Thread: [opencryptoki-users] help on pkcs11 talking to tpm chip
Brought to you by:
ebarretto
Menu
▾
▴
opencryptoki-users
|
From: Sanjay S. <san...@gm...> - 2007-11-13 11:55:44
|
Hi,
I am trying to talk to the TPM chip using the pkcs11 interface.
When I try changing the user PIN, I get the following error.
~:# pkcsconf -c 0 -p
Enter user PIN: *****
Enter the new user PIN: ********
Re-enter the new user PIN: ********
Error logging in: 0x102
Can you please help...
FYI
pkcs11_startup, populates the following entries in the pk_config_data.
TRUE|0|Linux 2.6.22-gg14-generic Linux (TPM)|Linux
2.6.22-gg14-generic|TRUE|FALSE|TRUE|0|0|1|1|NONE|libpkcs11_tpm.so|ST_Initialize
TRUE|0|Linux 2.6.22-gg14-generic Linux (Soft)|Linux
2.6.22-gg14-generic|TRUE|FALSE|FALSE|0|0|1|1|NONE|libpkcs11_sw.so|ST_Initializ
Also, I could run pkcsconf -c 0 -I command to intialize the token, and
pkcsconf -c 0 -u, to initialize the user PIN.
pkcsconf -ts output:
Slot #0 Info
Description: Linux 2.6.22-gg14-generic Linux (TPM)
Manufacturer: Linux 2.6.22-gg14-generic
Flags: 0x5 (TOKEN_PRESENT|HW_SLOT)
Hardware Version: 0.0
Firmware Version: 1.1
Token #0 Info:
Label: tpm
Manufacturer: IBM Corp.
Model: TPM v1.1 Token
Serial Number: 123
Flags: 0x880445
(RNG|LOGIN_REQUIRED|CLOCK_ON_TOKEN|TOKEN_INITIALIZED|USER_PIN_TO_BE_CHANGED|SO_PIN_TO_BE_CHANGED)
Sessions: -1/-1
R/W Sessions: -1/-1
PIN Length: 6-127
Public Memory: 0xFFFFFFFF/0xFFFFFFFF
Private Memory: 0xFFFFFFFF/0xFFFFFFFF
Hardware Version: 1.0
Firmware Version: 1.0
Time: 09:28:20
Thank you,
Sanjay
--
49:02:1f:d9:d5:10:98:58:12:af:56:e4:f1:34:cf:7e -Sunj
www.sanjaysha.com
|
|
From: Steven B. <sb...@au...> - 2007-11-13 13:53:00
|
Have you set the SO Pin? Sanjay Sha wrote: > Hi, > > I am trying to talk to the TPM chip using the pkcs11 interface. > When I try changing the user PIN, I get the following error. > > ~:# pkcsconf -c 0 -p > Enter user PIN: ***** > Enter the new user PIN: ******** > Re-enter the new user PIN: ******** > Error logging in: 0x102 > > Can you please help... > > FYI > pkcs11_startup, populates the following entries in the pk_config_data. > > TRUE|0|Linux 2.6.22-gg14-generic Linux (TPM)|Linux > 2.6.22-gg14-generic|TRUE|FALSE|TRUE|0|0|1|1|NONE|libpkcs11_tpm.so|ST_Initialize > TRUE|0|Linux 2.6.22-gg14-generic Linux (Soft)|Linux > 2.6.22-gg14-generic|TRUE|FALSE|FALSE|0|0|1|1|NONE|libpkcs11_sw.so|ST_Initializ > > Also, I could run pkcsconf -c 0 -I command to intialize the token, and > pkcsconf -c 0 -u, to initialize the user PIN. > > pkcsconf -ts output: > > Slot #0 Info > Description: Linux 2.6.22-gg14-generic Linux (TPM) > Manufacturer: Linux 2.6.22-gg14-generic > Flags: 0x5 (TOKEN_PRESENT|HW_SLOT) > Hardware Version: 0.0 > Firmware Version: 1.1 > > Token #0 Info: > Label: tpm > Manufacturer: IBM Corp. > Model: TPM v1.1 Token > Serial Number: 123 > Flags: 0x880445 > (RNG|LOGIN_REQUIRED|CLOCK_ON_TOKEN|TOKEN_INITIALIZED|USER_PIN_TO_BE_CHANGED|SO_PIN_TO_BE_CHANGED) > Sessions: -1/-1 > R/W Sessions: -1/-1 > PIN Length: 6-127 > Public Memory: 0xFFFFFFFF/0xFFFFFFFF > Private Memory: 0xFFFFFFFF/0xFFFFFFFF > Hardware Version: 1.0 > Firmware Version: 1.0 > Time: 09:28:20 > > > Thank you, > Sanjay > > -- > 49:02:1f:d9:d5:10:98:58:12:af:56:e4:f1:34:cf:7e -Sunj > www.sanjaysha.com <http://www.sanjaysha.com> > > > ------------------------------------------------------------------------ > > ------------------------------------------------------------------------- > This SF.net email is sponsored by: Splunk Inc. > Still grepping through log files to find problems? Stop. > Now Search log events and configuration files using AJAX and a browser. > Download your FREE copy of Splunk now >> http://get.splunk.com/ > > > ------------------------------------------------------------------------ > > _______________________________________________ > opencryptoki-users mailing list > ope...@li... > https://lists.sourceforge.net/lists/listinfo/opencryptoki-users |
|
From: Sanjay S. <san...@gm...> - 2007-11-13 14:18:49
|
