[tpm2] TCTI initialization fails with error 0xc000b

[tpm2] TCTI initialization fails with error 0xc000b

[Moneeb Azhar]

[-- Attachment #1: Type: text/plain, Size: 909 bytes --]

Hi,

I am trying to setup a TPM development environment on ubuntu16.04 by following the installation wiki here: https://github.com/tpm2-software/tpm2-tools/wiki/Getting-Started#installing

Everything installs correctly but I get the following error:

$ sudo -u tss tpm2-abrmd --tcti=device
** (tpm2-abrmd:104197): WARNING **: failed to dlopen file device: device: cannot open shared object file: No such file or directory
** (tpm2-abrmd:104197): CRITICAL **: TCTI initialization failed: 0xc000b

systemctl  show me the following:
$ sudo systemctl status tpm2-abrmd.service
● tpm2-abrmd.service - TPM2 Access Broker and Resource Management Daemon
   Loaded: loaded (/lib/systemd/system/tpm2-abrmd.service; enabled; vendor preset: enabl
   Active: inactive (dead)

How would I go about figuring out what is wrong? I am new to this so any help would be highly appreciated.

Regards,
Moneeb

[-- Attachment #2: attachment.html --]
[-- Type: text/html, Size: 1851 bytes --]

Re: [tpm2] TCTI initialization fails with error 0xc000b

[Philip Tricca]

[-- Attachment #1: Type: text/plain, Size: 9670 bytes --]

On Fri, Feb 23, 2018 at 05:23:04PM +0000, Roberts, William C wrote:
> 
> 
> > -----Original Message-----
> > From: tpm2 [mailto:tpm2-bounces(a)lists.01.org] On Behalf Of Anderson, Daniel
> > Sent: Thursday, February 22, 2018 2:14 PM
> > To: Javier Martinez Canillas <javierm(a)redhat.com>; tpm2(a)lists.01.org
> > Subject: Re: [tpm2] TCTI initialization fails with error 0xc000b
> > 
> > I finally got tpm2_tools talking to tpm2.
> > 
> > The remaining tpm2-abrmd problems:
> > 
> > 1. To use the simulator, you do *NOT* use: tpm2-abrmd --tcti socket This worked
> > for me: tpm2-abrmd --tcti=socket (it is mentioned in an example in the tpm2-
> > abrmd(8) man page, although not mentioned that it's for the simulator).
> 
> Yeah the socket tcti is a terrible name. It's specific to the simulator.

I made an 'issue' for this 5 months back:

https://github.com/tpm2-software/tpm2-tss/issues/556

It's on the 2.0 task list and will likely be the last part of the TCTI
related PRs I've been pumping out.

Having someone walk through the documentation and organize some data w/r
to what we're missing and what we need to add would be helpful. Seems
like Dan's recent airing of greviences make him imminently qualified
for the job :)

> > 2. Also, I had to su to tss to start it (another non-root user or root user does not
> > work).
> 
> This is dbus. There's a few ways to do this, I think the easiest is to launch it on
> a session bus via dbus-launch:
> https://dbus.freedesktop.org/doc/dbus-launch.1.html

There are a few things at play here. On the master branch the daemon
will refuse to run as the root user. This was a feature requested &
implemented by Matthias @ Suse. It can be overriden on the command line
as documented in the appropriate man page:
https://github.com/tpm2-software/tpm2-abrmd/blob/master/man/tpm2-abrmd.8.in#L42

> dbus-launch tpm2-abrmd --tcti=libtcti-socket.so

`dbus-launch` should only be necessary if you're on a system that
doesn't have a session bus setup for your user. This is the case for
remote / ssh logins but every graphical login I've ever seen creates a
session bus for the user @ login. We use `dbus-launch` heavily for
testing on travis so that we can run the daemon as an unprivileged
(and unknown) user running the build in a container and in parallel:

https://github.com/tpm2-software/tpm2-abrmd/blob/master/.travis.yml#L89

But the ability to run the daemon on the session bus was only added for
testing purposes and the common use case should be installing the dbus
config to the distro-appropriate location and having systemd run the
daemon on the system bus.

> The other way is to use the system bus, that config file
> For abrmd on Ubuntu gets installed to:
> /etc/dbus-1/system.d/tpm2-abrmd.conf

This is the "right" (and default) way to run the daemon in the most
common configuration (being started on boot by systemd, or on demand by
dbus). Getting the source build to install the file there takes a bit of
autotools knowledge but it's all documented by the upstream GNU project:
https://www.gnu.org/prep/standards/html_node/Directory-Variables.html

> You can either use the tss user that is defined (you need to create this)
> And then run abrmd as the tss user, or hack that confide and allow
> your current user to do it:
> I added this to bus config:
>   <policy user="wcrobert">
>     <allow own="com.intel.tss2.Tabrmd"/>
>   </policy>

Not the hack I'd suggest but it gets the job done :)

> Abrmd init also has options for bus-type, not sure offhand how to invoke it.

The configuration options for the TCTI have bitrotted a bit
unfortunately in the run up to the 2.0 release from the tpm2-tss repo.
I've made a few tickets for this:

https://github.com/tpm2-software/tpm2-abrmd/issues/340
https://github.com/tpm2-software/tpm2-abrmd/issues/341

and would gladly take patches to help bring the docs up to speed. The
existing initialization functions are documented here:
https://github.com/tpm2-software/tpm2-abrmd/blob/master/man/tss2_tcti_tabrmd_init.3.in

Also worth noting that I've been pushing a bunch of cleanup /
refactoring patches to the TCTIs this week. Part of this has been
improving the debug output from these libraries so be sure to dial
up the logging to get yourself more data for bug reports / github
issues.

We can add a wiki page with debugging strategies to our documentation
wish list too.

Philip

> > $ tpm2-tools/tools/tpm2_getrandom 8
> > 0x6F 0xA7 0xE0 0x28 0x98 0x33 0x62 0x78
> > 
> > -----Original Message-----
> > From: Anderson, Daniel
> > Sent: Thursday, February 22, 2018 9:18 AM
> > To: 'Javier Martinez Canillas' <javierm(a)redhat.com>; tpm2(a)lists.01.org
> > Subject: RE: [tpm2] TCTI initialization fails with error 0xc000b
> > 
> > Javier,
> > Thanks for your reply--it is really useful as there are multiple undocumented
> > options I need to use.  I am using MS Outlook which is lame for inline replies,  so
> > I'll manually mark it with "dan> "
> > 
> > Dan
> > 
> > -----Original Message-----
> > From: Javier Martinez Canillas [mailto:javierm(a)redhat.com]
> > Sent: Thursday, February 22, 2018 8:52 AM
> > To: Anderson, Daniel <daniel.anderson(a)intel.com>; tpm2(a)lists.01.org
> > Subject: Re: [tpm2] TCTI initialization fails with error 0xc000b
> > 
> > Hello Dan,
> > 
> > On 02/22/2018 05:01 PM, Anderson, Daniel wrote:
> > > Javier,
> > > Thanks!
> > >
> > > The version is the latest source as of the message--I pulled the latest source
> > and rebuilt several times.
> > 
> > Ok, I'm also building today's master branch for all projects.
> > 
> > > I will try again today and see if there has been a fix in the past week.
> > > There is no /dev/tpm--I am using the simulator and specify that in the options.
> > 
> > I didn't see the option specified in the command you shared in this thread.
> > You have to run with tpm2-abrmd --tcti socket.
> > 
> > dan> OK. That may be the missing option.  The "tpm2-abrmd --tcti socket" option
> > is not mentioned anywhere in dan> the INSTALL.md or README.md files.
> > dan> I found a tpm2-abrmd man page with several examples, but it doesn't
> > mention which one to use for the dan> simulator.
> > 
> > dan> Also, since tpm2-abrmd is started automatically by systemd, apparently,
> > how does one add this option dan> (whatever the correct syntax) to the system
> > configuration?
> > 
> > 
> > > There may be another option or setting that I am missing though.
> > > Here is what I build with:
> > >
> > > For tpm2-tss:
> > > configure --enable-unit
> > >         --with-simulatorbin=$TPM_SERVER
> > 
> > Only these are valid options for tpm2-tss, from here are tpm2-abrmd options:
> > 
> > >         --with-dbuspolicydir=/etc/dbus-1/system.d
> > >         --with-systemdsystemunitdir=/lib/systemd/system
> > >         --with-systemdpresetdir=/lib/systemd/system-preset
> > >         --with-udevrulesdir=/etc/udev/rules.d
> > >         --with-sysdefaultdir=/etc/default
> > >         --with-dbusdatadir=/usr/share/dbus-1/system-services
> > >
> > > For tpm2-abrmd:
> > > configure --enable-unit
> > > --with-simulatorbin=$HOME/tpm/simulator/src/tpm_server
> > >
> > 
> > As mentioned, you either got the configure options mixed up or are using it
> > wrong.
> > 
> > There are my configure options for tpm2-tss, tpm2-abrmd and tpm2-tools:
> > 
> > tpm2-tss:
> > 
> > $ ./configure --prefix=/usr
> > 
> > tpm2-abrmd:
> > 
> > $ ./configure --with-dbuspolicydir=/etc/dbus-1/system.d --with-
> > udevrulesdir=/usr/lib/udev/rules.d --with-
> > systemdsystemunitdir=/usr/lib/systemd/system --libdir=/usr/lib64
> > 
> > dan> This is useful. The systemdsystemunitdir (not mentioned in the README or
> > INSTALL) should help.
> > 
> > tpm2-tools
> > 
> > $ ./configure --prefix=/usr
> > 
> > > I cannot believe that anyone has tpm2-abrmd working without special hand-
> > copied fixes. The com.intel.tss2.tabrmd.service for example is not installed in
> > /usr/share/dbus-1/system-services/ but in /usr/local/share/dbus-1/system-
> > services/.
> > >
> > 
> > I think this is because you didn't specify a correct --with-dbuspolicydir as
> > mentioned before. Another thing that you have to keep in mind, is that the
> > default D-Bus config only allows the tss and root user to acquire the
> > com.intel.tss2.Tabrmd D-Bus well-known name.
> > 
> > So after installing latest master with these configure options, I just do:
> > 
> > $ ./tpm_server
> > 
> > $ sudo -u tss /usr/local/sbin/tpm2-abrmd --tcti socket
> > 
> > dan> so you do not use system to start tpm2-abrmd.
> > 
> > $ tpm2_pcrlist -L sha1:0 -T abrmd
> > sha1:
> >   0 : 0x0000000000000000000000000000000000000003
> > 
> > And using the device TCTI also works for me:
> > 
> > $ sudo -u tss /usr/local/sbin/tpm2-abrmd --tcti device
> > 
> > dan> neither tpm2-abrmd --tcti socket or tpm2-abrmd --tcti device is mentioned
> > in the README.md, INSTALL.md, or tpm2-abrmd(8) man page, so I'll add those.
> > 
> > $ tpm2_pcrlist -L sha1:0 -T abrmd
> > sha1:
> >   0 : 0xC72EC9E6CBC2B6A95F334DDDD6513981DA00F0C2
> > 
> > Best regards,
> > --
> > Javier Martinez Canillas
> > Software Engineer - Desktop Hardware Enablement Red Hat
> > _______________________________________________
> > tpm2 mailing list
> > tpm2(a)lists.01.org
> > https://lists.01.org/mailman/listinfo/tpm2
> _______________________________________________
> tpm2 mailing list
> tpm2(a)lists.01.org
> https://lists.01.org/mailman/listinfo/tpm2

Re: [tpm2] TCTI initialization fails with error 0xc000b

[Roberts, William C]

[-- Attachment #1: Type: text/plain, Size: 6316 bytes --]



> -----Original Message-----
> From: tpm2 [mailto:tpm2-bounces(a)lists.01.org] On Behalf Of Anderson, Daniel
> Sent: Thursday, February 22, 2018 2:14 PM
> To: Javier Martinez Canillas <javierm(a)redhat.com>; tpm2(a)lists.01.org
> Subject: Re: [tpm2] TCTI initialization fails with error 0xc000b
> 
> I finally got tpm2_tools talking to tpm2.
> 
> The remaining tpm2-abrmd problems:
> 
> 1. To use the simulator, you do *NOT* use: tpm2-abrmd --tcti socket This worked
> for me: tpm2-abrmd --tcti=socket (it is mentioned in an example in the tpm2-
> abrmd(8) man page, although not mentioned that it's for the simulator).

Yeah the socket tcti is a terrible name. It's specific to the simulator.

> 
> 2. Also, I had to su to tss to start it (another non-root user or root user does not
> work).

This is dbus. There's a few ways to do this, I think the easiest is to launch it on
a session bus via dbus-launch:
https://dbus.freedesktop.org/doc/dbus-launch.1.html

dbus-launch tpm2-abrmd --tcti=libtcti-socket.so

The other way is to use the system bus, that config file
For abrmd on Ubuntu gets installed to:
/etc/dbus-1/system.d/tpm2-abrmd.conf

You can either use the tss user that is defined (you need to create this)
And then run abrmd as the tss user, or hack that confide and allow
your current user to do it:
I added this to bus config:
  <policy user="wcrobert">
    <allow own="com.intel.tss2.Tabrmd"/>
  </policy>

Abrmd init also has options for bus-type, not sure offhand how to invoke it.

