR: Esys_EvictControl(0x9A2) - tpm:session(1):authorization failure without DA implications
ERROR:esys:src/tss2-esys/esys_tr.c:357:Esys_TR_Close() Error: Esys handle does not exist (70018).
ERROR: Esys_TR_Close(0x70018) - esapi:0x18
ERROR: Unable to run tpm2_evictcontrol
# tpm2_evictcontrol -C o -c ak.ctx 0x81010002
WARNING:esys:src/tss2-esys/api/Esys_EvictControl.c:326:Esys_EvictControl_Finish() Received TPM Error
ERROR:esys:src/tss2-esys/api/Esys_EvictControl.c:114:Esys_EvictControl() Esys Finish ErrorCode (0x000009a2)
ERROR: Esys_EvictControl(0x9A2) - tpm:session(1):authorization failure without DA implications
ERROR:esys:src/tss2-esys/esys_tr.c:357:Esys_TR_Close() Error: Esys handle does not exist (70018).
ERROR: Esys_TR_Close(0x70018) - esapi:0x18
ERROR: Unable to run tpm2_evictcontrol
#
Gesendet: Freitag, 10. Januar 2020 um 13:47 Uhr
Von: "Fuchs, Andreas" <andreas.fuchs(a)sit.fraunhofer.de>
An: "Alexander Lieb" <alexander.lieb(a)online.de>, "tpm2(a)lists.01.org" <tpm2(a)lists.01.org>
Betreff: RE: [tpm2] Some Errors
That seems to not have been updated correctly.
Should probably be:
tpm2_evictcontrol -c ak.ctx 0x81010002
or
tpm2_evictcontrol -C o -c ak.ctx 0x81010002
Maybe you could try this and if it works, make a PR with the update to the tools project.
Thanks,
Andreas
________________________________
From: Alexander Lieb [alexander.lieb(a)online.de]
Sent: Friday, January 10, 2020 13:36
To: tpm2(a)lists.01.org
Subject: [tpm2] Some Errors
Hi,
I tried to make my ak persistent, usign the following readme:
https://github.com/tpm2-software/tpm2-tools/blob/master/man/tpm2_createak.1.md
The first two commands work fine, the last one results into:
tpm2_evictcontrol -c 0x81010002 -o ak.ctx
WARNING:esys:src/tss2-esys/api/Esys_ReadPublic.c:320:Esys_ReadPublic_Finish() Received TPM Error
ERROR:esys:src/tss2-esys/esys_tr.c:231:Esys_TR_FromTPMPublic_Finish() Error ReadPublic ErrorCode (0x0000018b)
ERROR:esys:src/tss2-esys/esys_tr.c:321:Esys_TR_FromTPMPublic() Error TR FromTPMPublic ErrorCode (0x0000018b)
ERROR: Esys_TR_FromTPMPublic(0x18B) - tpm:handle(1):the handle is not correct for the use
ERROR:esys:src/tss2-esys/esys_tr.c:357:Esys_TR_Close() Error: Esys handle does not exist (70018).
ERROR: Esys_TR_Close(0x70018) - esapi:0x18
ERROR: Unable to run tpm2_evictcontrol
I am not sure, whether I need to run any cmd to allocate the handle, or if it is necessary to be in a special mode or sth. Can you help me with this issue? Thanks a lot.
Best regards
[-- Attachment #2: attachment.htm --]
[-- Type: text/html, Size: 5270 bytes --]
next reply other threads:[~2020-01-10 14:16 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-01-10 14:16 Fuchs, Andreas [this message]
-- strict thread matches above, loose matches on Subject: below --
2020-01-13 15:37 [tpm2] Re: Some Errors Roberts, William C
2020-01-10 16:36 Oliver, Dario N
2020-01-10 13:28 Alexander Lieb
2020-01-10 12:47 Fuchs, Andreas
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=9F48E1A823B03B4790B7E6E69430724D0163C47D73@EXCH2010B.sit.fraunhofer.de \
--to=tpm2@lists.01.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.