I just tried setting the SO pin and I get the following message: ~:# pkcsconf -c 0 -P Enter the SO PIN: ******** Enter the new SO PIN: ********** Re-enter the new SO PIN: ********** Error setting PIN: 0x6 -Sanjay On Nov 13, 2007 7:22 PM, Steven Bade <sb...@au...> wrote: > Have you set the SO Pin? > Sanjay Sha wrote: > > Hi, > > > > I am trying to talk to the TPM chip using the pkcs11 interface. > > When I try changing the user PIN, I get the following error. > > > > ~:# pkcsconf -c 0 -p > > Enter user PIN: ***** > > Enter the new user PIN: ******** > > Re-enter the new user PIN: ******** > > Error logging in: 0x102 > > > > Can you please help... > > > > FYI > > pkcs11_startup, populates the following entries in the pk_config_data. > > > > TRUE|0|Linux 2.6.22-gg14-generic Linux (TPM)|Linux > > > 2.6.22-gg14-generic|TRUE|FALSE|TRUE|0|0|1|1|NONE|libpkcs11_tpm.so|ST_Initialize > > TRUE|0|Linux 2.6.22-gg14-generic Linux (Soft)|Linux > > > 2.6.22-gg14-generic|TRUE|FALSE|FALSE|0|0|1|1|NONE|libpkcs11_sw.so|ST_Initializ > > > > Also, I could run pkcsconf -c 0 -I command to intialize the token, and > > pkcsconf -c 0 -u, to initialize the user PIN. > > > > pkcsconf -ts output: > > > > Slot #0 Info > > Description: Linux 2.6.22-gg14-generic Linux (TPM) > > Manufacturer: Linux 2.6.22-gg14-generic > > Flags: 0x5 (TOKEN_PRESENT|HW_SLOT) > > Hardware Version: 0.0 > > Firmware Version: 1.1 > > > > Token #0 Info: > > Label: tpm > > Manufacturer: IBM Corp. > > Model: TPM v1.1 Token > > Serial Number: 123 > > Flags: 0x880445 > > > (RNG|LOGIN_REQUIRED|CLOCK_ON_TOKEN|TOKEN_INITIALIZED|USER_PIN_TO_BE_CHANGED|SO_PIN_TO_BE_CHANGED) > > Sessions: -1/-1 > > R/W Sessions: -1/-1 > > PIN Length: 6-127 > > Public Memory: 0xFFFFFFFF/0xFFFFFFFF > > Private Memory: 0xFFFFFFFF/0xFFFFFFFF > > Hardware Version: 1.0 > > Firmware Version: 1.0 > > Time: 09:28:20 > > > > > > Thank you, > > Sanjay > > > > -- > > 49:02:1f:d9:d5:10:98:58:12:af:56:e4:f1:34:cf:7e -Sunj > > www.sanjaysha.com <http://www.sanjaysha.com> > > > > > > ------------------------------------------------------------------------ > > > > > ------------------------------------------------------------------------- > > This SF.net email is sponsored by: Splunk Inc. > > Still grepping through log files to find problems? Stop. > > Now Search log events and configuration files using AJAX and a browser. > > Download your FREE copy of Splunk now >> http://get.splunk.com/ > > > > > > ------------------------------------------------------------------------ > > > > _______________________________________________ > > opencryptoki-users mailing list > > ope...@li... > > https://lists.sourceforge.net/lists/listinfo/opencryptoki-users > > -- 49:02:1f:d9:d5:10:98:58:12:af:56:e4:f1:34:cf:7e -Sunj www.sanjaysha.com |
|
From: Sanjay S. <san...@gm...> - 2007-11-14 04:48:21
|
Enabling debugging actually reveals some more information: ~:# tpmtoken_init -k tpm Warning: The TPM token has already been initialized. Reinitializing the TPM token will cause all TPM token data to be lost. Clear the TPM token data? [y/N]: y Enter the TPM security officer password: LOG_ERR TPM_STDLL tpm_specific.c:207 ERROR: key with ID="PUBLIC ROOT KEY" not found in the store! LOG_ERR TPM_STDLL tpm_specific.c:207 ERROR: key with ID="PUBLIC ROOT KEY" not found in the store! A new TPM security officer password is needed. The password must be between 6 and 127 characters in length. Enter new password: Confirm password: ~:# pkcsconf -c 0 -p Enter user PIN: ***** Enter the new user PIN: *** Re-enter the new user PIN: *** LOG_ERR TPM_STDLL tpm_specific.c:207 ERROR: key with ID="PUBLIC ROOT KEY" not found in the store! LOG_ERR TPM_STDLL tpm_specific.c:623 ERROR: token_find_key failed. rc=0x8f000000 LOG_ERR TPM_STDLL tpm_specific.c:1494 ERROR: token_load_public_root_key failed. rc=0x6 Error logging in: 0x102 ~:# pkcsconf -c 0 -P Enter the SO PIN: ******** Enter the new SO PIN: ****** Re-enter the new SO PIN: ****** LOG_ERR TPM_STDLL tpm_specific.c:207 ERROR: key with ID="PUBLIC ROOT KEY" not found in the store! LOG_ERR TPM_STDLL tpm_specific.c:309 ERROR: Tspi_Key_GetPubKey failed: rc=0x1 LOG_ERR TPM_STDLL tpm_specific.c:1179 ERROR: token_wrap_sw_key failed. rc=0x1 LOG_ERR TPM_STDLL tpm_specific.c:1835 ERROR: FAILED creating SO tree. ST MSG TPM_STDLL new_host.c:1224 whammy I am trying to read docs to understand this error message, but since you are the experts, you can tell me what is going wrong fairly easily. Please let me know. Thank you, Sanjay -- 49:02:1f:d9:d5:10:98:58:12:af:56:e4:f1:34:cf:7e -Sunj www.sanjaysha.com |
|
From: Steven B. <sb...@au...> - 2007-11-14 15:10:35
|
