From: Matt A. <mr...@hp...> - 2008-09-12 13:25:38
|
Thanks for the explanations Rajiv. It sounds like with the 1.1 tests the only failures we are seeing are expected ones given our HW/SW combination. As you noted, I had run the tests before on 1.2 hardware, but ran the 1.1 version of the tests. When I try to run the testsuite with the "-v 1.2" flag I get a lot more failures. Also I don't get consistent runs if I run the testsuite more than once. The first time I get: PASSED: 440 FAILED: 174 (NOTIMPL: 0) NOT APPLICABLE: 3 SEGFAULTED: 2 After that, and until I reset my TPM in the BIOS, I get these results: PASSED: 278 FAILED: 336 (NOTIMPL: 0) NOT APPLICABLE: 3 SEGFAULTED: 0 It seems to be mainly TPM_E_SIZE errors, especially on the second run. I've attached the err.summary files as well as tss.summary, which is my captured log file, for both runs. -matt Rajiv Andrade wrote: > Hi Matt, > > The TPM_E_BAD_ORDINAL error code, as it already says, means that the > ordinal index passed to the TPM doesn't correspond to > a valid internal command. And this is completely right in your case, > because DirRead and DirWrite are deprecated in version 1.2 and > it's implementation may have been pulled it out from this TPM chip. For > the CertifySelfTest, even better, it was deleted in 1.2. The > Tspi_TPM_CertifySelfTest02 succeed because it expects an > "TSS_E_INVALID_HANDLE" error code, and this handler is checked in TSS > layer, > before calling the deleted TPM command. You may have called the > tsstests.sh without "-v 1.2" argument. > > The TPM_E_DISABLED_CMD error code, as it says, implies that the command > is disabled inside the chip. The TPM_ReadPubEK is indeed disabled > by the TPM_TakeOwnership, and becomes available only after > TPM_OwnerClear, so, If there's an owner, no deal while trying to read > the public endorsement key. Since TPM_TakeOwnership depends on this key, > Tspi_TPM_TakeOwnership02 may fail with the same error code, and the > other "TakeOwnership" ones passed for the same reason > Tspi_TPM_CertifySelftTest did. > > The Tspi_TPM_SetStatus testcase performs the TPM_SetOwnerInstall > command, and, before completing the last stage (which is setting the > TPM_PERMANENT_FLAGS -> ownership permanent flag), it tries to assert > physical human presence by TSC_PhysicalPresence. If the > physicalPresenceCMDEnable isn't set, this kind of authorization > (physical presence) cannot be provided, then the TPM_SetOwnerInstall > returns TPM_BAD_PRESENCE. If I'm not wrong, this flag is set by the chip > manufacturer, and can only be reset if physicalLifeTimeLock isn't. > > The last ones indicates that the these command weren't implemented yet > in the TSS layer. > > Thanks, > Rajiv Andrade > IBM LTC Security Development > Software Engineer > > > > > Matt Anderson wrote: >> I noticed there was a testsuite on the sourceforge CVS server and >> thought I'd give that a try with my Infineon 1.2 TPM on RHEL 5.2 since >> trousers has been included as a tech preview there. It seems to run >> rather well, but I did get these 7 errors: >> >> Tspi_TPM_CertifySelfTest01.c - TPM_E_BAD_ORDINAL >> Tspi_TPM_CertifySelfTest03.c - TPM_E_BAD_ORDINAL >> Tspi_TPM_DirRead01.c - TPM_E_BAD_ORDINAL >> Tspi_TPM_DirWrite01.c - TPM_E_BAD_ORDINAL >> Tspi_TPM_GetPubEndorsementKey01.c - TPM_E_DISABLED_CMD >> Tspi_TPM_SetStatus01.c - TPM_E_BAD_PRESENCE >> Tspi_TPM_TakeOwnership02.c - TPM_E_DISABLED_CMD >> Tspi_ChangeAuthAsym01.c - TSS_E_NOTIMPL >> Tspi_ChangeAuthAsym02.c - TSS_E_NOTIMPL >> Tspi_ChangeAuthAsym03.c - TSS_E_NOTIMPL >> >> Are these failures expected with the trousers version that ships in >> RHEL 5.2? I've also gotten the same failures under Fedora 9 on the >> same system. >> >> -matt >> ------------------------------------------------------------------------ >> >> ------------------------------------------------------------------------- >> Sponsored by: SourceForge.net Community Choice Awards: VOTE NOW! >> Studies have shown that voting for your favorite open source project, >> along with a healthy diet, reduces your potential for chronic lameness >> and boredom. Vote Now at http://www.sourceforge.net/community/cca08 >> ------------------------------------------------------------------------ >> >> _______________________________________________ >> TrouSerS-tech mailing list >> Tro...@li... >> https://lists.sourceforge.net/lists/listinfo/trousers-tech > |