[tpm2] Re: Virtualbox ubuntu 22.04 guest with tpm_server

[tpm2] Re: Virtualbox ubuntu 22.04 guest with tpm_server

[Roberts, William C]

[-- Attachment #1: Type: text/plain, Size: 956 bytes --]

So it's not seeing the tpm2-abrmd TCTI:
tcti-default=tcti-device

SWTPM won't change anything.

So what is the output of:
pkg-config --libs tss2-tcti-tabrmd
?

and the output of:
ldconfig -v 2>/dev/null | grep -v ^$'\t'

the tcti is installed into /usr/local/lib, perhaps your tcti is a non-standard location and not getting
picked up by the loader.

Bill

________________________________
From: dawn.howe(a)alten.com <dawn.howe(a)alten.com>
Sent: Monday, May 23, 2022 12:00 PM
To: tpm2(a)lists.01.org <tpm2(a)lists.01.org>
Subject: [tpm2] Re: Virtualbox ubuntu 22.04 guest with tpm_server

Also, I'm using tpm_server as my simulator. Would I have better luck with swtpm?  I installed it but couldn't figure out how to run it.
_______________________________________________
tpm2 mailing list -- tpm2(a)lists.01.org
To unsubscribe send an email to tpm2-leave(a)lists.01.org
%(web_page_url)slistinfo%(cgiext)s/%(_internal_name)s

[-- Attachment #2: attachment.htm --]
[-- Type: text/html, Size: 5936 bytes --]

[tpm2] Re: Virtualbox ubuntu 22.04 guest with tpm_server

[dawn.howe]

[-- Attachment #1: Type: text/plain, Size: 314 bytes --]

Thanks to everyone who reached out with help.  I was able to create a script that automatically installs a TPM2 simulator on a virtualbox VM running ubuntu 22.04.  I have a repo available that hopefully will save some folks time when trying to get this installed and running. See https://gitlab.com/howe-tech/tpm2.

[tpm2] Re: Virtualbox ubuntu 22.04 guest with tpm_server

[dawn.howe]

[-- Attachment #1: Type: text/plain, Size: 916 bytes --]

$ pkg-config --libs tss2-tcti-tabrmd
Package tss2-tcti-tabrmd was not found in the pkg-config search path.
Perhaps you should add the directory containing `tss2-tcti-tabrmd.pc'
to the PKG_CONFIG_PATH environment variable
No package 'tss2-tcti-tabrmd' found

$ export PKG_CONFIG_PATH=~/tpm2-abrmd/dist
$ pkg-config --libs tss2-tcti-tabrmd
-L/usr/lib64 -ltss2-tcti-tabrmd

So then I did a "make uninstall" on abrmd, tss and tools
set environment variable PKG_CONFIG_PATH, and re-make and installed each
then sudo ldconfig after building abrmd

export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/usr/local/lib:/usr/lib64
restarted the abrmd, and it worked!!!

Thank you, thank you, thank you!

At least now, I know it's all possible. I'm going to try to repeat everything on another VM and carefully record the steps.  I've been trying so much stuff I'm afraid there is something I did that I haven't captured.

[tpm2] Re: Virtualbox ubuntu 22.04 guest with tpm_server

[dawn.howe]

[-- Attachment #1: Type: text/plain, Size: 135 bytes --]

Also, I'm using tpm_server as my simulator. Would I have better luck with swtpm?  I installed it but couldn't figure out how to run it.

