Hi Bill, I have this on my system: Is tpmrm0 same as tabrmd? I believe mine is using this right now , i'm changing it to what you mentioned to see if it helps. [root(a)nfvis ~]# ls -l /dev/tpm* crw-rw----. 1 tss root 10, 224 Apr 8 23:19 /dev/tpm0 crw-rw----. 1 tss tss 254, 65536 Apr 8 23:19 /dev/tpmrm0 Thanks, Rahul On Fri, Apr 10, 2020 at 11:33 AM Roberts, William C < william.c.roberts(a)intel.com> wrote: > > > > -----Original Message----- > > From: Rahul Hardikar [mailto:rahulhardikar(a)gmail.com] > > Sent: Friday, April 10, 2020 1:08 PM > > To: Roberts, William C > > Cc: Desai, Imran ; tpm2(a)lists.01.org > > Subject: Re: [tpm2] Re: ESys_ActivateCredential > > > > Thanks Bill, trying that. > > I did not get debug build tpm2_tss, isn't it all prebuilt ? I will have > to see how to > > do it in poky. > > If you're getting it from a package manager, yes. But there's nothing > stopping you > from using source builds. Some distro's will package debug symbols for > their > packages. > > > > > On Fri, Apr 10, 2020 at 8:16 AM Roberts, William C < > william.c.roberts(a)intel.com > > > wrote: > > > > > > > > > > > -----Original Message----- > > > From: Rahul Hardikar [mailto:rahulhardikar(a)gmail.com > > ] > > > Sent: Thursday, April 9, 2020 2:51 PM > > > To: Roberts, William C > > > > > Cc: Desai, Imran > >; tpm2(a)lists.01.org > > > > > Subject: Re: [tpm2] Re: ESys_ActivateCredential > > > > > > Thanks Bill. I use this > > > Esys_Initialize( &ectx, NULL, NULL); > > > > > > so i'm assuming it would take the default > libtss2-tcti-tabrmd.so.0. > > > > This should do it for you: > > TSS2_RC > > Tss2_TctiLdr_Initialize (const char *nameConf, > > TSS2_TCTI_CONTEXT **context); > > > > Set nameConf to the string "tabrmd", that should give you a tcti > pointer > > you can > > pass wot Esys_Initialize() > > > > > > > > > > > If I need to debug Esys_ActivateCredential more, how can I do > it, these > > APIs are > > > no more standalone, I have integrated it in a bigger code base > and > > added the > > > esys-tss2 and other libs in my poky build, so now it runs as > different > > process that > > > invokes this function, I can gdb into the process but I can't > seem to gdb > > into > > > Esys_Activate..( ) > > > > Did you build tpm2-tss with debug symbols? > > Add --enable-debug > > > > > > > > > > > Thanks, > > > Rahul > > > > > > > > > > > > > > > On Thu, Apr 9, 2020 at 10:23 AM Roberts, William C > > > > > > > > wrote: > > > > > > > > > > -----Original Message----- > > > > From: Rahul Hardikar [mailto:rahulhardikar(a)gmail.com > > > > > > > > > ] > > > > Sent: Thursday, April 9, 2020 11:18 AM > > > > To: Desai, Imran > > > > > > > > > > Cc: tpm2(a)lists.01.org > > > > > > > Subject: [tpm2] Re: ESys_ActivateCredential > > > > > > > > How do I know if RM is being used? > > > > > > > > > If you set the tcti to the device tcti, it will open > /dev/tpm0 by > > default. And > > > that wont > > > Be an RM. You can also give it an option. > Esys_Initialize() takes a tcti > > as an > > > option, > > > NULL will cause it to use the default search behavior of > the > > Tss2_TctiLdr, > > > see: > > > > > > https://github.com/tpm2-software/tpm2- > > > tss/blob/master/man/Tss2_TctiLdr_Initialize.3.in > > > > > https://github.com/tpm2-software/tpm2- > > > tss/blob/master/man/Tss2_Tcti_Device_Init.3.in > > > > > https://github.com/tpm2-software/tpm2- > > tss/blob/master/man/tss2- > > > tcti-device.7.in > > > > > > You can use man locally if you prefer as well: > > > man 3 Tss2_TctiLdr_Initialize > > > man 7 tss2-tcti-device > > > man 3 Tss2_Tcti_Device_Init > > > > > > Note that https://github.com/tpm2-software/tpm2- > > > tss/blob/master/man/Tss2_Tcti_Device_Init.3.in > > > > > Has sample code in it. > > > > > > If you're using the tools, it supports explicitly choosing > the TCTI: > > > https://github.com/tpm2-software/tpm2- > > > tools/blob/master/man/common/tcti.md > > > > > > Also note that the /dev/tpmrm0 (Notice the RM) is an > in-kernel > > resource > > > manager. > > > > > > > > > > When I do