I have the IBM TPM2.0 tools working, but I'm still having difficulty creating a PCR policy and sealing to it. From the documentation it seems as though the steps are:
TPM2_StartAuthSession
TPM2_PolicyPCR (to create policy)
TPM2_GetRandom (to create key)
TPM2_Create
TPM2_Load
However, I keep getting an error that says my policy which I pass to TPM2_Create is the wrong size. Could you give me an example of how to do this?
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Thank you for the quick response! I check out testunseal, and I think it really helped me in understanding how to create policies. However, when I follow the steps outlined in the test, and I try the final unseal (which should work), it returns
unseal:failed,rc000c2800TPM1.2responsecode
What does this failure/response code mean? I don't see what I'm doing wrong.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
1 - 000c2800 has bits 8:7 = 00, which is indeed a TPM 1.2 return code. See Part 1 Response Code Details. Is this a SW or HW TPM? This may be a bug, but we have to debug.
2 - If a SW TPM, can you set a breakpoint on the TPM function and determine what's failing?
3 - If you run in verbose mode and send me the trace off line, I'll look at it.
4 - Does the regression test pass? If so, what items did you change?
Last edit: Ken Goldman 2016-07-12
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I have been unable to use the reg tests, because attempting to do so returns:
"checkSuccess: command not found" for each test, and I am not sure how to gain access to this command.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
1 - checkSucess is just a bash function defined in reg.sh. It checks for a success return code and dumps output on error. The tests scripts are meant to be called from reg.sh, not stand alone.
Not critical. You should be able to cut and paste the commands from testunseal.sh (after creating a primary storage key) onto the command line, removing the redirect to run.out.
2 - I just tried exactly that with a HW TPM and it worked exactly as with the SW TPM.
3 - The TPM should never return a TPM 1.2 return code. This feels like a TPM bug. I'd report it to the vendor. If you don't have a TPM vendor contact, send their name to me along with the TPM revision and firmware (from getcap), and I'll pass it on.
4 - If you send it to them, include the above trace. The command appears well formed.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
What is the correct method for running these commands with a HW tpm? Currently, I have been using the resourcemgr from the Intel TPM2.0-TSS and starting it to listen on port 2321 (the port these commands use), but I feel like this obviously isn't how it is supposed to be done, I just cannot figure out any other way to have the HW tpm listen to the commands, and I feel as though this may be where my problem is coming from.
I am also confused about the whole process of sealing/unsealing with a policy. It seems as though it is not really secure, because even if I create an object with data and a policy, I can simply unseal the data with no regards to the policy, as long as there is no policySession passed to the unseal command. Is there any way to prevent this and require the policySession to be in place to unseal the data?
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I don't support the Intel resource manager. It could very well be that it has a bug. Certainly, something is sending an invalid response code. I don't know if it has trace facitities. If it does, perhaps get a trace and send it to Intel support
There are three ways to easily (documented in the TSS manual 3.4.1 Property Example) connect the IBM TSS to a hardware TPM. In order of complexity
a) Set the environment variable: setenv TPM_INTERFACE_TYPE dev
b) In your code: TSS_SetProperty(tssContext, TPM_INTERFACE_TYPE, "dev");
c) In the makefile: -DTPM_INTERFACE_TYPE_DEFAULT="\"dev\""
This will direct the TSS to /dev/tpm0. You can change that too.
Last edit: Ken Goldman 2016-07-13
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Thank you! I think I'm finally understanding! But how can I receive/use the commands without using the Intel resource manager? I'm assuming the one for the SW TPM will not work for the commands with the HW TPM.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Yeah that seemed to be the problem I was having, I got it working with the env variable :)
Is there a purpose for having the .bin files for the policy session and the createprimary and create commands? I seem to be able to unseal without the .bin files being in the right spot, but no other commands seem to be hindered by their absence if I remove them.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
1 - I'm glad the env variable worked. In general, if something seems hard, you're probably on the wrong path. This TSS was designed with ease of use as the #1 requirement.