[tpm2] Re: Virtualbox ubuntu 22.04 guest with tpm_server

[dawn.howe]

[-- Attachment #1: Type: text/plain, Size: 120 bytes --]

tpm2_pcrread --version
tool="tpm2_pcrread" version="5.2-158-g5a19b856" tctis="libtss2-tctildr" tcti-default=tcti-device

[tpm2] Re: Virtualbox ubuntu 22.04 guest with tpm_server

[dawn.howe]

[-- Attachment #1: Type: text/plain, Size: 404 bytes --]

Thanks for the suggestion. I am still not able to get it to work. I also made sure that my login was in the tss group:
sudo usermod -a -G tss myusername

export TPM2TOOLS_TCTI="tabrmd:bus_name=com.intel.tss2.Tabrmd"
$ tpm2_pcrread
ERROR:tcti:src/tss2-tcti/tctildr.c:428:Tss2_TctiLdr_Initialize_Ex() Failed to instantiate TCTI
ERROR: Could not load tcti, got: "tabrmd:bus_name=com.intel.tss2.Tabrmd"

[tpm2] Re: Virtualbox ubuntu 22.04 guest with tpm_server

[Roberts, William C]

[-- Attachment #1: Type: text/plain, Size: 4933 bytes --]

On Mon, 2022-05-23 at 15:44 +0000, dawn.howe(a)alten.com wrote:
> I am developing a c++ application for a dell server running ubuntu
> 22.04. The application needs to store private keys and use them to
> decrypt files.
> 
> Before working on target hardware, I'm trying to get a virtualbox
> environment set up to use a simulated TPM2.  Before writing the C++
> application I'd like to get some command line tools working. I have
> struggled for a week following instructions I've found (for example: 
> https://tpm2-tools.readthedocs.io/en/latest/INSTALL/, 
> https://francislampayan.medium.com/how-to-setup-tpm-simulator-in-ubuntu-20-04-25ec673b88dc
> , etc). I am trying to use IBM's SWTPM2, but have not had any luck.
> 
> Virtualbox 6.1.30
> Windows 10 host
> Ubuntu 22.04 server guest
> 
> TPM SERVER SIMULATOR
> First, I'm installing tpm_server. Since ubuntu 22.04 uses openssl3.0,
> I cannot use v1661, but instead am getting the latest version from
> the "next" branch:
> $ git clone https://git.code.sf.net/p/ibmswtpm2/tpm2 ibmswtpm2-tpm2
> $ cd ibmswtpm2-tpm/src
> $ make
> 
> TPM2 - ABRMD
> $ git clone https://github.com/tpm2-software/tpm2-abrmd.git
> $ cd tpm2-abrmd
> $ ./bootstrap
> $ ./configure \
> --with-dbuspolicydir=/etc/dbus-1/system.d \
> --with-systemdsystemunitdir=/usr/lib/systemd/system \
> --libdir=/usr/lib64 --prefix=/usr 
> $ make -j5
> $ sudo make install
> 
> TPM2 - tss
> $ git clone https://github.com/tpm2-software/tpm2-tss.git
> $ cd tpm2-tss
> $ ./bootstrap
> $ ./configure
> $ make
> $ sudo make install
> $ sudo ldconfig
> 
> TPM2 - tools
> $ git clone https://github.com/tpm2-software/tpm2-tools.git
> $ cd tpm2-tools
> $ ./bootstrap
> $ ./configure --prefix=/usr
> $ make -j5
> $ sudo make install
> 
> I'm just starting things on the command line, before makin them
> services. In one window I start the TPM simulator:
> $ tpm2_server
> 
> In another window I start the ABRMD:
> sudo -u tss tpm2-abrmd --tcti="libtss2-tcti-
> mssim.so.0:host=127.0.0.1,port=2321"

You can drop all the tcti specific options, those are the defaults.
You can also just use the short name.

sudo -u tss tpm2-abrmd --tcti=mssim

> I see this in the window that started the TPM server:
> LIBRARY_COMPATIBILITY_CHECK is ON
> Starting ACT thread...
> TPM command server listening on port 2321
> Platform server listening on port 2322
> Command IPv4 client accepted
> Platform IPv4 client accepted
> 
> Then I try to run a command line tool:
> tpm2_pcrread
> ERROR:tcti:src/tss2-tcti/tcti-device.c:452:Tss2_Tcti_Device_Init()
> Failed to open specified TCTI device file /dev/tpmrm0: No such file
> or directory
> ERROR:tcti:src/tss2-tcti/tctildr-dl.c:170:tcti_from_file() Could not
> initialize TCTI file: libtss2-tcti-device.so.0
> ERROR:tcti:src/tss2-tcti/tcti-device.c:452:Tss2_Tcti_Device_Init()
> Failed to open specified TCTI device file /dev/tpm0: No such file or
> directory
> ERROR:tcti:src/tss2-tcti/tctildr-dl.c:170:tcti_from_file() Could not
> initialize TCTI file: libtss2-tcti-device.so.0
> 
> And I get no output.  I feel like I'm not configuring the TSS
> correctly. Can anyone give me insight on how to run this?  Should I 