> 
> $ tpm2-tools/tools/tpm2_getrandom 8
> 0x6F 0xA7 0xE0 0x28 0x98 0x33 0x62 0x78
> 
> -----Original Message-----
> From: Anderson, Daniel
> Sent: Thursday, February 22, 2018 9:18 AM
> To: 'Javier Martinez Canillas' <javierm(a)redhat.com>; tpm2(a)lists.01.org
> Subject: RE: [tpm2] TCTI initialization fails with error 0xc000b
> 
> Javier,
> Thanks for your reply--it is really useful as there are multiple undocumented
> options I need to use.  I am using MS Outlook which is lame for inline replies,  so
> I'll manually mark it with "dan> "
> 
> Dan
> 
> -----Original Message-----
> From: Javier Martinez Canillas [mailto:javierm(a)redhat.com]
> Sent: Thursday, February 22, 2018 8:52 AM
> To: Anderson, Daniel <daniel.anderson(a)intel.com>; tpm2(a)lists.01.org
> Subject: Re: [tpm2] TCTI initialization fails with error 0xc000b
> 
> Hello Dan,
> 
> On 02/22/2018 05:01 PM, Anderson, Daniel wrote:
> > Javier,
> > Thanks!
> >
> > The version is the latest source as of the message--I pulled the latest source
> and rebuilt several times.
> 
> Ok, I'm also building today's master branch for all projects.
> 
> > I will try again today and see if there has been a fix in the past week.
> > There is no /dev/tpm--I am using the simulator and specify that in the options.
> 
> I didn't see the option specified in the command you shared in this thread.
> You have to run with tpm2-abrmd --tcti socket.
> 
> dan> OK. That may be the missing option.  The "tpm2-abrmd --tcti socket" option
> is not mentioned anywhere in dan> the INSTALL.md or README.md files.
> dan> I found a tpm2-abrmd man page with several examples, but it doesn't
> mention which one to use for the dan> simulator.
> 
> dan> Also, since tpm2-abrmd is started automatically by systemd, apparently,
> how does one add this option dan> (whatever the correct syntax) to the system
> configuration?
> 
> 
> > There may be another option or setting that I am missing though.
> > Here is what I build with:
> >
> > For tpm2-tss:
> > configure --enable-unit
> >         --with-simulatorbin=$TPM_SERVER
> 
> Only these are valid options for tpm2-tss, from here are tpm2-abrmd options:
> 
> >         --with-dbuspolicydir=/etc/dbus-1/system.d
> >         --with-systemdsystemunitdir=/lib/systemd/system
> >         --with-systemdpresetdir=/lib/systemd/system-preset
> >         --with-udevrulesdir=/etc/udev/rules.d
> >         --with-sysdefaultdir=/etc/default
> >         --with-dbusdatadir=/usr/share/dbus-1/system-services
> >
> > For tpm2-abrmd:
> > configure --enable-unit
> > --with-simulatorbin=$HOME/tpm/simulator/src/tpm_server
> >
> 
> As mentioned, you either got the configure options mixed up or are using it
> wrong.
> 
> There are my configure options for tpm2-tss, tpm2-abrmd and tpm2-tools:
> 
> tpm2-tss:
> 
> $ ./configure --prefix=/usr
> 
> tpm2-abrmd:
> 
> $ ./configure --with-dbuspolicydir=/etc/dbus-1/system.d --with-
> udevrulesdir=/usr/lib/udev/rules.d --with-
> systemdsystemunitdir=/usr/lib/systemd/system --libdir=/usr/lib64
> 
> dan> This is useful. The systemdsystemunitdir (not mentioned in the README or
> INSTALL) should help.
> 
> tpm2-tools
> 
> $ ./configure --prefix=/usr
> 
> > I cannot believe that anyone has tpm2-abrmd working without special hand-
> copied fixes. The com.intel.tss2.tabrmd.service for example is not installed in
> /usr/share/dbus-1/system-services/ but in /usr/local/share/dbus-1/system-
> services/.
> >
> 
> I think this is because you didn't specify a correct --with-dbuspolicydir as
> mentioned before. Another thing that you have to keep in mind, is that the
> default D-Bus config only allows the tss and root user to acquire the
> com.intel.tss2.Tabrmd D-Bus well-known name.
> 
> So after installing latest master with these configure options, I just do:
> 
> $ ./tpm_server
> 
> $ sudo -u tss /usr/local/sbin/tpm2-abrmd --tcti socket
> 
> dan> so you do not use system to start tpm2-abrmd.
> 
> $ tpm2_pcrlist -L sha1:0 -T abrmd
> sha1:
>   0 : 0x0000000000000000000000000000000000000003
> 
> And using the device TCTI also works for me:
> 
> $ sudo -u tss /usr/local/sbin/tpm2-abrmd --tcti device
> 
> dan> neither tpm2-abrmd --tcti socket or tpm2-abrmd --tcti device is mentioned
> in the README.md, INSTALL.md, or tpm2-abrmd(8) man page, so I'll add those.
> 
> $ tpm2_pcrlist -L sha1:0 -T abrmd
> sha1:
>   0 : 0xC72EC9E6CBC2B6A95F334DDDD6513981DA00F0C2
> 
> Best regards,
> --
> Javier Martinez Canillas
> Software Engineer - Desktop Hardware Enablement Red Hat
> _______________________________________________
> tpm2 mailing list
> tpm2(a)lists.01.org
> https://lists.01.org/mailman/listinfo/tpm2

Re: [tpm2] TCTI initialization fails with error 0xc000b

[Anderson, Daniel]

[-- Attachment #1: Type: text/plain, Size: 4859 bytes --]

I finally got tpm2_tools talking to tpm2.

The remaining tpm2-abrmd problems:

1. To use the simulator, you do *NOT* use: tpm2-abrmd --tcti socket
This worked for me: tpm2-abrmd --tcti=socket
(it is mentioned in an example in the tpm2-abrmd(8) man page, although not mentioned that it's for the simulator).

2. Also, I had to su to tss to start it (another non-root user or root user does not work).

$ tpm2-tools/tools/tpm2_getrandom 8
0x6F 0xA7 0xE0 0x28 0x98 0x33 0x62 0x78

-----Original Message-----
From: Anderson, Daniel 
Sent: Thursday, February 22, 2018 9:18 AM
To: 'Javier Martinez Canillas' <javierm(a)redhat.com>; tpm2(a)lists.01.org
Subject: RE: [tpm2] TCTI initialization fails with error 0xc000b

Javier,
Thanks for your reply--it is really useful as there are multiple undocumented options I need to use.  I am using MS Outlook which is lame for inline replies,  so I'll manually mark it with "dan> "

Dan

-----Original Message-----
From: Javier Martinez Canillas [mailto:javierm(a)redhat.com] 
Sent: Thursday, February 22, 2018 8:52 AM
To: Anderson, Daniel <daniel.anderson(a)intel.com>; tpm2(a)lists.01.org
Subject: Re: [tpm2] TCTI initialization fails with error 0xc000b

Hello Dan,

On 02/22/2018 05:01 PM, Anderson, Daniel wrote:
> Javier,
> Thanks!
> 
> The version is the latest source as of the message--I pulled the latest source and rebuilt several times.

Ok, I'm also building today's master branch for all projects.

> I will try again today and see if there has been a fix in the past week.
> There is no /dev/tpm--I am using the simulator and specify that in the options.

I didn't see the option specified in the command you shared in this thread.
You have to run with tpm2-abrmd --tcti socket.

dan> OK. That may be the missing option.  The "tpm2-abrmd --tcti socket" option is not mentioned anywhere in dan> the INSTALL.md or README.md files.  
dan> I found a tpm2-abrmd man page with several examples, but it doesn't mention which one to use for the dan> simulator.

dan> Also, since tpm2-abrmd is started automatically by systemd, apparently, how does one add this option dan> (whatever the correct syntax) to the system configuration?


> There may be another option or setting that I am missing though.
> Here is what I build with:
> 
> For tpm2-tss:
> configure --enable-unit
>         --with-simulatorbin=$TPM_SERVER

Only these are valid options for tpm2-tss, from here are tpm2-abrmd options:

>         --with-dbuspolicydir=/etc/dbus-1/system.d
>         --with-systemdsystemunitdir=/lib/systemd/system
>         --with-systemdpresetdir=/lib/systemd/system-preset
>         --with-udevrulesdir=/etc/udev/rules.d
>         --with-sysdefaultdir=/etc/default
>         --with-dbusdatadir=/usr/share/dbus-1/system-services
>
> For tpm2-abrmd:
> configure --enable-unit 
> --with-simulatorbin=$HOME/tpm/simulator/src/tpm_server
>

As mentioned, you either got the configure options mixed up or are using it wrong.

There are my configure options for tpm2-tss, tpm2-abrmd and tpm2-tools:

tpm2-tss:

$ ./configure --prefix=/usr

tpm2-abrmd:

$ ./configure --with-dbuspolicydir=/etc/dbus-1/system.d --with-udevrulesdir=/usr/lib/udev/rules.d --with-systemdsystemunitdir=/usr/lib/systemd/system --libdir=/usr/lib64

dan> This is useful. The systemdsystemunitdir (not mentioned in the README or INSTALL) should help.

tpm2-tools

$ ./configure --prefix=/usr

> I cannot believe that anyone has tpm2-abrmd working without special hand-copied fixes. The com.intel.tss2.tabrmd.service for example is not installed in /usr/share/dbus-1/system-services/ but in /usr/local/share/dbus-1/system-services/.
>

I think this is because you didn't specify a correct --with-dbuspolicydir as mentioned before. Another thing that you have to keep in mind, is that the default D-Bus config only allows the tss and root user to acquire the com.intel.tss2.Tabrmd D-Bus well-known name.

So after installing latest master with these configure options, I just do:

$ ./tpm_server

$ sudo -u tss /usr/local/sbin/tpm2-abrmd --tcti socket

dan> so you do not use system to start tpm2-abrmd.

$ tpm2_pcrlist -L sha1:0 -T abrmd                           
sha1:                      
  0 : 0x0000000000000000000000000000000000000003

And using the device TCTI also works for me:

$ sudo -u tss /usr/local/sbin/tpm2-abrmd --tcti device

dan> neither tpm2-abrmd --tcti socket or tpm2-abrmd --tcti device is mentioned in the README.md, INSTALL.md, or tpm2-abrmd(8) man page, so I'll add those.

$ tpm2_pcrlist -L sha1:0 -T abrmd                           
sha1:                      
  0 : 0xC72EC9E6CBC2B6A95F334DDDD6513981DA00F0C2

Best regards,
--
Javier Martinez Canillas
Software Engineer - Desktop Hardware Enablement Red Hat

Re: [tpm2] TCTI initialization fails with error 0xc000b

[Javier Martinez Canillas]

[-- Attachment #1: Type: text/plain, Size: 5045 bytes --]

Hi Dan,

On 02/22/2018 06:17 PM, Anderson, Daniel wrote:
> Javier,
> Thanks for your reply--it is really useful as there are multiple undocumented options I need to use.  I am using MS Outlook which is lame for inline replies,  so I'll manually mark it with "dan> "
> 

No worries.

> Dan
> 
> -----Original Message-----
> From: Javier Martinez Canillas [mailto:javierm(a)redhat.com] 
> Sent: Thursday, February 22, 2018 8:52 AM
> To: Anderson, Daniel <daniel.anderson(a)intel.com>; tpm2(a)lists.01.org
> Subject: Re: [tpm2] TCTI initialization fails with error 0xc000b
> 
> Hello Dan,
> 
> On 02/22/2018 05:01 PM, Anderson, Daniel wrote:
>> Javier,
>> Thanks!
>>
>> The version is the latest source as of the message--I pulled the latest source and rebuilt several times.
> 
> Ok, I'm also building today's master branch for all projects.
> 
>> I will try again today and see if there has been a fix in the past week.
>> There is no /dev/tpm--I am using the simulator and specify that in the options.
> 
> I didn't see the option specified in the command you shared in this thread.
> You have to run with tpm2-abrmd --tcti socket.
> 
> dan> OK. That may be the missing option.  The "tpm2-abrmd --tcti socket" option is not mentioned anywhere in dan> the INSTALL.md or README.md files.  
> dan> I found a tpm2-abrmd man page with several examples, but it doesn't mention which one to use for the dan> simulator.
> 

Yeah, the master branches are a moving target and sometimes the docs fall behind.
I didn't pay attention to the project for a couple of weeks and I also needed to
catch up since all the TCTI options handling changed :)

> dan> Also, since tpm2-abrmd is started automatically by systemd, apparently, how does one add this option dan> (whatever the correct syntax) to the system configuration?
>

Well, by adding the option to the command set in the ExecStart in the systemd
tpm2-abrmd.service unit file. The default is to use the device TCTI, which is
reasonable because that what most users will do. The socket TCTI is only used
for development purposes or to test if you don't have a real TPM2 device.