2 - Does this mean that the TPM 1.2 error code disappeared? If so, it was an Intel bug.
2 - What bin file are you referring to? If it's the samples in utils/policies, it sets the object policy during "create -pol". It come part of the object. During unseal, the object policy is checked, not the one on disk.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I am referring to the .bin files that are created when I do startauthpolicy or create/createprimary, e.g. h80000000.bin, hp80000000.bin, h03000000.bin. Are these just encrypted object/session blobs? Using strace on the commands, it seems that they are used by the unseal command, but not by other commands besides the ones that create them
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Oh, those. They're TSS temp files. You can change the directory with an env variable. Ignore them, but don't move or delete them. They come and go as you load and flush.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
See the manual section TPM_ENCRYPT_SESSIONS. Everything else is public state. I retain the state rather than require the application developer to save and load it.
I.e., it defaults to working as you want it to, with minimal effort by the application developer.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hi,
I have the IBM TPM2.0 tools working, but I'm still having difficulty creating a PCR policy and sealing to it. From the documentation it seems as though the steps are:
TPM2_StartAuthSession
TPM2_PolicyPCR (to create policy)
TPM2_GetRandom (to create key)
TPM2_Create
TPM2_Load
However, I keep getting an error that says my policy which I pass to TPM2_Create is the wrong size. Could you give me an example of how to do this?
Several ideas:
1 - The regression tests are a good source for examples. Look at testunseal, around the line that says:
echo ""
echo "Seal and Unseal to PCRs"
echo ""
2 - For debugging, it's best to use the SW TPM, so you can set breakpoints and view the exact error. Break on TPM2_Create and step from there.
3 - For this specific error, the policy size has to be the same length as the Name algorithm. My guess is that this is the source of the error.
Ken,
Thank you for the quick response! I check out testunseal, and I think it really helped me in understanding how to create policies. However, when I follow the steps outlined in the test, and I try the final unseal (which should work), it returns
What does this failure/response code mean? I don't see what I'm doing wrong.
1 - 000c2800 has bits 8:7 = 00, which is indeed a TPM 1.2 return code. See Part 1 Response Code Details. Is this a SW or HW TPM? This may be a bug, but we have to debug.
2 - If a SW TPM, can you set a breakpoint on the TPM function and determine what's failing?
3 - If you run in verbose mode and send me the trace off line, I'll look at it.
4 - Does the regression test pass? If so, what items did you change?
Last edit: Ken Goldman 2016-07-12
TSS_Execute: Command 0000015e marshal
TSS_Execute_valist: Step 1: initialization
TSS_Execute_valist: Step 2: authorization 0
TSS_Execute_valist: session 0 handle 03000000
TSS_Name_GetAllNames: commandHandleCount 1
TSS_Name_GetAllNames: commandHandle 0 80000001
TSS_Name_GetName: Handle 80000001
TSS_Name_Load: File ./h80000001.bin
TSS_HmacSession_LoadSession: handle 03000000
TSS_Execute_valist: Step 3: nonceCaller 03000000
TSS_Execute_valist: Step 4 HMAC key 03000000
TSS_HmacSession_SetHmacKey: sessionKey length 0
TSS_HmacSession_SetHmacKey: preliminary sessionValue length 0
TSS_HmacSession_SetHmacKey: hmacKey length 0
TSS_HmacSession_SetHmacKey: sessionValue length 0
TSS_Execute_valist: Step 5: command encrypt
TSS_Sessions_GetDecryptSession: Found 0 decrypt sessions
TSS_Execute_valist: Step 6 calculate HMACs
TSS_HmacSession_SetHMAC: Step 6 session 03000000
TSS_HmacSession_SetHMAC: sessionType 01
TSS_HmacSession_SetHMAC: isPasswordNeeded 00
TSS_HmacSession_SetHMAC: isAuthValueNeeded 00
TSS_Execute_valist: Step 7 set command authorizations
TSS_Execute_valist: Step 8: process the command
TSS_AuthExecute: Executing TPM2_Unseal
TSS_Socket_Open: Opening localhost:2321-mssim
TSS_Socket_SendCommand: TPM2_Unseal
TSS_Socket_SendCommand length 47
80 02 00 00 00 2f 00 00 01 5e 80 00 00 01 00 00
00 1d 03 00 00 00 00 14 9f f7 0f bb 55 f2 90 2e
fd a7 64 e9 d4 d6 a6 70 7a be 60 08 01 00 00
TSS_Socket_ReceiveCommand length 10
80 01 00 00 00 0a 00 0c 28 00
TSS_Socket_Close: Closing localhost-mssim
unseal: failed, rc 000c2800
TPM 1.2 response code
"checkSuccess: command not found" for each test, and I am not sure how to gain access to this command.