I believe that this means you have not initialized the TPM with a Storage Root Key... that has to be done outside of the P11 token Sanjay Sha wrote: > Enabling debugging actually reveals some more information: > > ~:# tpmtoken_init -k tpm > Warning: The TPM token has already been initialized. Reinitializing the > TPM token will cause all TPM token data to be lost. > Clear the TPM token data? [y/N]: y > Enter the TPM security officer password: > LOG_ERR TPM_STDLL tpm_specific.c:207 ERROR: key with ID="PUBLIC ROOT > KEY" not found in the store! > LOG_ERR TPM_STDLL tpm_specific.c:207 ERROR: key with ID="PUBLIC ROOT > KEY" not found in the store! > A new TPM security officer password is needed. The password must be > between 6 and 127 characters in length. > Enter new password: > Confirm password: > > ~:# pkcsconf -c 0 -p > Enter user PIN: ***** > Enter the new user PIN: *** > Re-enter the new user PIN: *** > LOG_ERR TPM_STDLL tpm_specific.c:207 ERROR: key with ID="PUBLIC ROOT > KEY" not found in the store! > LOG_ERR TPM_STDLL tpm_specific.c:623 ERROR: token_find_key failed. > rc=0x8f000000 > LOG_ERR TPM_STDLL tpm_specific.c:1494 ERROR: token_load_public_root_key > failed. rc=0x6 > Error logging in: 0x102 > > ~:# pkcsconf -c 0 -P > Enter the SO PIN: ******** > Enter the new SO PIN: ****** > Re-enter the new SO PIN: ****** > LOG_ERR TPM_STDLL tpm_specific.c:207 ERROR: key with ID="PUBLIC ROOT > KEY" not found in the store! > LOG_ERR TPM_STDLL tpm_specific.c:309 ERROR: Tspi_Key_GetPubKey failed: > rc=0x1 > LOG_ERR TPM_STDLL tpm_specific.c:1179 ERROR: token_wrap_sw_key failed. > rc=0x1 > LOG_ERR TPM_STDLL tpm_specific.c:1835 ERROR: FAILED creating SO tree. > ST MSG TPM_STDLL new_host.c:1224 whammy > > I am trying to read docs to understand this error message, but since you > are the experts, you can > tell me what is going wrong fairly easily. Please let me know. > > Thank you, > Sanjay > -- > 49:02:1f:d9:d5:10:98:58:12:af:56:e4:f1:34:cf:7e -Sunj > www.sanjaysha.com <http://www.sanjaysha.com> > > > ------------------------------------------------------------------------ > > ------------------------------------------------------------------------- > This SF.net email is sponsored by: Splunk Inc. > Still grepping through log files to find problems? Stop. > Now Search log events and configuration files using AJAX and a browser. > Download your FREE copy of Splunk now >> http://get.splunk.com/ > > > ------------------------------------------------------------------------ > > _______________________________________________ > opencryptoki-users mailing list > ope...@li... > https://lists.sourceforge.net/lists/listinfo/opencryptoki-users |
|
From: Kent Y. <shp...@gm...> - 2007-11-14 16:19:35
|
Hi Sanjay, On Nov 13, 2007 10:48 PM, Sanjay Sha <san...@gm...> wrote: > Enabling debugging actually reveals some more information: > > ~:# tpmtoken_init -k tpm > Warning: The TPM token has already been initialized. Reinitializing the TPM > token will cause all TPM token data to be lost. > Clear the TPM token data? [y/N]: y > Enter the TPM security officer password: > LOG_ERR TPM_STDLL tpm_specific.c:207 ERROR: key with ID="PUBLIC ROOT KEY" > not found in the store! > LOG_ERR TPM_STDLL tpm_specific.c:207 ERROR: key with ID="PUBLIC ROOT KEY" > not found in the store! FYI the above errors aren't really errors. :-) The TPM token is search for the root keys that it automatically loads as part of the protection it does for the PCKS#11 data store. These keys don't exist yet because you haven't set up the SO and USER pins. > A new TPM security officer password is needed. The password must be between > 6 and 127 characters in length. > Enter new password: > Confirm password: This looks like a bug in tpmtoken_init. I think it should be prompting you for the user password after SO pin, so apparently setting the SO pin is failing here. > > ~:# pkcsconf -c 0 -p > Enter user PIN: ***** > Enter the new user PIN: *** > Re-enter the new user PIN: *** > LOG_ERR TPM_STDLL tpm_specific.c:207 ERROR: key with ID="PUBLIC ROOT KEY" > not found in the store! > LOG_ERR TPM_STDLL tpm_specific.c:623 ERROR: token_find_key failed. > rc=0x8f000000 > LOG_ERR TPM_STDLL tpm_specific.c:1494 ERROR: token_load_public_root_key > failed. rc=0x6 > Error logging in: 0x102 0x102 is user pin not initialized, you'd need to run pkcsconf -u first. Also, tpmtoken_init was meant to be a complete replacement for the pkcsconf steps. Once tomtoken_init succeeds, your TPM token should be ready to use. > > > ~:# pkcsconf -c 0 -P > Enter the SO PIN: ******** > Enter the new SO PIN: ****** > Re-enter the new SO PIN: ****** > LOG_ERR TPM_STDLL tpm_specific.c:207 ERROR: key with ID="PUBLIC ROOT KEY" > not found