what is the output of tpm2_pcrread --version?

For example:
tpm2_pcrread --version
tool="tpm2_pcrread" version="5.2-158-g5a19b856d02a" tctis="libtss2-
tctildr" tcti-default=tcti-abrmd

Notice the "tcti-defualt" field is set to "tcti-abrmd". That means it's
going to try abrmd first, but for some reason something is failing.
When you get a failure it will try other TCTI's as well. I wonder what
your version thinks is the default-tcti. For some reason it's not
seeing tpm2-abrmd, which makes me think if its not visable on dbus for
some reason. In commit 0c659acc0e of tpm2-abrmd I changed the
permission in tpm2-abrmd to be, in essence, 0660 tss tss to match the
in-kernel /dev/tpmrm0 permissions. I wonder if your current user that
is running the tpm2_pcrread command is part of the tss group? Is your
clone of tpm2-abrmd new enough to contain that commit? You can look
using git branch --contains like so:

git branch --contains 0c659ac
* master

Note the star indicated the checked out branch, so it has it.

If you have that commit, you need to be group tss. Try looking at
groups output, it should have group tss like my example output below:

groups
wcrobert adm cdrom sudo dip plugdev tss lpadmin lxd sambashare docker

Let me know if any of that helps.

> be using a different simulator? I haven't found any good instructions
> for how to run https://github.com/stefanberger/swtpm in a virtualbox
> guest.

That shouldn't matter, it'd be the same for any linux machine. This is
what I do:

swtpm socket --tpm2 \
      --server port=2321 \
      --ctrl type=tcp,port=2322 \
      --flags not-need-init --tpmstate dir="$PWD" &

[tpm2] Re: Virtualbox ubuntu 22.04 guest with tpm_server

[Petr Gotthard]

[-- Attachment #1: Type: text/plain, Size: 4644 bytes --]

Hello.
 
You made a very nice and detailed problem description. I wish all problem reports were like yours :)
You are on a good track. You may keep using the ibmswtpm2.
 
The errors you are getting mean that the tpm2-tools are trying to access the hardware TPM, which isn't there. You successfully connected the abrmd to the TPM simulator (the --tcti argument of abrmd), now you should connect the tpm2-tools to the abrmd by setting the TPM2TOOLS_TCTI variable or using the --tcti argument of the tpm2_pcrread. The TCTI should point to the abrmd (see https://github.com/tpm2-software/tpm2-tools/blob/master/man/common/tcti.md for some details.) The following might do the job:
export TPM2TOOLS_TCTI="tabrmd:bus_name=com.intel.tss2.Tabrmd"
 
 
Regards,
Petr
 
______________________________________________________________
> Od: dawn.howe(a)alten.com
> Komu: tpm2(a)lists.01.org
> Datum: 23.05.2022 17:44
> Předmět: [tpm2] Virtualbox ubuntu 22.04 guest with tpm_server
>
I am developing a c++ application for a dell server running ubuntu 22.04. The application needs to store private keys and use them to decrypt files.
 
 Before working on target hardware, I'm trying to get a virtualbox environment set up to use a simulated TPM2.  Before writing the C++ application I'd like to get some command line tools working. I have struggled for a week following instructions I've found (for example: https://tpm2-tools.readthedocs.io/en/latest/INSTALL/ <https://tpm2-tools.readthedocs.io/en/latest/INSTALL/>, https://francislampayan.medium.com/how-to-setup-tpm-simulator-in-ubuntu-20-04-25ec673b88dc <https://francislampayan.medium.com/how-to-setup-tpm-simulator-in-ubuntu-20-04-25ec673b88dc>, etc). I am trying to use IBM's SWTPM2, but have not had any luck.
 