1 - checkSucess is just a bash function defined in reg.sh. It checks for a success return code and dumps output on error. The tests scripts are meant to be called from reg.sh, not stand alone.
Not critical. You should be able to cut and paste the commands from testunseal.sh (after creating a primary storage key) onto the command line, removing the redirect to run.out.
2 - I just tried exactly that with a HW TPM and it worked exactly as with the SW TPM.
3 - The TPM should never return a TPM 1.2 return code. This feels like a TPM bug. I'd report it to the vendor. If you don't have a TPM vendor contact, send their name to me along with the TPM revision and firmware (from getcap), and I'll pass it on.
4 - If you send it to them, include the above trace. The command appears well formed.
An Intel resource manager! The plot thickens. :-)
I don't support the Intel resource manager. It could very well be that it has a bug. Certainly, something is sending an invalid response code. I don't know if it has trace facitities. If it does, perhaps get a trace and send it to Intel support
There are three ways to easily (documented in the TSS manual 3.4.1 Property Example) connect the IBM TSS to a hardware TPM. In order of complexity
a) Set the environment variable: setenv TPM_INTERFACE_TYPE dev
b) In your code: TSS_SetProperty(tssContext, TPM_INTERFACE_TYPE, "dev");
c) In the makefile: -DTPM_INTERFACE_TYPE_DEFAULT="\"dev\""
This will direct the TSS to /dev/tpm0. You can change that too.
Last edit: Ken Goldman 2016-07-13
When you TPM2_Create() a sealed blob (really, any object), there are two authorization methods, password and policy.
If you don't set userWithAuth, you can't run unseal without a policy session.
Thank you! I think I'm finally understanding! But how can I receive/use the commands without using the Intel resource manager? I'm assuming the one for the SW TPM will not work for the commands with the HW TPM.
Bad asssumption. :-) See this link off the main page. http://ibmswtpm.sourceforge.net/ibmtss2.html
The IBM TSS is not "for the SW TPM". It supports as many plaforms, OSes, and TPMs as I can test with.
Just use one of the 3 methods described above to instruct the TSS to send commands to /dev/tpm0. It should just work.
In case it's not obvious, the env variable option affects the command line utilities as well. No need to recompile anything.
Yeah that seemed to be the problem I was having, I got it working with the env variable :)
Is there a purpose for having the .bin files for the policy session and the createprimary and create commands? I seem to be able to unseal without the .bin files being in the right spot, but no other commands seem to be hindered by their absence if I remove them.
1 - I'm glad the env variable worked. In general, if something seems hard, you're probably on the wrong path. This TSS was designed with ease of use as the #1 requirement.
2 - Does this mean that the TPM 1.2 error code disappeared? If so, it was an Intel bug.
2 - What bin file are you referring to? If it's the samples in utils/policies, it sets the object policy during "create -pol". It come part of the object. During unseal, the object policy is checked, not the one on disk.
Oh, those. They're TSS temp files. You can change the directory with an env variable. Ignore them, but don't move or delete them. They come and go as you load and flush.
Is it secure to leave them? Will this compromise the security of the data that I am sealing, or of the policy, in any way?
See the manual section TPM_ENCRYPT_SESSIONS. Everything else is public state. I retain the state rather than require the application developer to save and load it.
I.e., it defaults to working as you want it to, with minimal effort by the application developer.
Cool! Thanks for your help!