in the store! > LOG_ERR TPM_STDLL tpm_specific.c:309 ERROR: Tspi_Key_GetPubKey failed: > rc=0x1 Ok, the GetPubKey call is being used to grab the SRK pub key, which is failing with an authentication error. As the openCryptoki TPM token code is written now, the SRK password must be a hash of 0 bytes. You can set this up by just hitting enter when you're prompted for a new password in tpm_changeownerauth -s. Try setting the SRK password and then just run tpmtoken_init to see if that works. Thanks, Kent > LOG_ERR TPM_STDLL tpm_specific.c:1179 ERROR: token_wrap_sw_key failed. > rc=0x1 > LOG_ERR TPM_STDLL tpm_specific.c:1835 ERROR: FAILED creating SO tree. > ST MSG TPM_STDLL new_host.c:1224 whammy > > I am trying to read docs to understand this error message, but since you are > the experts, you can > tell me what is going wrong fairly easily. Please let me know. > > > > Thank you, > Sanjay > -- > 49:02:1f:d9:d5:10:98:58:12:af:56:e4:f1:34:cf:7e -Sunj > www.sanjaysha.com > ------------------------------------------------------------------------- > This SF.net email is sponsored by: Splunk Inc. > Still grepping through log files to find problems? Stop. > Now Search log events and configuration files using AJAX and a browser. > Download your FREE copy of Splunk now >> http://get.splunk.com/ > _______________________________________________ > opencryptoki-users mailing list > ope...@li... > https://lists.sourceforge.net/lists/listinfo/opencryptoki-users > > -- Kent Yoder IBM LTC Security Dev. |
|
From: Sanjay S. <san...@gm...> - 2007-11-15 11:45:38
|
Hi Kent, Thanks very much for patiently replying to my email and explaining the DEBUG information :) I have basically, tried resetting the SRK to NULL and ran tpmtoken_init but it doesn't help. I have done some more debugging and found out that, the code is failing with this specific error message.. "*TCSD TCS rpc/tcstp/rpc.c:400 Data type of TCS packet element 2 doesn't match.*" I found the above by running tcsd in the foreground mode and enabling debug option. I have been debugging quite a bit and my debug quota for today is over, time to get some sleep :) I am pretty sure, you are familiar with this message. So, please help.. Also, I am quite new to this technology, so can you suggest some good references, to understand how the structure of the TPM is and so on. I am not able to get any useful resources to understand the PUBLIC ROOT KEY, and how pkcs11 relates to it and stuff like that. So any guidance in this area is greatly helpful Appreciate your time and help ! FYI.. root@java:~# tpmtoken_init -k "IBM PKCS#11 TPM Token" LOG_DEBUG TSPI rpc/tcstp/rpc.c:358 Sending TSP packet to host localhost. LOG_DEBUG TSPI rpc/tcstp/rpc.c:373 Connecting to 127.0.0.1 LOG_DEBUG TSPI rpc/tcstp/rpc_context.c:44 RPC_OpenContext_TP: Received TCS Context: 0xa028b002 Warning: The TPM token has already been initialized. Reinitializing the TPM token will cause all TPM token data to be lost. Clear the TPM token data? [y/N]: y Enter the TPM security officer password: LOG_ERR TPM_STDLL tpm_specific.c:207 ERROR: key with ID="PUBLIC ROOT KEY" not found in the store! LOG_DEBUG TSPI rpc/tcstp/rpc_ps.c:318 RPC_LoadKeyByUUID_TP: TCS Context: 0xa028b002 LOG_DEBUG TSPI rpc/tcstp/rpc_ps.c:339 RPC_LoadKeyByUUID_TP: TCS key handle: 0x40000000 LOG_DEBUG TSPI rpc/tcstp/rpc_ps.c:274 RPC_GetRegisteredKeyBlob_TP: TCS Context: 0xa028b002 LOG_ERR TPM_STDLL tpm_specific.c:207 ERROR: key with ID="PUBLIC ROOT KEY" not found in the store! A new TPM security officer password is needed. The password must be between 6 and 127 characters in length. Enter new password: Confirm password: LOG_DEBUG TSPI rpc/tcstp/rpc_random.c:37 RPC_GetRandom_TP: TCS Context: 0xa028b002 LOG_DEBUG TSPI rpc/tcstp/rpc_key.c:184 RPC_GetPubKey_TP: TCS Context: 0xa028b002 LOG_ERR TPM_STDLL tpm_specific.c:309 ERROR: Tspi_Key_GetPubKey failed: rc=0x1 LOG_ERR TPM_STDLL tpm_specific.c:1183 ERROR: token_wrap_sw_key failed. rc=0x1 LOG_ERR TPM_STDLL tpm_specific.c:1839 ERROR: FAILED creating SO tree. ST MSG TPM_STDLL new_host.c:1231 whammy C_SetPIN failed: 0x00000006 (6) LOG_DEBUG TSPI rpc/tcstp/rpc_context.c:60 RPC_CloseContext_TP: TCS Context: 0xa028b002 *TCSD DEBUG information of the above command:* TCSD svrside.c:283 accepted socket 7 TCSD tcsd_threads.c:358 Rx'd packet TCSD TCS rpc/tcstp/rpc.c:659 Dispatching ordinal 1 TCSD TCS rpc/tcstp/rpc_context.c:37 tcs_wrap_OpenContext: thread -1212236912 TCSD