 Virtualbox 6.1.30
 Windows 10 host
 Ubuntu 22.04 server guest
 
 TPM SERVER SIMULATOR
 First, I'm installing tpm_server. Since ubuntu 22.04 uses openssl3.0, I cannot use v1661, but instead am getting the latest version from the "next" branch:
 $ git clone https://git.code.sf.net/p/ibmswtpm2/tpm2 <https://git.code.sf.net/p/ibmswtpm2/tpm2> ibmswtpm2-tpm2
 $ cd ibmswtpm2-tpm/src
 $ make
 
 TPM2 - ABRMD
 $ git clone https://github.com/tpm2-software/tpm2-abrmd.git <https://github.com/tpm2-software/tpm2-abrmd.git>
 $ cd tpm2-abrmd
 $ ./bootstrap
 $ ./configure \
 --with-dbuspolicydir=/etc/dbus-1/system.d \
 --with-systemdsystemunitdir=/usr/lib/systemd/system \
 --libdir=/usr/lib64 --prefix=/usr 
 $ make -j5
 $ sudo make install
 
 TPM2 - tss
 $ git clone https://github.com/tpm2-software/tpm2-tss.git <https://github.com/tpm2-software/tpm2-tss.git>
 $ cd tpm2-tss
 $ ./bootstrap
 $ ./configure
 $ make
 $ sudo make install
 $ sudo ldconfig
 
 TPM2 - tools
 $ git clone https://github.com/tpm2-software/tpm2-tools.git <https://github.com/tpm2-software/tpm2-tools.git>
 $ cd tpm2-tools
 $ ./bootstrap
 $ ./configure --prefix=/usr
 $ make -j5
 $ sudo make install
 
 I'm just starting things on the command line, before makin them services. In one window I start the TPM simulator:
 $ tpm2_server
 
 In another window I start the ABRMD:
 sudo -u tss tpm2-abrmd --tcti="libtss2-tcti-mssim.so.0:host=127.0.0.1,port=2321"
 
 I see this in the window that started the TPM server:
 LIBRARY_COMPATIBILITY_CHECK is ON
 Starting ACT thread...
 TPM command server listening on port 2321
 Platform server listening on port 2322
 Command IPv4 client accepted
 Platform IPv4 client accepted
 
 Then I try to run a command line tool:
 tpm2_pcrread
 ERROR:tcti:src/tss2-tcti/tcti-device.c:452:Tss2_Tcti_Device_Init() Failed to open specified TCTI device file /dev/tpmrm0: No such file or directory
 ERROR:tcti:src/tss2-tcti/tctildr-dl.c:170:tcti_from_file() Could not initialize TCTI file: libtss2-tcti-device.so.0
 ERROR:tcti:src/tss2-tcti/tcti-device.c:452:Tss2_Tcti_Device_Init() Failed to open specified TCTI device file /dev/tpm0: No such file or directory
 ERROR:tcti:src/tss2-tcti/tctildr-dl.c:170:tcti_from_file() Could not initialize TCTI file: libtss2-tcti-device.so.0
 
 And I get no output.  I feel like I'm not configuring the TSS correctly. Can anyone give me insight on how to run this?  Should I be using a different simulator? I haven't found any good instructions for how to run https://github.com/stefanberger/swtpm <https://github.com/stefanberger/swtpm> in a virtualbox guest.
 _______________________________________________
 tpm2 mailing list -- tpm2(a)lists.01.org
 To unsubscribe send an email to tpm2-leave(a)lists.01.org
 %(web_page_url)slistinfo%(cgiext)s/%(_internal_name)s


[-- Attachment #2: attachment.htm --]
[-- Type: text/html, Size: 5809 bytes --]