> 
>> There may be another option or setting that I am missing though.
>> Here is what I build with:
>>
>> For tpm2-tss:
>> configure --enable-unit
>>         --with-simulatorbin=$TPM_SERVER
> 
> Only these are valid options for tpm2-tss, from here are tpm2-abrmd options:
> 
>>         --with-dbuspolicydir=/etc/dbus-1/system.d
>>         --with-systemdsystemunitdir=/lib/systemd/system
>>         --with-systemdpresetdir=/lib/systemd/system-preset
>>         --with-udevrulesdir=/etc/udev/rules.d
>>         --with-sysdefaultdir=/etc/default
>>         --with-dbusdatadir=/usr/share/dbus-1/system-services
>>
>> For tpm2-abrmd:
>> configure --enable-unit 
>> --with-simulatorbin=$HOME/tpm/simulator/src/tpm_server
>>
> 
> As mentioned, you either got the configure options mixed up or are using it wrong.
> 
> There are my configure options for tpm2-tss, tpm2-abrmd and tpm2-tools:
> 
> tpm2-tss:
> 
> $ ./configure --prefix=/usr
> 
> tpm2-abrmd:
> 
> $ ./configure --with-dbuspolicydir=/etc/dbus-1/system.d --with-udevrulesdir=/usr/lib/udev/rules.d --with-systemdsystemunitdir=/usr/lib/systemd/system --libdir=/usr/lib64
> 
> dan> This is useful. The systemdsystemunitdir (not mentioned in the README or INSTALL) should help.
>

Right, ./configure --help list them though.

> tpm2-tools
> 
> $ ./configure --prefix=/usr
> 
>> I cannot believe that anyone has tpm2-abrmd working without special hand-copied fixes. The com.intel.tss2.tabrmd.service for example is not installed in /usr/share/dbus-1/system-services/ but in /usr/local/share/dbus-1/system-services/.
>>
> 
> I think this is because you didn't specify a correct --with-dbuspolicydir as mentioned before. Another thing that you have to keep in mind, is that the default D-Bus config only allows the tss and root user to acquire the com.intel.tss2.Tabrmd D-Bus well-known name.
> 
> So after installing latest master with these configure options, I just do:
> 
> $ ./tpm_server
> 
> $ sudo -u tss /usr/local/sbin/tpm2-abrmd --tcti socket
> 
> dan> so you do not use system to start tpm2-abrmd.
>

No, in fact I don't use the tpm2-abrmd at all but instead use the resource
manager that's in the kernel exposed as /dev/tpmrm0. So I just use the dev
TCTI directly from the tpm2-tools.

> $ tpm2_pcrlist -L sha1:0 -T abrmd                           
> sha1:                      
>   0 : 0x0000000000000000000000000000000000000003
> 
> And using the device TCTI also works for me:
> 
> $ sudo -u tss /usr/local/sbin/tpm2-abrmd --tcti device
> 
> dan> neither tpm2-abrmd --tcti socket or tpm2-abrmd --tcti device is mentioned in the README.md, INSTALL.md, or tpm2-abrmd(8) man page, so I'll add those.
>

I see, that should be fixed then.

Best regards,
-- 
Javier Martinez Canillas
Software Engineer - Desktop Hardware Enablement
Red Hat

Re: [tpm2] TCTI initialization fails with error 0xc000b

[Anderson, Daniel]

[-- Attachment #1: Type: text/plain, Size: 4128 bytes --]

Javier,
Thanks for your reply--it is really useful as there are multiple undocumented options I need to use.  I am using MS Outlook which is lame for inline replies,  so I'll manually mark it with "dan> "

Dan

-----Original Message-----
From: Javier Martinez Canillas [mailto:javierm(a)redhat.com] 
Sent: Thursday, February 22, 2018 8:52 AM
To: Anderson, Daniel <daniel.anderson(a)intel.com>; tpm2(a)lists.01.org
Subject: Re: [tpm2] TCTI initialization fails with error 0xc000b

Hello Dan,

On 02/22/2018 05:01 PM, Anderson, Daniel wrote:
> Javier,
> Thanks!
> 
> The version is the latest source as of the message--I pulled the latest source and rebuilt several times.

Ok, I'm also building today's master branch for all projects.

> I will try again today and see if there has been a fix in the past week.
> There is no /dev/tpm--I am using the simulator and specify that in the options.

I didn't see the option specified in the command you shared in this thread.
You have to run with tpm2-abrmd --tcti socket.

dan> OK. That may be the missing option.  The "tpm2-abrmd --tcti socket" option is not mentioned anywhere in dan> the INSTALL.md or README.md files.  
dan> I found a tpm2-abrmd man page with several examples, but it doesn't mention which one to use for the dan> simulator.

dan> Also, since tpm2-abrmd is started automatically by systemd, apparently, how does one add this option dan> (whatever the correct syntax) to the system configuration?


> There may be another option or setting that I am missing though.
> Here is what I build with:
> 
> For tpm2-tss:
> configure --enable-unit
>         --with-simulatorbin=$TPM_SERVER

Only these are valid options for tpm2-tss, from here are tpm2-abrmd options:

>         --with-dbuspolicydir=/etc/dbus-1/system.d
>         --with-systemdsystemunitdir=/lib/systemd/system
>         --with-systemdpresetdir=/lib/systemd/system-preset
>         --with-udevrulesdir=/etc/udev/rules.d
>         --with-sysdefaultdir=/etc/default
>         --with-dbusdatadir=/usr/share/dbus-1/system-services
>
> For tpm2-abrmd:
> configure --enable-unit 
> --with-simulatorbin=$HOME/tpm/simulator/src/tpm_server
>

As mentioned, you either got the configure options mixed up or are using it wrong.

There are my configure options for tpm2-tss, tpm2-abrmd and tpm2-tools:

tpm2-tss:

$ ./configure --prefix=/usr

tpm2-abrmd:

$ ./configure --with-dbuspolicydir=/etc/dbus-1/system.d --with-udevrulesdir=/usr/lib/udev/rules.d --with-systemdsystemunitdir=/usr/lib/systemd/system --libdir=/usr/lib64

dan> This is useful. The systemdsystemunitdir (not mentioned in the README or INSTALL) should help.

tpm2-tools

$ ./configure --prefix=/usr

> I cannot believe that anyone has tpm2-abrmd working without special hand-copied fixes. The com.intel.tss2.tabrmd.service for example is not installed in /usr/share/dbus-1/system-services/ but in /usr/local/share/dbus-1/system-services/.
>

I think this is because you didn't specify a correct --with-dbuspolicydir as mentioned before. Another thing that you have to keep in mind, is that the default D-Bus config only allows the tss and root user to acquire the com.intel.tss2.Tabrmd D-Bus well-known name.

So after installing latest master with these configure options, I just do:

$ ./tpm_server

$ sudo -u tss /usr/local/sbin/tpm2-abrmd --tcti socket

dan> so you do not use system to start tpm2-abrmd.

$ tpm2_pcrlist -L sha1:0 -T abrmd                           
sha1:                      
  0 : 0x0000000000000000000000000000000000000003

And using the device TCTI also works for me:

$ sudo -u tss /usr/local/sbin/tpm2-abrmd --tcti device

dan> neither tpm2-abrmd --tcti socket or tpm2-abrmd --tcti device is mentioned in the README.md, INSTALL.md, or tpm2-abrmd(8) man page, so I'll add those.

$ tpm2_pcrlist -L sha1:0 -T abrmd                           
sha1:                      
  0 : 0xC72EC9E6CBC2B6A95F334DDDD6513981DA00F0C2

Best regards,
--
Javier Martinez Canillas
Software Engineer - Desktop Hardware Enablement Red Hat

Re: [tpm2] TCTI initialization fails with error 0xc000b

[Javier Martinez Canillas]

[-- Attachment #1: Type: text/plain, Size: 2871 bytes --]

Hello Dan,

On 02/22/2018 05:01 PM, Anderson, Daniel wrote:
> Javier,
> Thanks!
> 
> The version is the latest source as of the message--I pulled the latest source and rebuilt several times.

Ok, I'm also building today's master branch for all projects.

> I will try again today and see if there has been a fix in the past week.
> There is no /dev/tpm--I am using the simulator and specify that in the options.

I didn't see the option specified in the command you shared in this thread.
You have to run with tpm2-abrmd --tcti socket.

> There may be another option or setting that I am missing though.
> Here is what I build with:
> 
> For tpm2-tss:
> configure --enable-unit
>         --with-simulatorbin=$TPM_SERVER

Only these are valid options for tpm2-tss, from here are tpm2-abrmd options:

>         --with-dbuspolicydir=/etc/dbus-1/system.d
>         --with-systemdsystemunitdir=/lib/systemd/system
>         --with-systemdpresetdir=/lib/systemd/system-preset
>         --with-udevrulesdir=/etc/udev/rules.d
>         --with-sysdefaultdir=/etc/default
>         --with-dbusdatadir=/usr/share/dbus-1/system-services
>
> For tpm2-abrmd:
> configure --enable-unit --with-simulatorbin=$HOME/tpm/simulator/src/tpm_server
>

As mentioned, you either got the configure options mixed up or are using it wrong.

There are my configure options for tpm2-tss, tpm2-abrmd and tpm2-tools:

tpm2-tss:

$ ./configure --prefix=/usr

tpm2-abrmd:

$ ./configure --with-dbuspolicydir=/etc/dbus-1/system.d --with-udevrulesdir=/usr/lib/udev/rules.d --with-systemdsystemunitdir=/usr/lib/systemd/system --libdir=/usr/lib64

tpm2-tools

$ ./configure --prefix=/usr

> I cannot believe that anyone has tpm2-abrmd working without special hand-copied fixes. The com.intel.tss2.tabrmd.service for example is not installed in /usr/share/dbus-1/system-services/ but in /usr/local/share/dbus-1/system-services/.
>

I think this is because you didn't specify a correct --with-dbuspolicydir
as mentioned before. Another thing that you have to keep in mind, is that
the default D-Bus config only allows the tss and root user to acquire the
com.intel.tss2.Tabrmd D-Bus well-known name.

So after installing latest master with these configure options, I just do:

$ ./tpm_server

$ sudo -u tss /usr/local/sbin/tpm2-abrmd --tcti socket

$ tpm2_pcrlist -L sha1:0 -T abrmd                           
sha1:                      
  0 : 0x0000000000000000000000000000000000000003

And using the device TCTI also works for me:

$ sudo -u tss /usr/local/sbin/tpm2-abrmd --tcti device

$ tpm2_pcrlist -L sha1:0 -T abrmd                           
sha1:                      
  0 : 0xC72EC9E6CBC2B6A95F334DDDD6513981DA00F0C2

Best regards,
-- 
Javier Martinez Canillas
Software Engineer - Desktop Hardware Enablement
Red Hat

Re: [tpm2] TCTI initialization fails with error 0xc000b

[Anderson, Daniel]

[-- Attachment #1: Type: text/plain, Size: 3333 bytes --]

Javier,
Thanks!

The version is the latest source as of the message--I pulled the latest source and rebuilt several times.
I will try again today and see if there has been a fix in the past week.
There is no /dev/tpm--I am using the simulator and specify that in the options.
There may be another option or setting that I am missing though.
Here is what I build with:

For tpm2-tss:
configure --enable-unit
        --with-simulatorbin=$TPM_SERVER
        --with-dbuspolicydir=/etc/dbus-1/system.d
        --with-systemdsystemunitdir=/lib/systemd/system
        --with-systemdpresetdir=/lib/systemd/system-preset
        --with-udevrulesdir=/etc/udev/rules.d
        --with-sysdefaultdir=/etc/default
        --with-dbusdatadir=/usr/share/dbus-1/system-services

For tpm2-abrmd:
configure --enable-unit --with-simulatorbin=$HOME/tpm/simulator/src/tpm_server

I cannot believe that anyone has tpm2-abrmd working without special hand-copied fixes. The com.intel.tss2.tabrmd.service for example is not installed in /usr/share/dbus-1/system-services/ but in /usr/local/share/dbus-1/system-services/.

(no options for configuring tpm2-tools)

Dan

-----Original Message-----
From: Javier Martinez Canillas [mailto:javierm(a)redhat.com] 
Sent: Thursday, February 22, 2018 12:49 AM
To: Anderson, Daniel <daniel.anderson(a)intel.com>; tpm2(a)lists.01.org
Subject: Re: [tpm2] TCTI initialization fails with error 0xc000b

Hello Dan,

On 02/20/2018 08:40 PM, Anderson, Daniel wrote:
> I have been getting the same error and cannot start the tpm2-service:
> 
> $ sudo systemctl start tpm2-abrmd.service Job for tpm2-abrmd.service 
> failed because the control process exited with error code. See "systemctl status tpm2-abrmd.service" and "journalctl -xe" for details.
> 
> $ systemctl status tpm2-abrmd.service
> tpm2-abrmd.service: Main process exited, code=exited, status=1/FA 
> Failed to start TPM2 Access Broker and Resource Management Daemon Unit 
> entered failed state.
> Failed with result 'exit-code'.
> 
> # Start manually:
> $ /usr/local/sbin/tpm2-abrmd&
> ** (tpm2-abrmd:1596): WARNING **: failed to initialize device TCTI 
> context: 0xa000a
> ** (tpm2-abrmd:1596): CRITICAL **: TCTI Initializaiton: 0xa000a
> 
> $ tpm2_rc_decode 0xa000a
> tcti:IO failure
> 

What versions of the tpm2-tss, tools and abrmd are you using? I'll try to reproduce the issue. But yes, the problem seems to be that it's defaulting to the device TCTI instead of the socket TCTI. And since you don't have a /dev/tpm? (or your user doesn't have access to it), the tpm2-abrmd dies.

