* [tpm2] The script of evictcontrol failed during create ek and ak
@ 2020-05-09 3:58 Zhao, Shirley
0 siblings, 0 replies; only message in thread
From: Zhao, Shirley @ 2020-05-09 3:58 UTC (permalink / raw)
To: tpm2
[-- Attachment #1: Type: text/plain, Size: 4698 bytes --]
Thanks, Imran.
I have fixed the failure of the script of tpm2_policyauthorize.
Now, I met another failure when running the script on https://github.com/tpm2-software/tpm2-tools/blob/master/man/tpm2_createak.1.md.
The log is:
$ tpm2_startup --clear --tcti=mssim
$ tpm2_createek -c ek.handle -G rsa -u ek.pub --tcti=mssim
$ tpm2_createak -C ek.handle -c ak.ctx -u ak.pub -n ak.name --tcti=mssim
loaded-key:
name: 000ba3f7e942e3d87b2c7bebb28f6893c4146bc5a89a4018c9f6b778406f2eac0fea
$ tpm2_evictcontrol -C o -c ak.ctx 0x81010002 --tcti=mssim
WARNING:esys:src/tss2-esys/api/Esys_ContextLoad.c:279:Esys_ContextLoad_Finish() Received TPM Error
ERROR:esys:src/tss2-esys/api/Esys_ContextLoad.c:93:Esys_ContextLoad() Esys Finish ErrorCode (0x00000902)
ERROR: Esys_ContextLoad(0x902) - tpm:warn(2.0): out of memory for object contexts
ERROR:esys:src/tss2-esys/esys_tr.c:357:Esys_TR_Close() Error: Esys handle does not exist (70018).
ERROR: Esys_TR_Close(0x70018) - esapi:The ESYS_TR resource object is bad
ERROR: Unable to run tpm2_evictcontrol
Not sure whether it is the handle is wrong, because when check transient handle as below.
$ tpm2_getcap handles-transient --tcti=mssim
- 0x80000000
- 0x80000001
- 0x80000002
But even I update the 0x81010002 into 0x80000000, 0x80000001 or 0x80000002, it still result in the same error.
Please help, thanks.
* Shirley
From: Zhao, Shirley
Sent: Monday, April 27, 2020 5:33 PM
To: 'tpm2(a)lists.01.org' <tpm2(a)lists.01.org>
Subject: The script of tpm2_policyauthorize failed
Hi, all,
I ran the script of tpm2_policyauthorize and met error.
The steps is following the page https://github.com/tpm2-software/tpm2-tools/blob/master/man/tpm2_policyauthorize.1.md.
Not sure whether it is the script error or any bug in source code.
The log is as below, please help check.
$ openssl genrsa -out signing_key_private.pem 2048
Generating RSA private key, 2048 bit long modulus (2 primes)
........................+++++
....................................................................................................................................................................................................................................+++++
e is 65537 (0x010001)
$ openssl rsa -in signing_key_private.pem -out signing_key_public.pem -pubout
writing RSA key
$ tpm2_startup --clear --tcti=mssim
$ tpm2_loadexternal -G rsa -C o -u signing_key_public.pem -c signing_key.ctx -n signing_key.name --tcti=mssim
name: 000be282af94009998a545488daf129bac7379048a44361b9e77df40a03bc4ab8a4e
$ tpm2_pcrread -opcr0.sha256 sha256:0 --tcti=mssim
sha256:
0 : 0x0000000000000000000000000000000000000000000000000000000000000000
$ tpm2_startauthsession -S session.ctx --tcti=mssim
$ tpm2_policypcr -S session.ctx -l sha256:0 -f pcr0.sha256 -L pcr.policy --tcti=mssim
093ceb41181d47808862d7946268ee6a17a10e3d1b79b32351bc56e4beaceff0
$ tpm2_flushcontext session.ctx --tcti=mssim
$ openssl dgst -sha256 -sign signing_key_private.pem -out pcr.signature pcr.policy
$ tpm2_startauthsession -S session.ctx --tcti=mssim
$ tpm2_policyauthorize -S session.ctx -L authorized.policy -i pcr.policy -n signing_key.name --tcti=mssim
1307183d719d482ddb2465b67e31ee1728313157d4be0f15a6fe0ded4540758d
$ tpm2_flushcontext session.ctx --tcti=mssim
$ tpm2_nvdefine 0x1500017 -C o -s 32 -L authorized.policy -a "policyread|policywrite" --tcti=mssim
nv-index: 0x1500017
$ tpm2_verifysignature -c signing_key.ctx -g sha256 -m pcr.policy -s pcr.signature -t verification.tkt -f rsassa --tcti=mssim
$ tpm2_startauthsession --policy-session -S session.ctx --tcti=mssim
$ tpm2_policyauthorize -S session.ctx -L authorized.policy -i pcr.policy -n signing_key.name -t verification.tkt --tcti=mssim
WARNING:esys:src/tss2-esys/api/Esys_PolicyAuthorize.c:306:Esys_PolicyAuthorize_Finish() Received TPM Error
ERROR:esys:src/tss2-esys/api/Esys_PolicyAuthorize.c:108:Esys_PolicyAuthorize() Esys Finish ErrorCode (0x000001c4)
ERROR: Esys_PolicyAuthorize(0x1C4) - tpm:parameter(1):value is out of range or is not correct for the context
ERROR: Could not build tpm authorized policy
ERROR: Unable to run tpm2_policyauthorize
$ echo "nvpolicyauthorizetest" > nv.test_w
$ tpm2_nvwrite 0x1500017 -P"session:session.ctx" -i nv.test_w --tcti=mssim
WARNING:esys:src/tss2-esys/api/Esys_NV_Write.c:310:Esys_NV_Write_Finish() Received TPM Error
ERROR:esys:src/tss2-esys/api/Esys_NV_Write.c:110:Esys_NV_Write() Esys Finish ErrorCode (0x0000099d)
ERROR: Failed to write NV area at index 0x1500017
ERROR: Tss2_Sys_NV_Write(0x99D) - tpm:session(1):a policy check failed
ERROR: Unable to run tpm2_nvwrite
Thanks.
* Shirley
[-- Attachment #2: attachment.htm --]
[-- Type: text/html, Size: 16685 bytes --]
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2020-05-09 3:58 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-05-09 3:58 [tpm2] The script of evictcontrol failed during create ek and ak Zhao, Shirley
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.