tcsd_threads.c:385 Sending 0x26 bytes back TCSD tcsd_threads.c:358 Rx'd packet TCSD TCS rpc/tcstp/rpc.c:659 Dispatching ordinal 12 TCSD TCS rpc/tcstp/rpc_ps.c:169 tcs_wrap_LoadKeyByUUID: thread -1212236912 context a028b703 TCSD TCS tcsi_ps.c:512 TCSP_LoadKeyByUUID_Internal: Enter: uuid: 0xb7beb278 auth? 0x0 *********** TCSD TCS tcs_key_mem_cache.c:629 key_mgr_inc_ref_count: TCSD mem_cached handle: 0x40000000 TCSD TCS tcs_ps.c:170 Key successfully loaded by UUID w/ TCS handle: 0x40000000 TCSD tcsd_threads.c:385 Sending 0x97 bytes back TCSD tcsd_threads.c:358 Rx'd packet TCSD TCS rpc/tcstp/rpc.c:659 Dispatching ordinal 9 TCSD TCS rpc/tcstp/rpc_ps.c:131 tcs_wrap_GetRegisteredKeyBlob: thread -1212236912 context a028b703 TCSD TCS ps/tcsps.c:170 psfile_get_key_by_uuid: Version: 1.1.0.6 TCSD TCS ps/tcsps.c:170 psfile_get_key_by_uuid: keyUsage: 0x11 TCSD TCS ps/tcsps.c:170 psfile_get_key_by_uuid: keyFlags: 0x0 TCSD TCS ps/tcsps.c:170 psfile_get_key_by_uuid: authDatausage: 0 TCSD TCS ps/tcsps.c:170 psfile_get_key_by_uuid: pcrInfosize: 0 TCSD TCS ps/tcsps.c:170 psfile_get_key_by_uuid: encDataSize: 0 TCSD tcsd_threads.c:385 Sending 0x151 bytes back TCSD tcsd_threads.c:358 Rx'd packet TCSD TCS rpc/tcstp/rpc.c:659 Dispatching ordinal 44 TCSD TCS rpc/tcstp/rpc_random.c:41 tcs_wrap_GetRandom: thread -1212236912 context a028b703 TCSD TCS tcsi_random.c:48 TCSP_GetRandom_Internal: 32 bytes To TPM: 00 C1 00 00 00 0E 00 00 00 46 00 00 00 20 TCSD TDDL tddl.c:105 Calling write to driver >From TPM: 00 C4 00 00 00 2E 00 00 00 00 00 00 00 20 F6 7A >From TPM: D9 9E 13 06 43 93 9D C3 FA 9C B0 1A AE 0A 90 5A >From TPM: EB 84 B0 2B B0 AE 5C 4E AD A1 0D EE EC 27 TCSD tcsd_threads.c:385 Sending 0x42 bytes back TCSD tcsd_threads.c:358 Rx'd packet TCSD TCS rpc/tcstp/rpc.c:659 Dispatching ordinal 15 TCSD TCS rpc/tcstp/rpc_key.c:72 tcs_wrap_GetPubkey: thread -1212236912 context a028b703 *TCSD TCS rpc/tcstp/rpc.c:400 Data type of TCS packet element 2 doesn't match.* TCSD TCS tcsi_key.c:237 Entering Get pub key TCSD TCS tcsi_key.c:246 No Auth TCSD TCS tcs_key_mem_cache.c:159 ensureKeyIsLoaded: 0x40000000 TCSD TCS tcs_key_mem_cache.c:708 mc_get_slot_by_handle: TCSD mem_cached handle: 0x40000000 TCSD TCS tcs_key_mem_cache.c:167 keySlot is 40000000 TCSD TCS tcs_key_mem_cache.c:865 mc_update_time_stamp: TCSD mem_cached handle: 0x40000000 TCSD TCS tcs_key_mem_cache.c:192 ensureKeyIsLoaded: Exit TCSD TCS tcsi_key.c:254 GetPubKey: handle: 0x40000000, slot: 0x40000000 To TPM: 00 C1 00 00 00 0E 00 00 00 21 40 00 00 00 TCSD TDDL tddl.c:105 Calling write to driver >From TPM: 00 C4 00 00 00 0A 00 00 00 01 TCSD tcsd_threads.c:385 Sending 0x1C bytes back TCSD tcsd_threads.c:358 Rx'd packet TCSD TCS rpc/tcstp/rpc.c:659 Dispatching ordinal 2 TCSD TCS rpc/tcstp/rpc_context.c:69 tcs_wrap_CloseContext: thread -1212236912 context a028b703 TCSD TCS tcsi_context.c:39 Closing context A028B703 TCSD TCS tcs_key_mem_cache.c:653 key_mgr_dec_ref_count: decrementing ref cnt for key 0x40000000 TCSD TCS tcsi_context.c:51 Context A028B703 closed TCSD tcsd_threads.c:385 Sending 0x1C bytes back TCSD TCS rpc/tcstp/rpc.c:64 Socket connection closed. TCSD tcsd_threads.c:397 Thread exiting. Thank you, Sanjay Sha -- 49:02:1f:d9:d5:10:98:58:12:af:56:e4:f1:34:cf:7e -Sunj www.sanjaysha.com |
|
From: Kent Y. <shp...@gm...> - 2007-11-15 15:53:42
|
Hi Sanjay, The message about packet element not matching is a harmless error, but it looks like the password for the SRK is still bad. Did you reset your SRK password to be a zero-length string with tpm_changeownerauth? Kent On Nov 15, 2007 5:45 AM, Sanjay Sha <san...@gm...> wrote: > Hi Kent, > > Thanks very much for patiently replying to my email and explaining the DEBUG > information :) > > I have basically, tried resetting the SRK to NULL and ran tpmtoken_init but > it doesn't help. > I have done some more debugging and found out that, the code is failing with > this specific error message.. > "TCSD TCS rpc/tcstp/rpc.c:400 Data type of TCS packet element 2 doesn't > match." > I found the above by running tcsd in the foreground mode and enabling debug > option. > > I have been debugging quite a bit and my debug quota for today is over, time > to get some sleep :) > I am pretty sure, you are familiar with this message. So, please help.. > > Also, I am quite new to this technology, so can you suggest some good > references, to understand how the structure of the TPM > is and so on. I am not able to get any