ESys_Initialize, I see these WARNINGs, > wondering if it's > > okay > > > for multi- > > > > thread > > > > WARNING:esys:src/tss2- > > esys/esys_tcti_default.c:137:tcti_from_file() > > > Could not > > > > load TCTI file: libtss2-tcti-default.so < > http://libtss2-tcti- > > default.so/> > > > libtss2-tcti- > > > > default.so > > > > WARNING:esys:src/tss2- > > esys/esys_tcti_default.c:137:tcti_from_file() > > > Could not > > > > load TCTI file: libtss2-tcti-tabrmd.so < > http://libtss2-tcti- > > tabrmd.so/> > > > > > > > > In my single threaded process, everything works so > smoothly > > [root]# > > > ./tpm > > > > WARNING:esys:src/tss2- > > esys/esys_tcti_default.c:137:tcti_from_file() > > > Could not > > > > load TCTI file: libtss2-tcti-default.so < > http://libtss2-tcti- > > default.so/> > > > > WARNING:esys:src/tss2- > > esys/esys_tcti_default.c:137:tcti_from_file() > > > Could not > > > > load TCTI file: libtss2-tcti-tabrmd.so < > http://libtss2-tcti- > > tabrmd.so/> > > > ESYS > > > > Initialization: Pass > > > > > > > > Read TPM EK Certificate: Pass > > > > > > > > TPM EK Certificate Root-CA Verification: Pass > > > > > > > > Clear TPM State: Pass > > > > > > > > Created EK Primary object: Pass > > > > #####Handle 0x418368 > > > > > > > > Create Attestation Key: Pass > > > > #####Ak_Handle 0x41836b > > > > > > > > Original Credential="deadbeefdeadbeefdead" > > > > > > > > Make Credential: Pass > > > > #####Encrypted Credential > > > > > > > > > Blob="0020508e439bc6512d044bb8739e8d61c8ce3664d25f3572389b46c8797e562a > > > > 45c412864f020a7f1bbcab7a34f0" > > > > > > > > #####Encrypted > > > > > > > > > Secret="b70689bb0ed9fa8324cfa03d727e6c6795069b4f0943108409b89009b9cc76c > > > > > > > > > 76bddb31a5ccf34cfebc5d3fe715899bb725a8a3c8fe4a6046233869123f3e978051aec > > > > > > > > > e0d7af0ad6f85164a32fd2c5ad756e8c3b72f6311126de79a30c0d72aa0a6f3f437f6bc > > > > > > > > > 077c41d3cc6450c71e803ca6074d34ce3debf5114f4bac2fd7ee6a87ef9f07d83079477 > > > > > > > > > 5dda4f77e4620cbaf9aeb302040ee2a66a352b9fffaa5447c09a249bb22d9d989b7f14 > > > > > > > > > 06612a90b8d8bce6bb940fbfd1d50f31398403a2643c73bec336e6fcca46f29f9b6aa87 > > > > > > > > > fd11d53ec6f145d61b2a61dffc783ae2b2c66184435d633d0b5a420efa01748e39d687 > > > > e1eb9fcc1759c184972779bfc" > > > > > > > > Activating Credential: Pass > > > > #####Recovered Credential="deadbeefdeadbeefdead" > > > > > > > > [root]# > > > > > > > > > > > > > > > > On Wed, Apr 8, 2020 at 7:02 PM Rahul Hardikar > > > > > > > > > > > > > > > > > > wrote: > > > > > > > > > > > > Thanks guys, I'll try this but i also wanted to > know if there is a > > way to > > > > know if the TPM still has the EK and AK keys loaded? I > have the EK > > > handle and AK > > > > handle (not made it persistent) but I want to make sure > it's > > present as > > > these are > > > > necessary for ActivateCredential to succeed > > > > ESys_ActivateCredential complaining about secret > parameter > > > doesn't > > > > make sense to me, I tested on server side, ak_name is > same as > > that > > > sent and so is > > > > EK_PUB object as well as EK_Cert in nvram, I call the > same > > > > external_makecredential call that's in the GitHub to > create secret > > and > > > made sure > > > > secret,credblob matches on the client side when received > from > > server. > > > > > > > > Thanks, > > > > Rahul > > > > > > > > On Tue, Mar 17, 2020 at 6:19 AM Imran Desai > > > > > > > > > > imran.desai(a)intel.com> > > > > > > > > wrote: > > > > > > > > > > > > Set this up with all handles in use made > persistent. If you > > still see > > > > issues, gdb-break or turn on debug logging at the Esys > call and > > compare > > > the > > > > function arguments. > > > > > > _______________________________________________ > > > > tpm2 mailing list -- tpm2(a)lists.01.org > > > > > > > > > > > > > > > To unsubscribe send an email to > tpm2-leave(a)lists.01.org > > > > > > > > > > > tpm2-leave(a)lists.01.org> > > > > > > > > > %(web_page_url)slistinfo%(cgiext)s/%(_internal_name)s > > > > > > > > > > > > > > > >