> So it seems that this is a known bug:
> https://github.com/tpm2-software/tpm2-abrmd/issues/321
> https://github.com/tpm2-software/tpm2-abrmd/pull/330
>
> Is there a workaround?  The discussion is too cryptic for me. For example,  I can't find a tpm2_listpcrs command in  tpm2-tools (or -abrmd or -tss). I am running on Ubuntu Linux with a simulator.
>

PR #300 has been merged already so if you think that's related, it may be worth to give a try to master. I still didn't have time to catch up on all the TCTI dynamic loading changes so I can't say if #330 is related to this issue or not.

> Dan

Best regards,
--
Javier Martinez Canillas
Software Engineer - Desktop Hardware Enablement Red Hat

Re: [tpm2] TCTI initialization fails with error 0xc000b

[Javier Martinez Canillas]

[-- Attachment #1: Type: text/plain, Size: 1888 bytes --]

Hello Dan,

On 02/20/2018 08:40 PM, Anderson, Daniel wrote:
> I have been getting the same error and cannot start the tpm2-service:
> 
> $ sudo systemctl start tpm2-abrmd.service
> Job for tpm2-abrmd.service failed because the control process exited with error code. See "systemctl status tpm2-abrmd.service" and "journalctl -xe" for details.
> 
> $ systemctl status tpm2-abrmd.service
> tpm2-abrmd.service: Main process exited, code=exited, status=1/FA
> Failed to start TPM2 Access Broker and Resource Management Daemon
> Unit entered failed state.
> Failed with result 'exit-code'.
> 
> # Start manually:
> $ /usr/local/sbin/tpm2-abrmd&
> ** (tpm2-abrmd:1596): WARNING **: failed to initialize device TCTI context: 0xa000a
> ** (tpm2-abrmd:1596): CRITICAL **: TCTI Initializaiton: 0xa000a
> 
> $ tpm2_rc_decode 0xa000a
> tcti:IO failure
> 

What versions of the tpm2-tss, tools and abrmd are you using? I'll try to
reproduce the issue. But yes, the problem seems to be that it's defaulting
to the device TCTI instead of the socket TCTI. And since you don't have a
/dev/tpm? (or your user doesn't have access to it), the tpm2-abrmd dies.

> So it seems that this is a known bug:
> https://github.com/tpm2-software/tpm2-abrmd/issues/321
> https://github.com/tpm2-software/tpm2-abrmd/pull/330
>
> Is there a workaround?  The discussion is too cryptic for me. For example,  I can't find a tpm2_listpcrs command in  tpm2-tools (or -abrmd or -tss). I am running on Ubuntu Linux with a simulator.
>

PR #300 has been merged already so if you think that's related, it may be
worth to give a try to master. I still didn't have time to catch up on all
the TCTI dynamic loading changes so I can't say if #330 is related to this
issue or not.

> Dan

Best regards,
-- 
Javier Martinez Canillas
Software Engineer - Desktop Hardware Enablement
Red Hat

[tpm2] TCTI initialization fails with error 0xc000b

[Anderson, Daniel]

[-- Attachment #1: Type: text/plain, Size: 1904 bytes --]

I have been getting the same error and cannot start the tpm2-service:

$ sudo systemctl start tpm2-abrmd.service
Job for tpm2-abrmd.service failed because the control process exited with error code. See "systemctl status tpm2-abrmd.service" and "journalctl -xe" for details.

$ systemctl status tpm2-abrmd.service
tpm2-abrmd.service: Main process exited, code=exited, status=1/FA
Failed to start TPM2 Access Broker and Resource Management Daemon
Unit entered failed state.
Failed with result 'exit-code'.

# Start manually:
$ /usr/local/sbin/tpm2-abrmd&
** (tpm2-abrmd:1596): WARNING **: failed to initialize device TCTI context: 0xa000a
** (tpm2-abrmd:1596): CRITICAL **: TCTI Initializaiton: 0xa000a

$ tpm2_rc_decode 0xa000a
tcti:IO failure

So it seems that this is a known bug:
https://github.com/tpm2-software/tpm2-abrmd/issues/321
https://github.com/tpm2-software/tpm2-abrmd/pull/330

Is there a workaround?  The discussion is too cryptic for me. For example,  I can't find a tpm2_listpcrs command in  tpm2-tools (or -abrmd or -tss). I am running on Ubuntu Linux with a simulator.

Dan

-----Original Message-----
From: tpm2 [mailto:tpm2-bounces(a)lists.01.org] On Behalf Of tpm2-request(a)lists.01.org
Sent: Friday, February 16, 2018 8:47 AM
To: tpm2(a)lists.01.org
Subject: tpm2 Digest, Vol 8, Issue 14

Send tpm2 mailing list submissions to
	tpm2(a)lists.01.org

To subscribe or unsubscribe via the World Wide Web, visit
	https://lists.01.org/mailman/listinfo/tpm2
or, via email, send a message with subject or body 'help' to
	tpm2-request(a)lists.01.org

You can reach the person managing the list at
	tpm2-owner(a)lists.01.org

When replying, please edit your Subject line so it is more specific than "Re: Contents of tpm2 digest..."


Today's Topics:

   1. Re: TCTI initialization fails with error 0xc000b
      (Roberts, William C)

Re: [tpm2] TCTI initialization fails with error 0xc000b

[Roberts, William C]

[-- Attachment #1: Type: text/plain, Size: 11708 bytes --]

tpm2-abrmd and tpm2-tools are different code bases, and at the time you stumbled onto this issue and until the ticket
below is closed, both code bases will handle TCTI initialization slightly differently.

We discuss this in this ticket:
https://github.com/tpm2-software/tpm2-abrmd/issues/321

On PR:
https://github.com/tpm2-software/tpm2-abrmd/pull/330

For the tools, the tcti string is just a friendly name or a name/path to a shared object, for example:

# this internally appends libtcti- and .so to the name, so you end up with libtcti-device.so and it follows
# library search rules for dlopen()
tpm2_listpcrs --tcti=device

# Options to the tcti can be specified by appending a colon, and then a string, like so:
tpm2_listpcrs --tcti=device:/dev/tpmrm0

# This would look for this library following dlopen() search rules.
tpm2_listpcrs --tcti=libtcti-foo.so

# This would use the library at path, since it’s a path
tpm2_listpcrs --tcti=/foo/bar/libtcti-foo.so

Currently, the logic in abrmd  is following the third and forth form as noted above, however has
A separate option for the config string, --tcti-conf.

After PR #330 is closed, the tools and abrmd’s tcti init routines will behave the same from a user
perspective.



From: tpm2 [mailto:tpm2-bounces(a)lists.01.org] On Behalf Of Moneeb Azhar
Sent: Wednesday, February 14, 2018 2:06 AM
To: Javier Martinez Canillas <javierm(a)redhat.com>; Tricca, Philip B <philip.b.tricca(a)intel.com>
Cc: tpm2(a)lists.01.org
Subject: Re: [tpm2] TCTI initialization fails with error 0xc000b


I finally got it to work. I looked for a reference to tcti-socket in the source  code and found the following;
./tpm2-tools/lib/tpm2_tcti_ldr.h:37: *  library name: path = libtcti-socket.so
./tpm2-abrmd/scripts/int-test-funcs.sh:113:        tabrmd_opts="$tabrmd_opts --tcti=libtcti-socket.so --tcti-conf=tcp://127.0.0.1:${tabrmd_port}/"

So I tried the following:
$ sudo -u tss tpm2-abrmd --tcti=libtcti-socket.so
Client accepted
Client accepted

Thanks a lot for all the help and quick replies.

Regards,
Moneeb





________________________________
From: Javier Martinez Canillas <javierm(a)redhat.com<mailto:javierm(a)redhat.com>>
Sent: Wednesday, February 14, 2018 1:02 PM
To: Moneeb Azhar; Tricca, Philip B
Cc: tpm2(a)lists.01.org<mailto:tpm2(a)lists.01.org>
Subject: Re: [tpm2] TCTI initialization fails with error 0xc000b

On 02/14/2018 08:42 AM, Moneeb Azhar wrote:
> I am  using the ibm simulator and it starts up fine. However:
>
> $ ls -l /dev/tpm0
> ls: cannot access '/dev/tpm0': No such file or directory
>
>
> Is /dev/tpm0 required while using the simulator?
>

If you are using the simulator, then you need to use the socket TCTI instead
of the device TCTI.

I can't say what's the exact command to do it because there were some changes
in master recently and I still didn't have time to catch up.

Best regards,
--
Javier Martinez Canillas
Software Engineer - Desktop Hardware Enablement
Red Hat

> ________________________________
> From: Tricca, Philip B <philip.b.tricca(a)intel.com<mailto:philip.b.tricca(a)intel.com>>
> Sent: Wednesday, February 14, 2018 3:11 AM
> To: Moneeb Azhar
> Cc: tpm2(a)lists.01.org<mailto:tpm2(a)lists.01.org>
> Subject: RE: TCTI initialization fails with error 0xc000b
>
>
> You’re making progress. This time the daemon loaded the TCTI properly but the TCTI initialization function failed. For the device TCTI this is 99% an issue with permissions on /dev/tpm0. Check to see which user can access this device (root?) and then run the daemon as that user. Ideally this will be an unprivileged user and most distros use one called ‘tss’: https://github.com/tpm2-software/tpm2-abrmd/blob/master/INSTALL.md#system-user--group
[https://avatars2.githubusercontent.com/u/34488697?s=400&v=4]<https://github.com/tpm2-software/tpm2-abrmd/blob/master/INSTALL.md#system-user--group>

tpm2-abrmd/INSTALL.md at master - github.com<https://github.com/tpm2-software/tpm2-abrmd/blob/master/INSTALL.md#system-user--group>
github.com
This is a quick set of instructions to build, install and run the tpm2-abrmd. Dependencies. To build and install the tpm2-abrmd software the following dependencies ...


>
> [https://avatars2.githubusercontent.com/u/34488697?s=400&v=4]<https://github.com/tpm2-software/tpm2-abrmd/blob/master/INSTALL.md#system-user--group<https://avatars2.githubusercontent.com/u/34488697?s=400&v=4%5d%3chttps://github.com/tpm2-software/tpm2-abrmd/blob/master/INSTALL.md#system-user--group>>
>
> tpm2-abrmd/INSTALL.md at master - github.com<https://github.com/tpm2-software/tpm2-abrmd/blob/master/INSTALL.md#system-user--group>
[https://avatars2.githubusercontent.com/u/34488697?s=400&v=4]<https://github.com/tpm2-software/tpm2-abrmd/blob/master/INSTALL.md#system-user--group>

tpm2-abrmd/INSTALL.md at master - github.com<https://github.com/tpm2-software/tpm2-abrmd/blob/master/INSTALL.md#system-user--group>
github.com
This is a quick set of instructions to build, install and run the tpm2-abrmd. Dependencies. To build and install the tpm2-abrmd software the following dependencies ...