useful resources to understand the > PUBLIC ROOT KEY, and how pkcs11 relates to it > and stuff like that. So any guidance in this area is greatly helpful > > Appreciate your time and help ! > > > FYI.. > > root@java:~# tpmtoken_init -k "IBM PKCS#11 TPM Token" > LOG_DEBUG TSPI rpc/tcstp/rpc.c:358 Sending TSP packet to host localhost. > LOG_DEBUG TSPI rpc/tcstp/rpc.c:373 Connecting to 127.0.0.1 > LOG_DEBUG TSPI rpc/tcstp/rpc_context.c:44 RPC_OpenContext_TP: Received TCS > Context: 0xa028b002 > > Warning: The TPM token has already been initialized. Reinitializing the TPM > token will cause all TPM token data to be lost. > Clear the TPM token data? [y/N]: y > Enter the TPM security officer password: > LOG_ERR TPM_STDLL tpm_specific.c:207 ERROR: key with ID="PUBLIC ROOT KEY" > not found in the store! > LOG_DEBUG TSPI rpc/tcstp/rpc_ps.c:318 RPC_LoadKeyByUUID_TP: TCS Context: > 0xa028b002 > LOG_DEBUG TSPI rpc/tcstp/rpc_ps.c:339 RPC_LoadKeyByUUID_TP: TCS key handle: > 0x40000000 > LOG_DEBUG TSPI rpc/tcstp/rpc_ps.c:274 RPC_GetRegisteredKeyBlob_TP: TCS > Context: 0xa028b002 > > LOG_ERR TPM_STDLL tpm_specific.c:207 ERROR: key with ID="PUBLIC ROOT KEY" > not found in the store! > A new TPM security officer password is needed. The password must be between > 6 and 127 characters in length. > Enter new password: > Confirm password: > LOG_DEBUG TSPI rpc/tcstp/rpc_random.c:37 RPC_GetRandom_TP: TCS Context: > 0xa028b002 > LOG_DEBUG TSPI rpc/tcstp/rpc_key.c:184 RPC_GetPubKey_TP: TCS Context: > 0xa028b002 > > LOG_ERR TPM_STDLL tpm_specific.c:309 ERROR: Tspi_Key_GetPubKey failed: > rc=0x1 > LOG_ERR TPM_STDLL tpm_specific.c:1183 ERROR: token_wrap_sw_key failed. > rc=0x1 > LOG_ERR TPM_STDLL tpm_specific.c:1839 ERROR: FAILED creating SO tree. > ST MSG TPM_STDLL new_host.c:1231 whammy > C_SetPIN failed: 0x00000006 (6) > LOG_DEBUG TSPI rpc/tcstp/rpc_context.c:60 RPC_CloseContext_TP: TCS Context: > 0xa028b002 > > > TCSD DEBUG information of the above command: > TCSD svrside.c:283 accepted socket 7 > TCSD tcsd_threads.c:358 Rx'd packet > TCSD TCS rpc/tcstp/rpc.c:659 Dispatching ordinal 1 > TCSD TCS rpc/tcstp/rpc_context.c:37 tcs_wrap_OpenContext: thread -1212236912 > TCSD tcsd_threads.c:385 Sending 0x26 bytes back > TCSD tcsd_threads.c:358 Rx'd packet > TCSD TCS rpc/tcstp/rpc.c:659 Dispatching ordinal 12 > TCSD TCS rpc/tcstp/rpc_ps.c:169 tcs_wrap_LoadKeyByUUID: thread -1212236912 > context a028b703 > TCSD TCS tcsi_ps.c:512 TCSP_LoadKeyByUUID_Internal: Enter: uuid: 0xb7beb278 > auth? 0x0 *********** > TCSD TCS tcs_key_mem_cache.c:629 key_mgr_inc_ref_count: TCSD mem_cached > handle: 0x40000000 > TCSD TCS tcs_ps.c:170 Key successfully loaded by UUID w/ TCS handle: > 0x40000000 > TCSD tcsd_threads.c:385 Sending 0x97 bytes back > TCSD tcsd_threads.c:358 Rx'd packet > TCSD TCS rpc/tcstp/rpc.c:659 Dispatching ordinal 9 > TCSD TCS rpc/tcstp/rpc_ps.c:131 tcs_wrap_GetRegisteredKeyBlob: thread > -1212236912 context a028b703 > TCSD TCS ps/tcsps.c:170 psfile_get_key_by_uuid: Version: 1.1.0.6 > TCSD TCS ps/tcsps.c:170 psfile_get_key_by_uuid: keyUsage: 0x11 > TCSD TCS ps/tcsps.c:170 psfile_get_key_by_uuid: keyFlags: 0x0 > TCSD TCS ps/tcsps.c:170 psfile_get_key_by_uuid: authDatausage: 0 > TCSD TCS ps/tcsps.c:170 psfile_get_key_by_uuid: pcrInfosize: 0 > TCSD TCS ps/tcsps.c:170 psfile_get_key_by_uuid: encDataSize: 0 > TCSD tcsd_threads.c:385 Sending 0x151 bytes back > TCSD tcsd_threads.c:358 Rx'd packet > TCSD TCS rpc/tcstp/rpc.c:659 Dispatching ordinal 44 > TCSD TCS rpc/tcstp/rpc_random.c:41 tcs_wrap_GetRandom: thread -1212236912 > context a028b703 > TCSD TCS tcsi_random.c:48 TCSP_GetRandom_Internal: 32 bytes > To TPM: 00 C1 00 00 00 0E 00 00 00 46 00 00 00 20 > TCSD TDDL tddl.c:105 Calling write to driver > From TPM: 00 C4 00 00 00 2E 00 00 00 00 00 00 00 20 F6 7A > From TPM: D9 9E 13 06 43 93 9D C3 FA 9C B0 1A AE 0A 90 5A > From TPM: EB 84 B0 2B B0 AE 5C 4E AD A1 0D EE EC 27 > TCSD tcsd_threads.c:385 Sending 0x42 bytes back > TCSD tcsd_threads.c:358 Rx'd packet > TCSD TCS rpc/tcstp/rpc.c:659 Dispatching ordinal 15 > TCSD TCS rpc/tcstp/rpc_key.c:72 tcs_wrap_GetPubkey: thread -1212236912 > context a028b703 > TCSD TCS rpc/tcstp/rpc.c:400 Data type of TCS packet element 2 doesn't > match. > TCSD TCS tcsi_key.c:237 Entering Get pub key > TCSD TCS tcsi_key.c:246 No Auth > TCSD TCS tcs_key_mem_cache.c:159 ensureKeyIsLoaded: 0x40000000 > TCSD TCS tcs_key_mem_cache.c:708 mc_get_slot_by_handle: TCSD mem_cached > handle: 