Menu
▾
▴
Re: [TrouSerS-users] TSS Errors with TPM
|
From: Kent Y. <shp...@gm...> - 2012-09-05 14:42:11
|
On Tue, Sep 4, 2012 at 11:30 PM, Segall, Ariel E <as...@mi...> wrote: > At first glance, it sure looks like your TPM is out of key slots. The TSS is supposed to handle swapping keys in and out for you, so getting that from a TSS seems very odd. I'll also be honest and admit that I *thought* the TPM handled that for you (by simply dumping some loaded key for the new one) but it looks like LoadKey does, in fact, give back no space errors if there isn't room in memory for the key. At a glance, it looks like FlushSpecific is the command to use to explicitly force a key out. Presumably, your TSS isn't doing something right in its key management behind the scenes, although debugging that is going to be a pain in the neck, I'm afraid. > > Ariel Agree. Just to clarify, this is tcsd's responsibility (key caching and swapping), so under the covers tcsd will be calling flush/load as it context switches between processes serving the applications connected to it. You can think of an app connected to tcsd in the same way as you might think of multiple processes executing on the same cpu - they all think they have exclusive access to the TPM and as long as tcsd is doing its job correctly, they'll be none the wiser. Kent > ________________________________________ > From: Arshad Noor [ars...@st...] > Sent: Tuesday, September 04, 2012 4:46 PM > To: tro...@li... > Subject: [TrouSerS-users] TSS Errors with TPM > > Hi, > > I realize I'm on the wrong forum - since we use the TPM with the Trusted > Java (JTSS) stack - but, I'm hoping for a little more insight, if anyone > can provide it. (if someone from Dell TPM Engineering is on the list), > I would definitely welcome hearing from them directly. > > We've been using a TPM with an application without any trouble for 2+ > years. Two days ago - without any changes to the hardware or software - > it (presumably the OS driver) started throwing up the following errors > when the software library attempted loading a binding key: > > TSS Error: > error layer: 0x3000 (TSP) > error code (without layer): 0x04 > error code (full): 0x3004 > error message: unknown > additional info: Unable to determine LRU key handle > > Subsequent attempts to decrypt other binding keys result in this error: > > TSS Error: > error layer: 0x00 (TPM) > error code (without layer): 0x15 > error code (full): 0x15 > error message: The TPM has insufficient internal resources to perform > the requested action. > > The details of our configuration: > > TPM: STM v1.2 > OS: CentOS 5.3 (64-bit) > JDK: 6 Update 16 (64-bit) > JTSS: 0.5 > > The people on JTSS have not seen this before either, and have given > us a few suggestions (using a newer library). We have also contacted > Dell for support and are working with them. > > I would appreciate any information that forum members can provide that > sheds light on these errors - finding it within the voluminous TPM > specs and resources is challenging. > > Thanks in advance. > > Arshad Noor > StrongAuth, Inc. > > ------------------------------------------------------------------------------ > Live Security Virtual Conference > Exclusive live event will cover all the ways today's security and > threat landscape has changed and how IT managers can respond. Discussions > will include endpoint security, mobile security and the latest in malware > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > _______________________________________________ > TrouSerS-users mailing list > Tro...@li... > https://lists.sourceforge.net/lists/listinfo/trousers-users > > ------------------------------------------------------------------------------ > Live Security Virtual Conference > Exclusive live event will cover all the ways today's security and > threat landscape has changed and how IT managers can respond. Discussions > will include endpoint security, mobile security and the latest in malware > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > _______________________________________________ > TrouSerS-users mailing list > Tro...@li... > https://lists.sourceforge.net/lists/listinfo/trousers-users -- IBM LTC Security |