> github.com
> This is a quick set of instructions to build, install and run the tpm2-abrmd. Dependencies. To build and install the tpm2-abrmd software the following dependencies ...
>
>
>
>
> Philip
>
>
>
> From: Moneeb Azhar [mailto:moneeb777(a)hotmail.com]
> Sent: 13 February, 2018 12:45
> To: Tricca, Philip B <philip.b.tricca(a)intel.com<mailto:philip.b.tricca(a)intel.com>>
> Cc: tpm2(a)lists.01.org<mailto:tpm2(a)lists.01.org>
> Subject: Re: TCTI initialization fails with error 0xc000b
>
>
>
> The workaround leads to a similar error:
>
>
>
> ubuntu:~/Desktop/ibmtpm974/src$ tpm2-abrmd --tcti=libtcti-device.so
> ** (tpm2-abrmd:4065): WARNING **: failed to initialize device TCTI context: 0xa000a
> ** (tpm2-abrmd:4065): CRITICAL **: TCTI initialization failed: 0xa000a
>
> This is similar to issue #92 but I am already following the steps suggested in the comments there.
>
>
>
>
>
> ________________________________
>
> From: Tricca, Philip B <philip.b.tricca(a)intel.com<mailto:philip.b.tricca(a)intel.com<mailto:philip.b.tricca(a)intel.com%3cmailto:philip.b.tricca(a)intel.com>>>
> Sent: Tuesday, February 13, 2018 11:38 PM
> To: Moneeb Azhar
> Cc: tpm2(a)lists.01.org<mailto:tpm2(a)lists.01.org>
> Subject: RE: TCTI initialization fails with error 0xc000b
>
>
>
> I triaged this last night. It’s a bug in the logic that selects the default TCTI. I’ve got an issue in the tracker for it here: https://github.com/tpm2-software/tpm2-abrmd/issues/327. You can work around it by explicitly selecting the device TCTI with the following option: `--tcti=libtcti-device.so`. I’ll be fixing this up today and likely changing the way we specify the TCTI to align with the tools `--tcti` option.
>
> [https://avatars0.githubusercontent.com/u/1550813?s=400&v=4]<https://github.com/tpm2-software/tpm2-abrmd/issues/327<https://avatars0.githubusercontent.com/u/1550813?s=400&v=4%5d%3chttps://github.com/tpm2-software/tpm2-abrmd/issues/327>>
>
>
> sane default TCTI * Issue #327 * tpm2-software/tpm2-abrmd<https://github.com/tpm2-software/tpm2-abrmd/issues/327>
>
> github.com
>
> It looks like, when provided with no --tcti option we're not picking a sane default value for the TCTI library. If the option is omitted we should default to the device TCTI.
>
>
>
>
> Best,
>
> Philip
>
>
>
> From: Moneeb Azhar [mailto:moneeb777(a)hotmail.com]
> Sent: 13 February, 2018 04:50
> To: Tricca, Philip B <philip.b.tricca(a)intel.com<mailto:philip.b.tricca(a)intel.com<mailto:philip.b.tricca(a)intel.com%3cmailto:philip.b.tricca(a)intel.com>>>
> Cc: tpm2(a)lists.01.org<mailto:tpm2(a)lists.01.org>
> Subject: Re: TCTI initialization fails with error 0xc000b
>
>
>
> Hey,
>
>
>
> So from what I have gathered, tabrmd is designed to connect directly to the simulator without the need to pass any options by using --tcti. I tried doing this and get the exact same error:
>
>
>
> ubuntu:~/Desktop/ibmtpm974/src$ sudo tpm2-abrmd  --allow-root
> ** (tpm2-abrmd:105445): WARNING **: Failed to get reference to symbol: tpm2-abrmd: undefined symbol: Tss2_Tcti_Info
> ** (tpm2-abrmd:105445): CRITICAL **: TCTI initialization failed: 0xc000b
>
> I  must be doing something wrong but I don't know what. Are there any log files I can go through  which could tell me what is happening?
>
> Regards,
> Moneeb
>
>
>
>
>
> ________________________________
>
> From: Tricca, Philip B <philip.b.tricca(a)intel.com<mailto:philip.b.tricca(a)intel.com<mailto:philip.b.tricca(a)intel.com%3cmailto:philip.b.tricca(a)intel.com>>>
> Sent: Monday, February 12, 2018 9:04 PM
> To: Moneeb Azhar
> Cc: tpm2(a)lists.01.org<mailto:tpm2(a)lists.01.org>
> Subject: RE: TCTI initialization fails with error 0xc000b
>
>
>
> Apologies in advance for top posting. I’m stuck on a windows system while traveling.
>
>
>
> It seems as though your issue is related to a recent change to the way we’re initializing the TCTI modules. This caused a few changes to the relevant command line options like `--tcti`. If you’re connecting the tabrmd up to the TPM device and not the simulator as is described in the wiki page you link, then you’ll either need to either leave the `--tcti` option out (the device TCTI should be the default) or use the new form of the `--tcti` option which is documented in our man pages. The source for the man page and the relevant option can be found here: https://github.com/tpm2-software/tpm2-abrmd/blob/master/man/tpm2-abrmd.8.in#L21. Since we’re now loading the TCTI shared object using dlopen the string passed via the `--tcti` option is passed directly to dlopen so the same lookup rules apply. `--tcti=libtcti-device.so` should work for you assuming your LD_CONFIG_PATH is set up right.
>
>
>
> Just a heads up though: https://github.com/tpm2-software/tpm2-abrmd/issues/321 is tracking our work to align the `--tcti` option across the tabrmd and the tools. The tabrmd is very probably going to adopt the same convention that Bill implemented for the tools before the next release.
>
>
>
> Hope this helps,
>
> Philip
>
>
>
> From: tpm2 [mailto:tpm2-bounces(a)lists.01.org] On Behalf Of Moneeb Azhar
> Sent: 12 February, 2018 05:43
> To: tpm2(a)lists.01.org<mailto:tpm2(a)lists.01.org>
> Subject: [tpm2] TCTI initialization fails with error 0xc000b
>
>
>
> Hi,
>
> I am trying to setup a TPM development environment on ubuntu16.04 by following the installation wiki here: https://github.com/tpm2-software/tpm2-tools/wiki/Getting-Started#installing
>
> Everything installs correctly but I get the following error:
>
> $ sudo -u tss tpm2-abrmd --tcti=device
> ** (tpm2-abrmd:104197): WARNING **: failed to dlopen file device: device: cannot open shared object file: No such file or directory
> ** (tpm2-abrmd:104197): CRITICAL **: TCTI initialization failed: 0xc000b
>
> systemctl  show me the following:
> $ sudo systemctl status tpm2-abrmd.service
> ● tpm2-abrmd.service - TPM2 Access Broker and Resource Management Daemon
>    Loaded: loaded (/lib/systemd/system/tpm2-abrmd.service; enabled; vendor preset: enabl
>    Active: inactive (dead)
>
> How would I go about figuring out what is wrong? I am new to this so any help would be highly appreciated.
>
> Regards,
> Moneeb
>
>
>
> _______________________________________________
> tpm2 mailing list
> tpm2(a)lists.01.org<mailto:tpm2(a)lists.01.org>
> https://lists.01.org/mailman/listinfo/tpm2
>


[-- Attachment #2: attachment.html --]
[-- Type: text/html, Size: 27960 bytes --]

Re: [tpm2] TCTI initialization fails with error 0xc000b

[Moneeb Azhar]

[-- Attachment #1: Type: text/plain, Size: 9423 bytes --]

I finally got it to work. I looked for a reference to tcti-socket in the source  code and found the following;

./tpm2-tools/lib/tpm2_tcti_ldr.h:37: *  library name: path = libtcti-socket.so
./tpm2-abrmd/scripts/int-test-funcs.sh:113:        tabrmd_opts="$tabrmd_opts --tcti=libtcti-socket.so --tcti-conf=tcp://127.0.0.1:${tabrmd_port}/"

So I tried the following:
$ sudo -u tss tpm2-abrmd --tcti=libtcti-socket.so
Client accepted
Client accepted

Thanks a lot for all the help and quick replies.

Regards,
Moneeb





________________________________
From: Javier Martinez Canillas <javierm(a)redhat.com>
Sent: Wednesday, February 14, 2018 1:02 PM
To: Moneeb Azhar; Tricca, Philip B
Cc: tpm2(a)lists.01.org
Subject: Re: [tpm2] TCTI initialization fails with error 0xc000b

On 02/14/2018 08:42 AM, Moneeb Azhar wrote:
> I am  using the ibm simulator and it starts up fine. However:
>
> $ ls -l /dev/tpm0
> ls: cannot access '/dev/tpm0': No such file or directory
>
>
> Is /dev/tpm0 required while using the simulator?
>

If you are using the simulator, then you need to use the socket TCTI instead
of the device TCTI.

I can't say what's the exact command to do it because there were some changes
in master recently and I still didn't have time to catch up.

Best regards,
--
Javier Martinez Canillas
Software Engineer - Desktop Hardware Enablement
Red Hat

> ________________________________
> From: Tricca, Philip B <philip.b.tricca(a)intel.com>
> Sent: Wednesday, February 14, 2018 3:11 AM
> To: Moneeb Azhar
> Cc: tpm2(a)lists.01.org
> Subject: RE: TCTI initialization fails with error 0xc000b
>
>
> You’re making progress. This time the daemon loaded the TCTI properly but the TCTI initialization function failed. For the device TCTI this is 99% an issue with permissions on /dev/tpm0. Check to see which user can access this device (root?) and then run the daemon as that user. Ideally this will be an unprivileged user and most distros use one called ‘tss’: https://github.com/tpm2-software/tpm2-abrmd/blob/master/INSTALL.md#system-user--group
[https://avatars2.githubusercontent.com/u/34488697?s=400&v=4]<https://github.com/tpm2-software/tpm2-abrmd/blob/master/INSTALL.md#system-user--group>

tpm2-abrmd/INSTALL.md at master - github.com<https://github.com/tpm2-software/tpm2-abrmd/blob/master/INSTALL.md#system-user--group>
github.com
This is a quick set of instructions to build, install and run the tpm2-abrmd. Dependencies. To build and install the tpm2-abrmd software the following dependencies ...


>
> [https://avatars2.githubusercontent.com/u/34488697?s=400&v=4]<https://github.com/tpm2-software/tpm2-abrmd/blob/master/INSTALL.md#system-user--group>
>
> tpm2-abrmd/INSTALL.md at master - github.com<https://github.com/tpm2-software/tpm2-abrmd/blob/master/INSTALL.md#system-user--group>
[https://avatars2.githubusercontent.com/u/34488697?s=400&v=4]<https://github.com/tpm2-software/tpm2-abrmd/blob/master/INSTALL.md#system-user--group>

tpm2-abrmd/INSTALL.md at master - github.com<https://github.com/tpm2-software/tpm2-abrmd/blob/master/INSTALL.md#system-user--group>
github.com
This is a quick set of instructions to build, install and run the tpm2-abrmd. Dependencies. To build and install the tpm2-abrmd software the following dependencies ...


> github.com
> This is a quick set of instructions to build, install and run the tpm2-abrmd. Dependencies. To build and install the tpm2-abrmd software the following dependencies ...
>
>
>
>
> Philip
>
>
>
> From: Moneeb Azhar [mailto:moneeb777(a)hotmail.com]
> Sent: 13 February, 2018 12:45
> To: Tricca, Philip B <philip.b.tricca(a)intel.com>
> Cc: tpm2(a)lists.01.org
> Subject: Re: TCTI initialization fails with error 0xc000b
>
>
>
> The workaround leads to a similar error:
>
>
>
> ubuntu:~/Desktop/ibmtpm974/src$ tpm2-abrmd --tcti=libtcti-device.so
> ** (tpm2-abrmd:4065): WARNING **: failed to initialize device TCTI context: 0xa000a
> ** (tpm2-abrmd:4065): CRITICAL **: TCTI initialization failed: 0xa000a
>
> This is similar to issue #92 but I am already following the steps suggested in the comments there.
>
>
>
>
>
> ________________________________
>
> From: Tricca, Philip B <philip.b.tricca(a)intel.com<mailto:philip.b.tricca(a)intel.com>>
> Sent: Tuesday, February 13, 2018 11:38 PM
> To: Moneeb Azhar
> Cc: tpm2(a)lists.01.org<mailto:tpm2(a)lists.01.org>
> Subject: RE: TCTI initialization fails with error 0xc000b
>
>
>
> I triaged this last night. It’s a bug in the logic that selects the default TCTI. I’ve got an issue in the tracker for it here: https://github.com/tpm2-software/tpm2-abrmd/issues/327. You can work around it by explicitly selecting the device TCTI with the following option: `--tcti=libtcti-device.so`. I’ll be fixing this up today and likely changing the way we specify the TCTI to align with the tools `--tcti` option.
>
> [https://avatars0.githubusercontent.com/u/1550813?s=400&v=4]<https://github.com/tpm2-software/tpm2-abrmd/issues/327>
>
>
> sane default TCTI · Issue #327 · tpm2-software/tpm2-abrmd<https://github.com/tpm2-software/tpm2-abrmd/issues/327>
>
> github.com
>
> It looks like, when provided with no --tcti option we're not picking a sane default value for the TCTI library. If the option is omitted we should default to the device TCTI.
>
>
>
>
> Best,
>
> Philip
>
>
>
> From: Moneeb Azhar [mailto:moneeb777(a)hotmail.com]
> Sent: 13 February, 2018 04:50
> To: Tricca, Philip B <philip.b.tricca(a)intel.com<mailto:philip.b.tricca(a)intel.com>>
> Cc: tpm2(a)lists.01.org<mailto:tpm2(a)lists.01.org>
> Subject: Re: TCTI initialization fails with error 0xc000b
>
>
>
> Hey,
>
>
>
> So from what I have gathered, tabrmd is designed to connect directly to the simulator without the need to pass any options by using --tcti. I tried doing this and get the exact same error:
>
>
>
> ubuntu:~/Desktop/ibmtpm974/src$ sudo tpm2-abrmd  --allow-root
> ** (tpm2-abrmd:105445): WARNING **: Failed to get reference to symbol: tpm2-abrmd: undefined symbol: Tss2_Tcti_Info
> ** (tpm2-abrmd:105445): CRITICAL **: TCTI initialization failed: 0xc000b
>
> I  must be doing something wrong but I don't know what. Are there any log files I can go through  which could tell me what is happening?
>
> Regards,
> Moneeb
>
>
>
>
>
> ________________________________
>
> From: Tricca, Philip B <philip.b.tricca(a)intel.com<mailto:philip.b.tricca(a)intel.com>>
> Sent: Monday, February 12, 2018 9:04 PM
> To: Moneeb Azhar
> Cc: tpm2(a)lists.01.org<mailto:tpm2(a)lists.01.org>
> Subject: RE: TCTI initialization fails with error 0xc000b
>
>
>
> Apologies in advance for top posting. I’m stuck on a windows system while traveling.
>
>
>
> It seems as though your issue is related to a recent change to the way we’re initializing the TCTI modules. This caused a few changes to the relevant command line options like `--tcti`. If you’re connecting the tabrmd up to the TPM device and not the simulator as is described in the wiki page you link, then you’ll either need to either leave the `--tcti` option out (the device TCTI should be the default) or use the new form of the `--tcti` option which is documented in our man pages. The source for the man page and the relevant option can be found here: https://github.com/tpm2-software/tpm2-abrmd/blob/master/man/tpm2-abrmd.8.in#L21. Since we’re now loading the TCTI shared object using dlopen the string passed via the `--tcti` option is passed directly to dlopen so the same lookup rules apply. `--tcti=libtcti-device.so` should work for you assuming your LD_CONFIG_PATH is set up right.
>
>
>
> Just a heads up though: https://github.com/tpm2-software/tpm2-abrmd/issues/321 is tracking our work to align the `--tcti` option across the tabrmd and the tools. The tabrmd is very probably going to adopt the same convention that Bill implemented for the tools before the next release.
>
>
>
> Hope this helps,
>
> Philip
>
>
>
> From: tpm2 [mailto:tpm2-bounces(a)lists.01.org] On Behalf Of Moneeb Azhar
> Sent: 12 February, 2018 05:43
> To: tpm2(a)lists.01.org<mailto:tpm2(a)lists.01.org>
> Subject: [tpm2] TCTI initialization fails with error 0xc000b
>
>
>
> Hi,
>
> I am trying to setup a TPM development environment on ubuntu16.04 by following the installation wiki here: https://github.com/tpm2-software/tpm2-tools/wiki/Getting-Started#installing
>
> Everything installs correctly but I get the following error:
>
> $ sudo -u tss tpm2-abrmd --tcti=device
> ** (tpm2-abrmd:104197): WARNING **: failed to dlopen file device: device: cannot open shared object file: No such file or directory
> ** (tpm2-abrmd:104197): CRITICAL **: TCTI initialization failed: 0xc000b
>
> systemctl  show me the following:
> $ sudo systemctl status tpm2-abrmd.service
> ● tpm2-abrmd.service - TPM2 Access Broker and Resource Management Daemon
>    Loaded: loaded (/lib/systemd/system/tpm2-abrmd.service; enabled; vendor preset: enabl
>    Active: inactive (dead)
>
> How would I go about figuring out what is wrong? I am new to this so any help would be highly appreciated.
>
> Regards,
> Moneeb
>
>
>
> _______________________________________________
> tpm2 mailing list
> tpm2(a)lists.01.org
> https://lists.01.org/mailman/listinfo/tpm2
>