0x40000000 > TCSD TCS tcs_key_mem_cache.c:167 keySlot is 40000000 > TCSD TCS tcs_key_mem_cache.c:865 mc_update_time_stamp: TCSD mem_cached > handle: 0x40000000 > TCSD TCS tcs_key_mem_cache.c:192 ensureKeyIsLoaded: Exit > TCSD TCS tcsi_key.c:254 GetPubKey: handle: 0x40000000, slot: 0x40000000 > To TPM: 00 C1 00 00 00 0E 00 00 00 21 40 00 00 00 > TCSD TDDL tddl.c:105 Calling write to driver > From TPM: 00 C4 00 00 00 0A 00 00 00 01 > TCSD tcsd_threads.c:385 Sending 0x1C bytes back > TCSD tcsd_threads.c:358 Rx'd packet > TCSD TCS rpc/tcstp/rpc.c:659 Dispatching ordinal 2 > TCSD TCS rpc/tcstp/rpc_context.c:69 tcs_wrap_CloseContext: thread > -1212236912 context a028b703 > TCSD TCS tcsi_context.c:39 Closing context A028B703 > TCSD TCS tcs_key_mem_cache.c:653 key_mgr_dec_ref_count: decrementing ref cnt > for key 0x40000000 > TCSD TCS tcsi_context.c:51 Context A028B703 closed > TCSD tcsd_threads.c:385 Sending 0x1C bytes back > TCSD TCS rpc/tcstp/rpc.c:64 Socket connection closed. > TCSD tcsd_threads.c:397 Thread exiting. > > Thank you, > Sanjay Sha > -- > > > 49:02:1f:d9:d5:10:98:58:12:af:56:e4:f1:34:cf:7e -Sunj > www.sanjaysha.com -- Kent Yoder IBM LTC Security Dev. |
|
From: Sanjay S. <san...@gm...> - 2007-11-19 12:43:09
|
Hi Kent, Not a problem, I am good with email support also :) I have installed the latest CVS package of opencryptoki and the upstream tpm-tools, and trousers but I am still hitting the same problem, even after setting the SRK to NULL. I am currently trying all different possibilities. I will get back to you if I need your help. Thank you, Sanjay On Nov 16, 2007 2:53 AM, Kent Yoder <shp...@gm...> wrote: > Hi Sanjay, > > The message about packet element not matching is a harmless error, > but it looks like the password for the SRK is still bad. Did you > reset your SRK password to be a zero-length string with > tpm_changeownerauth? > > Kent > > On Nov 15, 2007 5:45 AM, Sanjay Sha <san...@gm...> wrote: > > Hi Kent, > > > > Thanks very much for patiently replying to my email and explaining the > DEBUG > > information :) > > > > I have basically, tried resetting the SRK to NULL and ran tpmtoken_init > but > > it doesn't help. > > I have done some more debugging and found out that, the code is failing > with > > this specific error message.. > > "TCSD TCS rpc/tcstp/rpc.c:400 Data type of TCS packet element 2 doesn't > > match." > > I found the above by running tcsd in the foreground mode and enabling > debug > > option. > > > > I have been debugging quite a bit and my debug quota for today is over, > time > > to get some sleep :) > > I am pretty sure, you are familiar with this message. So, please help.. > > > > Also, I am quite new to this technology, so can you suggest some good > > references, to understand how the structure of the TPM > > is and so on. I am not able to get any useful resources to understand > the > > PUBLIC ROOT KEY, and how pkcs11 relates to it > > and stuff like that. So any guidance in this area is greatly helpful > > > > Appreciate your time and help ! > > > > > > FYI.. > > > > root@java:~# tpmtoken_init -k "IBM PKCS#11 TPM Token" > > LOG_DEBUG TSPI rpc/tcstp/rpc.c:358 Sending TSP packet to host localhost. > > LOG_DEBUG TSPI rpc/tcstp/rpc.c:373 Connecting to 127.0.0.1 > > LOG_DEBUG TSPI rpc/tcstp/rpc_context.c:44 RPC_OpenContext_TP: Received > TCS > > Context: 0xa028b002 > > > > Warning: The TPM token has already been initialized. Reinitializing the > TPM > > token will cause all TPM token data to be lost. > > Clear the TPM token data? [y/N]: y > > Enter the TPM security officer password: > > LOG_ERR TPM_STDLL tpm_specific.c:207 ERROR: key with ID="PUBLIC ROOT > KEY" > > not found in the store! > > LOG_DEBUG TSPI rpc/tcstp/rpc_ps.c:318 RPC_LoadKeyByUUID_TP: TCS Context: > > 0xa028b002 > > LOG_DEBUG TSPI rpc/tcstp/rpc_ps.c:339 RPC_LoadKeyByUUID_TP: TCS key > handle: > > 0x40000000 > > LOG_DEBUG TSPI rpc/tcstp/rpc_ps.c:274 RPC_GetRegisteredKeyBlob_TP: TCS > > Context: 0xa028b002 > > > > LOG_ERR TPM_STDLL tpm_specific.c:207 ERROR: key with ID="PUBLIC ROOT > KEY" > > not found in the store! > > A new TPM security officer password is needed. The password must be > between > > 6 and 127 characters in length. > > Enter new password: > > Confirm password: > > LOG_DEBUG TSPI rpc/tcstp/rpc_random.c:37 RPC_GetRandom_TP: TCS Context: > > 0xa028b002 > > LOG_DEBUG TSPI rpc/tcstp/rpc_key.c:184 RPC_GetPubKey_TP: TCS Context: > > 0xa028b002 > > > > LOG_ERR TPM_STDLL tpm_specific.c:309 ERROR: Tspi_Key_GetPubKey failed: > > rc=0x1 > > LOG_ERR TPM_STDLL tpm_specific.c:1183 ERROR: token_wrap_sw_key failed. > > rc=0x1 > > LOG_ERR TPM_STDLL tpm_specific.c:1839 ERROR: FAILED creating SO tree. > > ST MSG TPM_STDLL new_host.c:1231 whammy > > C_SetPIN failed: 0x00000006 (6) > > LOG_DEBUG TSPI rpc/tcstp/rpc_context.c:60 RPC_CloseContext_TP: TCS > Context: > > 0xa028b002 > > > > > > TCSD DEBUG information of the above command: > > TCSD svrside.c:283 accepted socket 7 > > TCSD tcsd_threads.c:358 Rx'd packet > > TCSD TCS rpc/tcstp/rpc.c:659 Dispatching ordinal 1 > > TCSD TCS rpc/tcstp/rpc_context.c:37 tcs_wrap_OpenContext: thread > -1212236912 > > TCSD tcsd_threads.c:385 Sending 0x26 bytes back > > TCSD tcsd_threads.c:358 Rx'd packet > > TCSD TCS rpc/tcstp/rpc.c:659 Dispatching ordinal 12 > > TCSD TCS rpc/tcstp/rpc_ps.c:169 tcs_wrap_LoadKeyByUUID: thread > -1212236912 > > context a028b703 > > TCSD TCS tcsi_ps.c:512 TCSP_LoadKeyByUUID_Internal: Enter: uuid: > 0xb7beb278 > > auth? 0x0 *********** > > TCSD TCS tcs_key_mem_cache.c:629 key_mgr_inc_ref_count: TCSD mem_cached > > handle: 0x40000000 > > TCSD TCS tcs_ps.c:170 Key successfully loaded by UUID w/ TCS handle: > > 0x40000000 > > TCSD tcsd_threads.c:385 Sending 0x97 bytes back > > TCSD tcsd_threads.c:358 Rx'd packet > > TCSD TCS rpc/tcstp/rpc.c:659 Dispatching ordinal 9 > > TCSD TCS rpc/tcstp/rpc_ps.c:131 tcs_wrap_GetRegisteredKeyBlob: thread > > -1212236912 context a028b703 > > TCSD TCS ps/tcsps.c:170 psfile_get_key_by_uuid: Version: 1.1.0.6 > > TCSD TCS ps/tcsps.c:170 psfile_get_key_by_uuid: keyUsage: 0x11 > > TCSD TCS ps/tcsps.c:170 psfile_get_key_by_uuid: keyFlags: 0x0 > > TCSD TCS ps/tcsps.c:170 psfile_get_key_by_uuid: authDatausage: 0 > > TCSD TCS ps/tcsps.c:170 psfile_get_key_by_uuid: pcrInfosize: 0 > > TCSD TCS ps/tcsps.c:170 psfile_get_key_by_uuid: encDataSize: 0 > > TCSD tcsd_threads.c:385 Sending 0x151 bytes back > > TCSD tcsd_threads.c:358 Rx'd packet > > TCSD TCS rpc/tcstp/rpc.c:659 Dispatching ordinal 44 > > TCSD TCS rpc/tcstp/rpc_random.c:41 tcs_wrap_GetRandom: thread > -1212236912 > > context a028b703 > > TCSD TCS tcsi_random.c:48 TCSP_GetRandom_Internal: 32 bytes > > To TPM: 00 C1 00 00 00 0E 00 00 00 46 00 00 00 20 > > TCSD TDDL tddl.c:105 Calling write to driver > > From TPM: 00 C4 00 00 00 2E 00 00 00 00 00 00 00 20 F6 7A > > From TPM: D9 9E 13 06 43 93 9D C3 FA 9C B0 1A AE 0A 90 5A > > From TPM: EB 84 B0 2B B0 AE 5C 4E AD A1 0D EE EC 27 > > TCSD tcsd_threads.c:385 Sending 0x42 bytes back > > TCSD tcsd_threads.c:358 Rx'd packet > > TCSD TCS rpc/tcstp/rpc.c:659 Dispatching ordinal 15 > > TCSD TCS rpc/tcstp/rpc_key.c:72 tcs_wrap_GetPubkey: thread -1212236912 > > context a028b703 > > TCSD TCS rpc/tcstp/rpc.c:400 Data type of TCS packet element 2 doesn't > > match. > > TCSD TCS tcsi_key.c:237 Entering Get pub key > > TCSD TCS tcsi_key.c:246 No Auth > > TCSD TCS tcs_key_mem_cache.c:159 ensureKeyIsLoaded: 0x40000000 > > TCSD TCS tcs_key_mem_cache.c:708 mc_get_slot_by_handle: TCSD mem_cached > > handle: 0x40000000 > > TCSD TCS tcs_key_mem_cache.c:167 keySlot is 40000000 > > TCSD TCS tcs_key_mem_cache.c:865 mc_update_time_stamp: TCSD mem_cached > > handle: 0x40000000 > > TCSD TCS tcs_key_mem_cache.c:192 ensureKeyIsLoaded: Exit > > TCSD TCS tcsi_key.c:254 GetPubKey: handle: 0x40000000, slot: 0x40000000 > > To TPM: 00 C1 00 00 00 0E 00 00 00 21 40 00 00 00 > > TCSD TDDL tddl.c:105 Calling write to driver > > From TPM: 00 C4 00 00 00 0A 00 00 00 01 > > TCSD tcsd_threads.c:385 Sending 0x1C bytes back > > TCSD tcsd_threads.c:358 Rx'd packet > > TCSD TCS rpc/tcstp/rpc.c:659 Dispatching ordinal 2 > > TCSD TCS rpc/tcstp/rpc_context.c:69 tcs_wrap_CloseContext: thread > > -1212236912 context a028b703 > > TCSD TCS tcsi_context.c:39 Closing context A028B703 > > TCSD TCS tcs_key_mem_cache.c:653 key_mgr_dec_ref_count: decrementing ref > cnt > > for key 0x40000000 > > TCSD TCS tcsi_context.c:51 Context A028B703 closed > > TCSD tcsd_threads.c:385 Sending 0x1C bytes back > > TCSD TCS rpc/tcstp/rpc.c:64 Socket connection closed. > > TCSD tcsd_threads.c:397 Thread exiting. > > > > Thank you, > > Sanjay Sha > > -- > > > > > > 49:02:1f:d9:d5:10:98:58:12:af:56:e4:f1:34:cf:7e -Sunj > > www.sanjaysha.com > > > > -- > Kent Yoder > IBM LTC Security Dev. > -- 49:02:1f:d9:d5:10:98:58:12:af:56:e4:f1:34:cf:7e -Sunj www.sanjaysha.com |
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X