From: Joshua Lock <joshua.g.lock at linux.intel.com>
To: tpm2@lists.01.org
Subject: Re: [tpm2] getting segfaults with tss-2.0.0, abrmd-2.0.0, tools-3.1.0
Date: Thu, 19 Jul 2018 11:24:23 +0100 [thread overview]
Message-ID: <eac55281-2b3f-1d1f-132c-65c99883fde3@linux.intel.com> (raw)
In-Reply-To: b8a792c20cf64e448d1a3e8f4252f0b3@AZDC-MMB02.GD-MS.US
[-- Attachment #1: Type: text/plain, Size: 1859 bytes --]
On 18/07/2018 22:17, Scheie, Peter M wrote:
> By the way, does abrmd default to trying to connect to /dev/tpm0? When
> working with the emulator on my laptop, I have to start abrmd with
> '--tcti=libtss2-tcti-mssim.so' but I assume that's just for when there
> is no TPM device, right?
Correct, if no --tcti value is passed abrmd defaults to using the device
tcti:
https://github.com/tpm2-software/tpm2-abrmd/blob/2296d48a1004aff5f93d6ec23a50819f2a5c5584/src/tcti-dynamic.c#L138
At line 142 you can see where the default value of the TCTI library file
property is set to "libtss2-tcti-device.so".
> So, with tpm2-abrmd running, if I call, say, tpm2_pcrlist or
> tpm2_nvlist, to just query the TPM, it will display the PCRs or the NV
> indexes but then follow that with a "Segmentation fault", and syslog
> shows things like this:
>
> Jun 27 22:32:42 localhost audit[1432]: ANOM_ABEND auid=1000 uid=1000
> gid=1000 ses=1 pid=1432 comm="gdbus" exe="/usr/bin/tpm2_pcrlist" sig=11
>
> Jun 27 22:32:42 localhost kernel: gdbus[1432]: segfault at 7f8327acc750
> ip 00007f8327acc750 sp 00007f8326ab2c38 error 14 in
> libtss2-mu.so.0.0.0[7f8328284000+3f000]
>
> Jun 27 22:32:42 localhost kernel[363]: gdbus[1432]: segfault at
> 7f8327acc750 ip 00007f8327acc750 sp 00007f8326ab2c38 error 14 in
> libtss2-mu.so.0.0.0[7f8328284000+3f000]
>
> Trying to write to the TPM, e.g., take ownership, doesn't work at all:
>
> localhost:~$ tpm2_takeownership -o ownerpass -e endorsepass -l lockpass
>
> ERROR: Could not change hierarchy for Owner. TPM Error:0x9a2
I just recently learned about tpm2_rc_decode[1], it tells me:
$ ./tools/aux/tpm2_rc_decode 0x9a2
tpm:session(1):authorization failure without DA implications
Is this TPM already configured? Have you replicated on more than one system?
Joshua
next reply other threads:[~2018-07-19 10:24 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-07-19 10:24 Joshua Lock [this message]
-- strict thread matches above, loose matches on Subject: below --
2018-07-23 15:28 [tpm2] getting segfaults with tss-2.0.0, abrmd-2.0.0, tools-3.1.0 Scheie, Peter M
2018-07-23 15:23 Philip Tricca
2018-07-20 13:33 Scheie, Peter M
2018-07-20 11:00 Joshua Lock
2018-07-19 16:18 Scheie, Peter M
2018-07-19 16:08 Scheie, Peter M
2018-07-19 14:31 Philip Tricca
2018-07-18 21:17 Scheie, Peter M
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=eac55281-2b3f-1d1f-132c-65c99883fde3@linux.intel.com \
--to=tpm2@lists.01.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.