[-- Attachment #2: attachment.html --]
[-- Type: text/html, Size: 18074 bytes --]

Re: [tpm2] TCTI initialization fails with error 0xc000b

[Javier Martinez Canillas]

[-- Attachment #1: Type: text/plain, Size: 7773 bytes --]

On 02/14/2018 08:42 AM, Moneeb Azhar wrote:
> I am  using the ibm simulator and it starts up fine. However:
> 
> $ ls -l /dev/tpm0
> ls: cannot access '/dev/tpm0': No such file or directory
> 
> 
> Is /dev/tpm0 required while using the simulator?
>

If you are using the simulator, then you need to use the socket TCTI instead
of the device TCTI.

I can't say what's the exact command to do it because there were some changes
in master recently and I still didn't have time to catch up.

Best regards,
-- 
Javier Martinez Canillas
Software Engineer - Desktop Hardware Enablement
Red Hat

> ________________________________
> From: Tricca, Philip B <philip.b.tricca(a)intel.com>
> Sent: Wednesday, February 14, 2018 3:11 AM
> To: Moneeb Azhar
> Cc: tpm2(a)lists.01.org
> Subject: RE: TCTI initialization fails with error 0xc000b
> 
> 
> You’re making progress. This time the daemon loaded the TCTI properly but the TCTI initialization function failed. For the device TCTI this is 99% an issue with permissions on /dev/tpm0. Check to see which user can access this device (root?) and then run the daemon as that user. Ideally this will be an unprivileged user and most distros use one called ‘tss’: https://github.com/tpm2-software/tpm2-abrmd/blob/master/INSTALL.md#system-user--group
> 
> [https://avatars2.githubusercontent.com/u/34488697?s=400&v=4]<https://github.com/tpm2-software/tpm2-abrmd/blob/master/INSTALL.md#system-user--group>
> 
> tpm2-abrmd/INSTALL.md at master - github.com<https://github.com/tpm2-software/tpm2-abrmd/blob/master/INSTALL.md#system-user--group>
> github.com
> This is a quick set of instructions to build, install and run the tpm2-abrmd. Dependencies. To build and install the tpm2-abrmd software the following dependencies ...
> 
> 
> 
> 
> Philip
> 
> 
> 
> From: Moneeb Azhar [mailto:moneeb777(a)hotmail.com]
> Sent: 13 February, 2018 12:45
> To: Tricca, Philip B <philip.b.tricca(a)intel.com>
> Cc: tpm2(a)lists.01.org
> Subject: Re: TCTI initialization fails with error 0xc000b
> 
> 
> 
> The workaround leads to a similar error:
> 
> 
> 
> ubuntu:~/Desktop/ibmtpm974/src$ tpm2-abrmd --tcti=libtcti-device.so
> ** (tpm2-abrmd:4065): WARNING **: failed to initialize device TCTI context: 0xa000a
> ** (tpm2-abrmd:4065): CRITICAL **: TCTI initialization failed: 0xa000a
> 
> This is similar to issue #92 but I am already following the steps suggested in the comments there.
> 
> 
> 
> 
> 
> ________________________________
> 
> From: Tricca, Philip B <philip.b.tricca(a)intel.com<mailto:philip.b.tricca(a)intel.com>>
> Sent: Tuesday, February 13, 2018 11:38 PM
> To: Moneeb Azhar
> Cc: tpm2(a)lists.01.org<mailto:tpm2(a)lists.01.org>
> Subject: RE: TCTI initialization fails with error 0xc000b
> 
> 
> 
> I triaged this last night. It’s a bug in the logic that selects the default TCTI. I’ve got an issue in the tracker for it here: https://github.com/tpm2-software/tpm2-abrmd/issues/327. You can work around it by explicitly selecting the device TCTI with the following option: `--tcti=libtcti-device.so`. I’ll be fixing this up today and likely changing the way we specify the TCTI to align with the tools `--tcti` option.
> 
> [https://avatars0.githubusercontent.com/u/1550813?s=400&v=4]<https://github.com/tpm2-software/tpm2-abrmd/issues/327>
> 
> 
> sane default TCTI · Issue #327 · tpm2-software/tpm2-abrmd<https://github.com/tpm2-software/tpm2-abrmd/issues/327>
> 
> github.com
> 
> It looks like, when provided with no --tcti option we're not picking a sane default value for the TCTI library. If the option is omitted we should default to the device TCTI.
> 
> 
> 
> 
> Best,
> 
> Philip
> 
> 
> 
> From: Moneeb Azhar [mailto:moneeb777(a)hotmail.com]
> Sent: 13 February, 2018 04:50
> To: Tricca, Philip B <philip.b.tricca(a)intel.com<mailto:philip.b.tricca(a)intel.com>>
> Cc: tpm2(a)lists.01.org<mailto:tpm2(a)lists.01.org>
> Subject: Re: TCTI initialization fails with error 0xc000b
> 
> 
> 
> Hey,
> 
> 
> 
> So from what I have gathered, tabrmd is designed to connect directly to the simulator without the need to pass any options by using --tcti. I tried doing this and get the exact same error:
> 
> 
> 
> ubuntu:~/Desktop/ibmtpm974/src$ sudo tpm2-abrmd  --allow-root
> ** (tpm2-abrmd:105445): WARNING **: Failed to get reference to symbol: tpm2-abrmd: undefined symbol: Tss2_Tcti_Info
> ** (tpm2-abrmd:105445): CRITICAL **: TCTI initialization failed: 0xc000b
> 
> I  must be doing something wrong but I don't know what. Are there any log files I can go through  which could tell me what is happening?
> 
> Regards,
> Moneeb
> 
> 
> 
> 
> 
> ________________________________
> 
> From: Tricca, Philip B <philip.b.tricca(a)intel.com<mailto:philip.b.tricca(a)intel.com>>
> Sent: Monday, February 12, 2018 9:04 PM
> To: Moneeb Azhar
> Cc: tpm2(a)lists.01.org<mailto:tpm2(a)lists.01.org>
> Subject: RE: TCTI initialization fails with error 0xc000b
> 
> 
> 
> Apologies in advance for top posting. I’m stuck on a windows system while traveling.
> 
> 
> 
> It seems as though your issue is related to a recent change to the way we’re initializing the TCTI modules. This caused a few changes to the relevant command line options like `--tcti`. If you’re connecting the tabrmd up to the TPM device and not the simulator as is described in the wiki page you link, then you’ll either need to either leave the `--tcti` option out (the device TCTI should be the default) or use the new form of the `--tcti` option which is documented in our man pages. The source for the man page and the relevant option can be found here: https://github.com/tpm2-software/tpm2-abrmd/blob/master/man/tpm2-abrmd.8.in#L21. Since we’re now loading the TCTI shared object using dlopen the string passed via the `--tcti` option is passed directly to dlopen so the same lookup rules apply. `--tcti=libtcti-device.so` should work for you assuming your LD_CONFIG_PATH is set up right.
> 
> 
> 
> Just a heads up though: https://github.com/tpm2-software/tpm2-abrmd/issues/321 is tracking our work to align the `--tcti` option across the tabrmd and the tools. The tabrmd is very probably going to adopt the same convention that Bill implemented for the tools before the next release.
> 
> 
> 
> Hope this helps,
> 
> Philip
> 
> 
> 
> From: tpm2 [mailto:tpm2-bounces(a)lists.01.org] On Behalf Of Moneeb Azhar
> Sent: 12 February, 2018 05:43
> To: tpm2(a)lists.01.org<mailto:tpm2(a)lists.01.org>
> Subject: [tpm2] TCTI initialization fails with error 0xc000b
> 
> 
> 
> Hi,
> 
> I am trying to setup a TPM development environment on ubuntu16.04 by following the installation wiki here: https://github.com/tpm2-software/tpm2-tools/wiki/Getting-Started#installing
> 
> Everything installs correctly but I get the following error:
> 
> $ sudo -u tss tpm2-abrmd --tcti=device
> ** (tpm2-abrmd:104197): WARNING **: failed to dlopen file device: device: cannot open shared object file: No such file or directory
> ** (tpm2-abrmd:104197): CRITICAL **: TCTI initialization failed: 0xc000b
> 
> systemctl  show me the following:
> $ sudo systemctl status tpm2-abrmd.service
> ● tpm2-abrmd.service - TPM2 Access Broker and Resource Management Daemon
>    Loaded: loaded (/lib/systemd/system/tpm2-abrmd.service; enabled; vendor preset: enabl
>    Active: inactive (dead)
> 
> How would I go about figuring out what is wrong? I am new to this so any help would be highly appreciated.
> 
> Regards,
> Moneeb
> 
> 
> 
> _______________________________________________
> tpm2 mailing list
> tpm2(a)lists.01.org
> https://lists.01.org/mailman/listinfo/tpm2
> 

Re: [tpm2] TCTI initialization fails with error 0xc000b

[Moneeb Azhar]

[-- Attachment #1: Type: text/plain, Size: 6882 bytes --]

I am  using the ibm simulator and it starts up fine. However:

$ ls -l /dev/tpm0
ls: cannot access '/dev/tpm0': No such file or directory


Is /dev/tpm0 required while using the simulator?

________________________________
From: Tricca, Philip B <philip.b.tricca(a)intel.com>
Sent: Wednesday, February 14, 2018 3:11 AM
To: Moneeb Azhar
Cc: tpm2(a)lists.01.org
Subject: RE: TCTI initialization fails with error 0xc000b


You’re making progress. This time the daemon loaded the TCTI properly but the TCTI initialization function failed. For the device TCTI this is 99% an issue with permissions on /dev/tpm0. Check to see which user can access this device (root?) and then run the daemon as that user. Ideally this will be an unprivileged user and most distros use one called ‘tss’: https://github.com/tpm2-software/tpm2-abrmd/blob/master/INSTALL.md#system-user--group

[https://avatars2.githubusercontent.com/u/34488697?s=400&v=4]<https://github.com/tpm2-software/tpm2-abrmd/blob/master/INSTALL.md#system-user--group>

tpm2-abrmd/INSTALL.md at master - github.com<https://github.com/tpm2-software/tpm2-abrmd/blob/master/INSTALL.md#system-user--group>
github.com
This is a quick set of instructions to build, install and run the tpm2-abrmd. Dependencies. To build and install the tpm2-abrmd software the following dependencies ...




Philip



From: Moneeb Azhar [mailto:moneeb777(a)hotmail.com]
Sent: 13 February, 2018 12:45
To: Tricca, Philip B <philip.b.tricca(a)intel.com>
Cc: tpm2(a)lists.01.org
Subject: Re: TCTI initialization fails with error 0xc000b



The workaround leads to a similar error:



ubuntu:~/Desktop/ibmtpm974/src$ tpm2-abrmd --tcti=libtcti-device.so
** (tpm2-abrmd:4065): WARNING **: failed to initialize device TCTI context: 0xa000a
** (tpm2-abrmd:4065): CRITICAL **: TCTI initialization failed: 0xa000a

This is similar to issue #92 but I am already following the steps suggested in the comments there.





________________________________

From: Tricca, Philip B <philip.b.tricca(a)intel.com<mailto:philip.b.tricca(a)intel.com>>
Sent: Tuesday, February 13, 2018 11:38 PM
To: Moneeb Azhar
Cc: tpm2(a)lists.01.org<mailto:tpm2(a)lists.01.org>
Subject: RE: TCTI initialization fails with error 0xc000b



I triaged this last night. It’s a bug in the logic that selects the default TCTI. I’ve got an issue in the tracker for it here: https://github.com/tpm2-software/tpm2-abrmd/issues/327. You can work around it by explicitly selecting the device TCTI with the following option: `--tcti=libtcti-device.so`. I’ll be fixing this up today and likely changing the way we specify the TCTI to align with the tools `--tcti` option.

[https://avatars0.githubusercontent.com/u/1550813?s=400&v=4]<https://github.com/tpm2-software/tpm2-abrmd/issues/327>


sane default TCTI · Issue #327 · tpm2-software/tpm2-abrmd<https://github.com/tpm2-software/tpm2-abrmd/issues/327>

github.com

It looks like, when provided with no --tcti option we're not picking a sane default value for the TCTI library. If the option is omitted we should default to the device TCTI.




Best,

Philip



From: Moneeb Azhar [mailto:moneeb777(a)hotmail.com]
Sent: 13 February, 2018 04:50
To: Tricca, Philip B <philip.b.tricca(a)intel.com<mailto:philip.b.tricca(a)intel.com>>
Cc: tpm2(a)lists.01.org<mailto:tpm2(a)lists.01.org>
Subject: Re: TCTI initialization fails with error 0xc000b



Hey,



So from what I have gathered, tabrmd is designed to connect directly to the simulator without the need to pass any options by using --tcti. I tried doing this and get the exact same error:



ubuntu:~/Desktop/ibmtpm974/src$ sudo tpm2-abrmd  --allow-root
** (tpm2-abrmd:105445): WARNING **: Failed to get reference to symbol: tpm2-abrmd: undefined symbol: Tss2_Tcti_Info
** (tpm2-abrmd:105445): CRITICAL **: TCTI initialization failed: 0xc000b

I  must be doing something wrong but I don't know what. Are there any log files I can go through  which could tell me what is happening?

Regards,
Moneeb





________________________________

From: Tricca, Philip B <philip.b.tricca(a)intel.com<mailto:philip.b.tricca(a)intel.com>>
Sent: Monday, February 12, 2018 9:04 PM
To: Moneeb Azhar
Cc: tpm2(a)lists.01.org<mailto:tpm2(a)lists.01.org>
Subject: RE: TCTI initialization fails with error 0xc000b



Apologies in advance for top posting. I’m stuck on a windows system while traveling.



It seems as though your issue is related to a recent change to the way we’re initializing the TCTI modules. This caused a few changes to the relevant command line options like `--tcti`. If you’re connecting the tabrmd up to the TPM device and not the simulator as is described in the wiki page you link, then you’ll either need to either leave the `--tcti` option out (the device TCTI should be the default) or use the new form of the `--tcti` option which is documented in our man pages. The source for the man page and the relevant option can be found here: https://github.com/tpm2-software/tpm2-abrmd/blob/master/man/tpm2-abrmd.8.in#L21. Since we’re now loading the TCTI shared object using dlopen the string passed via the `--tcti` option is passed directly to dlopen so the same lookup rules apply. `--tcti=libtcti-device.so` should work for you assuming your LD_CONFIG_PATH is set up right.



Just a heads up though: https://github.com/tpm2-software/tpm2-abrmd/issues/321 is tracking our work to align the `--tcti` option across the tabrmd and the tools. The tabrmd is very probably going to adopt the same convention that Bill implemented for the tools before the next release.



Hope this helps,

Philip



From: tpm2 [mailto:tpm2-bounces(a)lists.01.org] On Behalf Of Moneeb Azhar
Sent: 12 February, 2018 05:43
To: tpm2(a)lists.01.org<mailto:tpm2(a)lists.01.org>
Subject: [tpm2] TCTI initialization fails with error 0xc000b



Hi,

I am trying to setup a TPM development environment on ubuntu16.04 by following the installation wiki here: https://github.com/tpm2-software/tpm2-tools/wiki/Getting-Started#installing

Everything installs correctly but I get the following error:

$ sudo -u tss tpm2-abrmd --tcti=device
** (tpm2-abrmd:104197): WARNING **: failed to dlopen file device: device: cannot open shared object file: No such file or directory
** (tpm2-abrmd:104197): CRITICAL **: TCTI initialization failed: 0xc000b

systemctl  show me the following:
$ sudo systemctl status tpm2-abrmd.service
● tpm2-abrmd.service - TPM2 Access Broker and Resource Management Daemon
   Loaded: loaded (/lib/systemd/system/tpm2-abrmd.service; enabled; vendor preset: enabl
   Active: inactive (dead)

How would I go about figuring out what is wrong? I am new to this so any help would be highly appreciated.

Regards,
Moneeb

[-- Attachment #2: attachment.html --]
[-- Type: text/html, Size: 21284 bytes --]

Re: [tpm2] TCTI initialization fails with error 0xc000b

[Tricca, Philip B]

[-- Attachment #1: Type: text/plain, Size: 5944 bytes --]

You’re making progress. This time the daemon loaded the TCTI properly but the TCTI initialization function failed. For the device TCTI this is 99% an issue with permissions on /dev/tpm0. Check to see which user can access this device (root?) and then run the daemon as that user. Ideally this will be an unprivileged user and most distros use one called ‘tss’: https://github.com/tpm2-software/tpm2-abrmd/blob/master/INSTALL.md#system-user--group

Philip

From: Moneeb Azhar [mailto:moneeb777(a)hotmail.com]
Sent: 13 February, 2018 12:45
To: Tricca, Philip B <philip.b.tricca(a)intel.com>
Cc: tpm2(a)lists.01.org
Subject: Re: TCTI initialization fails with error 0xc000b


The workaround leads to a similar error:


ubuntu:~/Desktop/ibmtpm974/src$ tpm2-abrmd --tcti=libtcti-device.so
** (tpm2-abrmd:4065): WARNING **: failed to initialize device TCTI context: 0xa000a
** (tpm2-abrmd:4065): CRITICAL **: TCTI initialization failed: 0xa000a

This is similar to issue #92 but I am already following the steps suggested in the comments there.


________________________________
From: Tricca, Philip B <philip.b.tricca(a)intel.com<mailto:philip.b.tricca(a)intel.com>>
Sent: Tuesday, February 13, 2018 11:38 PM
To: Moneeb Azhar
Cc: tpm2(a)lists.01.org<mailto:tpm2(a)lists.01.org>
Subject: RE: TCTI initialization fails with error 0xc000b


I triaged this last night. It’s a bug in the logic that selects the default TCTI. I’ve got an issue in the tracker for it here: https://github.com/tpm2-software/tpm2-abrmd/issues/327. You can work around it by explicitly selecting the device TCTI with the following option: `--tcti=libtcti-device.so`. I’ll be fixing this up today and likely changing the way we specify the TCTI to align with the tools `--tcti` option.
[https://avatars0.githubusercontent.com/u/1550813?s=400&v=4]<https://github.com/tpm2-software/tpm2-abrmd/issues/327>

sane default TCTI * Issue #327 * tpm2-software/tpm2-abrmd<https://github.com/tpm2-software/tpm2-abrmd/issues/327>
github.com
It looks like, when provided with no --tcti option we're not picking a sane default value for the TCTI library. If the option is omitted we should default to the device TCTI.




Best,

Philip



From: Moneeb Azhar [mailto:moneeb777(a)hotmail.com]
Sent: 13 February, 2018 04:50
To: Tricca, Philip B <philip.b.tricca(a)intel.com<mailto:philip.b.tricca(a)intel.com>>
Cc: tpm2(a)lists.01.org<mailto:tpm2(a)lists.01.org>
Subject: Re: TCTI initialization fails with error 0xc000b



Hey,



So from what I have gathered, tabrmd is designed to connect directly to the simulator without the need to pass any options by using --tcti. I tried doing this and get the exact same error:



ubuntu:~/Desktop/ibmtpm974/src$ sudo tpm2-abrmd  --allow-root
** (tpm2-abrmd:105445): WARNING **: Failed to get reference to symbol: tpm2-abrmd: undefined symbol: Tss2_Tcti_Info
** (tpm2-abrmd:105445): CRITICAL **: TCTI initialization failed: 0xc000b

I  must be doing something wrong but I don't know what. Are there any log files I can go through  which could tell me what is happening?

Regards,
Moneeb





________________________________

From: Tricca, Philip B <philip.b.tricca(a)intel.com<mailto:philip.b.tricca(a)intel.com>>
Sent: Monday, February 12, 2018 9:04 PM
To: Moneeb Azhar
Cc: tpm2(a)lists.01.org<mailto:tpm2(a)lists.01.org>
Subject: RE: TCTI initialization fails with error 0xc000b



Apologies in advance for top posting. I’m stuck on a windows system while traveling.



It seems as though your issue is related to a recent change to the way we’re initializing the TCTI modules. This caused a few changes to the relevant command line options like `--tcti`. If you’re connecting the tabrmd up to the TPM device and not the simulator as is described in the wiki page you link, then you’ll either need to either leave the `--tcti` option out (the device TCTI should be the default) or use the new form of the `--tcti` option which is documented in our man pages. The source for the man page and the relevant option can be found here: https://github.com/tpm2-software/tpm2-abrmd/blob/master/man/tpm2-abrmd.8.in#L21. Since we’re now loading the TCTI shared object using dlopen the string passed via the `--tcti` option is passed directly to dlopen so the same lookup rules apply. `--tcti=libtcti-device.so` should work for you assuming your LD_CONFIG_PATH is set up right.



Just a heads up though: https://github.com/tpm2-software/tpm2-abrmd/issues/321 is tracking our work to align the `--tcti` option across the tabrmd and the tools. The tabrmd is very probably going to adopt the same convention that Bill implemented for the tools before the next release.



Hope this helps,

Philip



From: tpm2 [mailto:tpm2-bounces(a)lists.01.org] On Behalf Of Moneeb Azhar
Sent: 12 February, 2018 05:43
To: tpm2(a)lists.01.org<mailto:tpm2(a)lists.01.org>
Subject: [tpm2] TCTI initialization fails with error 0xc000b



Hi,

I am trying to setup a TPM development environment on ubuntu16.04 by following the installation wiki here: https://github.com/tpm2-software/tpm2-tools/wiki/Getting-Started#installing

Everything installs correctly but I get the following error:

$ sudo -u tss tpm2-abrmd --tcti=device
** (tpm2-abrmd:104197): WARNING **: failed to dlopen file device: device: cannot open shared object file: No such file or directory
** (tpm2-abrmd:104197): CRITICAL **: TCTI initialization failed: 0xc000b

systemctl  show me the following:
$ sudo systemctl status tpm2-abrmd.service
● tpm2-abrmd.service - TPM2 Access Broker and Resource Management Daemon
   Loaded: loaded (/lib/systemd/system/tpm2-abrmd.service; enabled; vendor preset: enabl
   Active: inactive (dead)

How would I go about figuring out what is wrong? I am new to this so any help would be highly appreciated.

Regards,
Moneeb

[-- Attachment #2: attachment.html --]
[-- Type: text/html, Size: 19968 bytes --]

Re: [tpm2] TCTI initialization fails with error 0xc000b

[Moneeb Azhar]

[-- Attachment #1: Type: text/plain, Size: 5134 bytes --]

The workaround leads to a similar error:


ubuntu:~/Desktop/ibmtpm974/src$ tpm2-abrmd --tcti=libtcti-device.so
** (tpm2-abrmd:4065): WARNING **: failed to initialize device TCTI context: 0xa000a
** (tpm2-abrmd:4065): CRITICAL **: TCTI initialization failed: 0xa000a

This is similar to issue #92 but I am already following the steps suggested in the comments there.



________________________________
From: Tricca, Philip B <philip.b.tricca(a)intel.com>
Sent: Tuesday, February 13, 2018 11:38 PM
To: Moneeb Azhar
Cc: tpm2(a)lists.01.org
Subject: RE: TCTI initialization fails with error 0xc000b


I triaged this last night. It’s a bug in the logic that selects the default TCTI. I’ve got an issue in the tracker for it here: https://github.com/tpm2-software/tpm2-abrmd/issues/327. You can work around it by explicitly selecting the device TCTI with the following option: `--tcti=libtcti-device.so`. I’ll be fixing this up today and likely changing the way we specify the TCTI to align with the tools `--tcti` option.

[https://avatars0.githubusercontent.com/u/1550813?s=400&v=4]<https://github.com/tpm2-software/tpm2-abrmd/issues/327>

sane default TCTI · Issue #327 · tpm2-software/tpm2-abrmd<https://github.com/tpm2-software/tpm2-abrmd/issues/327>
github.com
It looks like, when provided with no --tcti option we're not picking a sane default value for the TCTI library. If the option is omitted we should default to the device TCTI.




Best,

Philip



From: Moneeb Azhar [mailto:moneeb777(a)hotmail.com]
Sent: 13 February, 2018 04:50
To: Tricca, Philip B <philip.b.tricca(a)intel.com>
Cc: tpm2(a)lists.01.org
Subject: Re: TCTI initialization fails with error 0xc000b



Hey,



So from what I have gathered, tabrmd is designed to connect directly to the simulator without the need to pass any options by using --tcti. I tried doing this and get the exact same error:



ubuntu:~/Desktop/ibmtpm974/src$ sudo tpm2-abrmd  --allow-root
** (tpm2-abrmd:105445): WARNING **: Failed to get reference to symbol: tpm2-abrmd: undefined symbol: Tss2_Tcti_Info
** (tpm2-abrmd:105445): CRITICAL **: TCTI initialization failed: 0xc000b

I  must be doing something wrong but I don't know what. Are there any log files I can go through  which could tell me what is happening?

Regards,
Moneeb






________________________________

From: Tricca, Philip B <philip.b.tricca(a)intel.com<mailto:philip.b.tricca(a)intel.com>>
Sent: Monday, February 12, 2018 9:04 PM
To: Moneeb Azhar
Cc: tpm2(a)lists.01.org<mailto:tpm2(a)lists.01.org>
Subject: RE: TCTI initialization fails with error 0xc000b



Apologies in advance for top posting. I’m stuck on a windows system while traveling.



It seems as though your issue is related to a recent change to the way we’re initializing the TCTI modules. This caused a few changes to the relevant command line options like `--tcti`. If you’re connecting the tabrmd up to the TPM device and not the simulator as is described in the wiki page you link, then you’ll either need to either leave the `--tcti` option out (the device TCTI should be the default) or use the new form of the `--tcti` option which is documented in our man pages. The source for the man page and the relevant option can be found here: https://github.com/tpm2-software/tpm2-abrmd/blob/master/man/tpm2-abrmd.8.in#L21. Since we’re now loading the TCTI shared object using dlopen the string passed via the `--tcti` option is passed directly to dlopen so the same lookup rules apply. `--tcti=libtcti-device.so` should work for you assuming your LD_CONFIG_PATH is set up right.



Just a heads up though: https://github.com/tpm2-software/tpm2-abrmd/issues/321 is tracking our work to align the `--tcti` option across the tabrmd and the tools. The tabrmd is very probably going to adopt the same convention that Bill implemented for the tools before the next release.



Hope this helps,

Philip



From: tpm2 [mailto:tpm2-bounces(a)lists.01.org] On Behalf Of Moneeb Azhar
Sent: 12 February, 2018 05:43
To: tpm2(a)lists.01.org<mailto:tpm2(a)lists.01.org>
Subject: [tpm2] TCTI initialization fails with error 0xc000b



Hi,

I am trying to setup a TPM development environment on ubuntu16.04 by following the installation wiki here: https://github.com/tpm2-software/tpm2-tools/wiki/Getting-Started#installing

Everything installs correctly but I get the following error:

$ sudo -u tss tpm2-abrmd --tcti=device
** (tpm2-abrmd:104197): WARNING **: failed to dlopen file device: device: cannot open shared object file: No such file or directory
** (tpm2-abrmd:104197): CRITICAL **: TCTI initialization failed: 0xc000b

systemctl  show me the following:
$ sudo systemctl status tpm2-abrmd.service
● tpm2-abrmd.service - TPM2 Access Broker and Resource Management Daemon
   Loaded: loaded (/lib/systemd/system/tpm2-abrmd.service; enabled; vendor preset: enabl
   Active: inactive (dead)

How would I go about figuring out what is wrong? I am new to this so any help would be highly appreciated.

Regards,
Moneeb

[-- Attachment #2: attachment.html --]
[-- Type: text/html, Size: 14765 bytes --]

Re: [tpm2] TCTI initialization fails with error 0xc000b

[Tricca, Philip B]

[-- Attachment #1: Type: text/plain, Size: 4064 bytes --]

I triaged this last night. It’s a bug in the logic that selects the default TCTI. I’ve got an issue in the tracker for it here: https://github.com/tpm2-software/tpm2-abrmd/issues/327. You can work around it by explicitly selecting the device TCTI with the following option: `--tcti=libtcti-device.so`. I’ll be fixing this up today and likely changing the way we specify the TCTI to align with the tools `--tcti` option.

Best,
Philip

From: Moneeb Azhar [mailto:moneeb777(a)hotmail.com]
Sent: 13 February, 2018 04:50
To: Tricca, Philip B <philip.b.tricca(a)intel.com>
Cc: tpm2(a)lists.01.org
Subject: Re: TCTI initialization fails with error 0xc000b


Hey,



So from what I have gathered, tabrmd is designed to connect directly to the simulator without the need to pass any options by using --tcti. I tried doing this and get the exact same error:


ubuntu:~/Desktop/ibmtpm974/src$ sudo tpm2-abrmd  --allow-root
** (tpm2-abrmd:105445): WARNING **: Failed to get reference to symbol: tpm2-abrmd: undefined symbol: Tss2_Tcti_Info
** (tpm2-abrmd:105445): CRITICAL **: TCTI initialization failed: 0xc000b

I  must be doing something wrong but I don't know what. Are there any log files I can go through  which could tell me what is happening?

Regards,
Moneeb



________________________________
From: Tricca, Philip B <philip.b.tricca(a)intel.com<mailto:philip.b.tricca(a)intel.com>>
Sent: Monday, February 12, 2018 9:04 PM
To: Moneeb Azhar
Cc: tpm2(a)lists.01.org<mailto:tpm2(a)lists.01.org>
Subject: RE: TCTI initialization fails with error 0xc000b


Apologies in advance for top posting. I’m stuck on a windows system while traveling.



It seems as though your issue is related to a recent change to the way we’re initializing the TCTI modules. This caused a few changes to the relevant command line options like `--tcti`. If you’re connecting the tabrmd up to the TPM device and not the simulator as is described in the wiki page you link, then you’ll either need to either leave the `--tcti` option out (the device TCTI should be the default) or use the new form of the `--tcti` option which is documented in our man pages. The source for the man page and the relevant option can be found here: https://github.com/tpm2-software/tpm2-abrmd/blob/master/man/tpm2-abrmd.8.in#L21. Since we’re now loading the TCTI shared object using dlopen the string passed via the `--tcti` option is passed directly to dlopen so the same lookup rules apply. `--tcti=libtcti-device.so` should work for you assuming your LD_CONFIG_PATH is set up right.



Just a heads up though: https://github.com/tpm2-software/tpm2-abrmd/issues/321 is tracking our work to align the `--tcti` option across the tabrmd and the tools. The tabrmd is very probably going to adopt the same convention that Bill implemented for the tools before the next release.



Hope this helps,

Philip



From: tpm2 [mailto:tpm2-bounces(a)lists.01.org] On Behalf Of Moneeb Azhar
Sent: 12 February, 2018 05:43
To: tpm2(a)lists.01.org<mailto:tpm2(a)lists.01.org>
Subject: [tpm2] TCTI initialization fails with error 0xc000b



Hi,

I am trying to setup a TPM development environment on ubuntu16.04 by following the installation wiki here: https://github.com/tpm2-software/tpm2-tools/wiki/Getting-Started#installing

Everything installs correctly but I get the following error:

$ sudo -u tss tpm2-abrmd --tcti=device
** (tpm2-abrmd:104197): WARNING **: failed to dlopen file device: device: cannot open shared object file: No such file or directory
** (tpm2-abrmd:104197): CRITICAL **: TCTI initialization failed: 0xc000b

systemctl  show me the following:
$ sudo systemctl status tpm2-abrmd.service
● tpm2-abrmd.service - TPM2 Access Broker and Resource Management Daemon
   Loaded: loaded (/lib/systemd/system/tpm2-abrmd.service; enabled; vendor preset: enabl
   Active: inactive (dead)

How would I go about figuring out what is wrong? I am new to this so any help would be highly appreciated.

Regards,
Moneeb

[-- Attachment #2: attachment.html --]
[-- Type: text/html, Size: 12856 bytes --]

Re: [tpm2] TCTI initialization fails with error 0xc000b

[Moneeb Azhar]

[-- Attachment #1: Type: text/plain, Size: 3418 bytes --]

Hey,


So from what I have gathered, tabrmd is designed to connect directly to the simulator without the need to pass any options by using --tcti. I tried doing this and get the exact same error:


ubuntu:~/Desktop/ibmtpm974/src$ sudo tpm2-abrmd  --allow-root
** (tpm2-abrmd:105445): WARNING **: Failed to get reference to symbol: tpm2-abrmd: undefined symbol: Tss2_Tcti_Info
** (tpm2-abrmd:105445): CRITICAL **: TCTI initialization failed: 0xc000b

I  must be doing something wrong but I don't know what. Are there any log files I can go through  which could tell me what is happening?

Regards,
Moneeb
<https://gist.github.com/moneeb777/ceabfad7146><https://gist.github.com/moneeb777/ceabfad71462d4ffc3e0c25a9da2b2ff.>



________________________________
From: Tricca, Philip B <philip.b.tricca(a)intel.com>
Sent: Monday, February 12, 2018 9:04 PM
To: Moneeb Azhar
Cc: tpm2(a)lists.01.org
Subject: RE: TCTI initialization fails with error 0xc000b


Apologies in advance for top posting. I’m stuck on a windows system while traveling.



It seems as though your issue is related to a recent change to the way we’re initializing the TCTI modules. This caused a few changes to the relevant command line options like `--tcti`. If you’re connecting the tabrmd up to the TPM device and not the simulator as is described in the wiki page you link, then you’ll either need to either leave the `--tcti` option out (the device TCTI should be the default) or use the new form of the `--tcti` option which is documented in our man pages. The source for the man page and the relevant option can be found here: https://github.com/tpm2-software/tpm2-abrmd/blob/master/man/tpm2-abrmd.8.in#L21. Since we’re now loading the TCTI shared object using dlopen the string passed via the `--tcti` option is passed directly to dlopen so the same lookup rules apply. `--tcti=libtcti-device.so` should work for you assuming your LD_CONFIG_PATH is set up right.



Just a heads up though: https://github.com/tpm2-software/tpm2-abrmd/issues/321 is tracking our work to align the `--tcti` option across the tabrmd and the tools. The tabrmd is very probably going to adopt the same convention that Bill implemented for the tools before the next release.



Hope this helps,

Philip



From: tpm2 [mailto:tpm2-bounces(a)lists.01.org] On Behalf Of Moneeb Azhar
Sent: 12 February, 2018 05:43
To: tpm2(a)lists.01.org
Subject: [tpm2] TCTI initialization fails with error 0xc000b



Hi,

I am trying to setup a TPM development environment on ubuntu16.04 by following the installation wiki here: https://github.com/tpm2-software/tpm2-tools/wiki/Getting-Started#installing

Everything installs correctly but I get the following error:

$ sudo -u tss tpm2-abrmd --tcti=device
** (tpm2-abrmd:104197): WARNING **: failed to dlopen file device: device: cannot open shared object file: No such file or directory
** (tpm2-abrmd:104197): CRITICAL **: TCTI initialization failed: 0xc000b

systemctl  show me the following:
$ sudo systemctl status tpm2-abrmd.service
● tpm2-abrmd.service - TPM2 Access Broker and Resource Management Daemon
   Loaded: loaded (/lib/systemd/system/tpm2-abrmd.service; enabled; vendor preset: enabl
   Active: inactive (dead)

How would I go about figuring out what is wrong? I am new to this so any help would be highly appreciated.

Regards,
Moneeb

[-- Attachment #2: attachment.html --]
[-- Type: text/html, Size: 7138 bytes --]

Re: [tpm2] TCTI initialization fails with error 0xc000b

[Tricca, Philip B]

[-- Attachment #1: Type: text/plain, Size: 2421 bytes --]

Apologies in advance for top posting. I’m stuck on a windows system while traveling.

It seems as though your issue is related to a recent change to the way we’re initializing the TCTI modules. This caused a few changes to the relevant command line options like `--tcti`. If you’re connecting the tabrmd up to the TPM device and not the simulator as is described in the wiki page you link, then you’ll either need to either leave the `--tcti` option out (the device TCTI should be the default) or use the new form of the `--tcti` option which is documented in our man pages. The source for the man page and the relevant option can be found here: https://github.com/tpm2-software/tpm2-abrmd/blob/master/man/tpm2-abrmd.8.in#L21. Since we’re now loading the TCTI shared object using dlopen the string passed via the `--tcti` option is passed directly to dlopen so the same lookup rules apply. `--tcti=libtcti-device.so` should work for you assuming your LD_CONFIG_PATH is set up right.

Just a heads up though: https://github.com/tpm2-software/tpm2-abrmd/issues/321 is tracking our work to align the `--tcti` option across the tabrmd and the tools. The tabrmd is very probably going to adopt the same convention that Bill implemented for the tools before the next release.

Hope this helps,
Philip

From: tpm2 [mailto:tpm2-bounces(a)lists.01.org] On Behalf Of Moneeb Azhar
Sent: 12 February, 2018 05:43
To: tpm2(a)lists.01.org
Subject: [tpm2] TCTI initialization fails with error 0xc000b


Hi,

I am trying to setup a TPM development environment on ubuntu16.04 by following the installation wiki here: https://github.com/tpm2-software/tpm2-tools/wiki/Getting-Started#installing

Everything installs correctly but I get the following error:

$ sudo -u tss tpm2-abrmd --tcti=device
** (tpm2-abrmd:104197): WARNING **: failed to dlopen file device: device: cannot open shared object file: No such file or directory
** (tpm2-abrmd:104197): CRITICAL **: TCTI initialization failed: 0xc000b

systemctl  show me the following:
$ sudo systemctl status tpm2-abrmd.service
● tpm2-abrmd.service - TPM2 Access Broker and Resource Management Daemon
   Loaded: loaded (/lib/systemd/system/tpm2-abrmd.service; enabled; vendor preset: enabl
   Active: inactive (dead)

How would I go about figuring out what is wrong? I am new to this so any help would be highly appreciated.

Regards,
Moneeb

[-- Attachment #2: attachment.html --]
[-- Type: text/html, Size: 7211 bytes --]