Activity for TrouSerS
-
deitch posted a comment on ticket #211
I just stumbled across this problem again when rebuilding trousers, went hunting, and found this issue from 7 years ago. To my surprise, I opened it! Well, I knew it looked familiar. Is there any way we can move it forward?
-
Abhinav MS posted a comment on ticket #238
It is not a trousers issue.. TPM module is having more read write hits in the latest kernel causing the crash... Trying to pin point the exact code causing this
-
TrouSerS not working with linux 6.8 kernel
-
Ken Goldman posted a comment on ticket #237
I don't know the implementation of tpm_restrictsrk . It's not a TPM command. At a high level, there is a flag readSRKPub which permits an unauthorized read of the SRK. Once clear, it needs owner auth. TPM 1.2 is old and obsolete, so you may not get any other responses. If you can use a SW TPM and send me the traces (email), I can see what the command is doing and why it's failing.
-
Oskar Enoksson modified a comment on ticket #237
Although ... the command tpm_restrictsrk -a actually seems non-working: # tpm_restrictsrk -a Enter owner password: # tpm_restrictsrk -s Enter owner password: Storage Root Key readable with: owner auth # I expected the SRK readable without owner auth (with SRK auth) after successful tpm_restrictsrk -a My TPM chip is SLB9660: # tpm_version TPM 1.2 Version Info: Chip Version: 1.2.4.40 Spec Level: 2 Errata Revision: 3 TPM Vendor ID: IFX Vendor Specific data: 04280077 0074706d 3631ffff ff TPM Version:...
-
Although ... the command tpm_restrictsrk -a actually seems non-working: # tpm_restrictsrk -a Enter owner password: # tpm_restrictsrk -s Enter owner password: Storage Root Key readable with: owner auth # I expected the SRK readable without owner auth after successful tpm_restrictsrk -a My TPM chip is SLB9660: # tpm_version TPM 1.2 Version Info: Chip Version: 1.2.4.40 Spec Level: 2 Errata Revision: 3 TPM Vendor ID: IFX Vendor Specific data: 04280077 0074706d 3631ffff ff TPM Version: 01010000 Manufacturer...
-
Oops. My mistake. I had the impression that the -z flag to this command would reset the SRK password to all zeros. Not so. tpm_changeownerauth -s -r resets the SRK password. Help text for tpm_restrictsrk as below: Usage: tpm_restrictsrk [options] -h, --help Display command usage info. -v, --version Display command version info. -l, --log [none|error|info|debug] Set logging level. -u, --unicode Use TSS UNICODE encoding for passwords to comply with applications using TSS popup boxes -a, --allow Allow...
-
I don't know what this command does, but the error message implies a bad authorization value. -z says to use all zeros as the authorization value. Perhaps the authorization value is not all zeros. If you use a SW TPM, it will dump internal operations and help you / us debug.
-
tpm_restrictsrk -z fails with "Authentication failed"
-
Dhruv created ticket #236
SRK not found in persistent storage after reboot
-
Daniel created ticket #235
Impossible to call TPM_Tools tpm_setpresence --disable-hw
-
Fabrice Fontaine posted a comment on ticket #234
Duplicate of https://sourceforge.net/p/trousers/bugs/222/ so this one should be closed
-
Build failure with libressl >= 2.5.0
-
Laurent Bigonville modified a comment on ticket #233
I see this commit: https://sourceforge.net/p/trousers/tpm-tools/ci/8f253fbc61b8afb6a5d341090bba31dada29dffd/ that fixed an other occurrence of this apparently Edit: Is that patch actually correct?
-
I see this commit: https://sourceforge.net/p/trousers/tpm-tools/ci/8f253fbc61b8afb6a5d341090bba31dada29dffd/ that fixed an other occurrence of this apparently
-
Any new about this bug? This breaks the build on x32 architecture as the target is x86_64-pc-linux-gnux32 The compiler should already know what to do for the target architecture without this flag
-
Isn't openssl 1.1 supported now? That should be closed
-
tpm_nvcommon.c:167:31: warning: comparison of constant ‘124’ with boolean expression is always false [-Wbool-compare]
-
Stefan Strogin created merge request #2
trousers: do not re-declare RSA_set0_key with LibreSSL
-
Check that getpwent_r is available before using it
-
TrouSerS released /tpm-tools/1.3.9.2/tpm-tools-1.3.9.2.tar.gz
-
-
Debora Velarde Babb committed [bf4383]
Bumped version to 1.3.9.2
-
Debora Velarde Babb committed [94144b]
Bumped version to 0.3.15
-
Debora Velarde Babb committed [d3fefa]
dist: install tcsd.conf as root:tss 0640
-
Debora Velarde Babb committed [af2721]
Fix build with OpenSSL 1.1 due to EVP_PKEY being an opaque struct
-
Debora Velarde Babb committed [49b9a9]
Fix build with OpenSSL 1.1 due to RSA being an opaque struct
-
Debora Velarde Babb committed [b7c185]
tpm-tools: manpage cleanup
-
Debora Velarde Babb committed [331865]
tpm-tools: don't use __no_optimize
-
Debora Velarde Babb committed [6edef3]
trousers: don't use __no_optimize
-
Debora Velarde Babb committed [4486c9]
Support using PCRs 15-23 for sealing data
-
Debora Velarde Babb committed [e74dd1]
Correct multiple security issues that are present if the tcsd
-
Debora Velarde Babb committed [48d278]
trousers: fix potential use after free in ima_get_entry
-
Debora Velarde Babb committed [44f582]
Merge branch 'master' of ssh://git.code.sf.net/p/trousers/trousers
-
Debora Velarde Babb committed [10b338]
trousers: clean up use after free in Transport_TerminateHandle
-
Debora Velarde Babb committed [0a14b9]
trousers: clean up use after free in Transport_TerminateHandle
-
fis posted a comment on ticket #232
I forgot to mention it is debian 10.4 package v. 0.3.14+fixed1-1
-
tcsd crashes when DNS server is not available
-
Debora Velarde Babb committed [c9b8c4]
trousers: resolve build failure
-
klondike created merge request #4
tpm_sealdata: Allow setting PCR values
-
Dimitris created ticket #231
Retry to transmit data in req_mgr_submit_req causing TDDL_E_INSUFFICIENT_BUFFER incorrectly
-
Ricky Tigg created ticket #230
Hardware with TPM 1.2 chip not supported by Trousers.
-
Debora V. Babb committed [8a867e]
Added Vicky as a contributor
-
Debora V. Babb committed [5dea0b]
updated maintainer info
-
Thomas created ticket #229
Tspi_Context_Close is blocked when it is called a second time in a process. (Missing MUTEX_UNLOCK in get_user_ps_path function)
-
Alon Bar-Lev created ticket #228
[openssl-tpm-enigne] openssl-1.1 support
-
[tpm-tools] openssl-1.1 support
-
debora modified ticket #219
tpm_nvread - 'No space to load key'
-
Actually tpm_resetdalock is not the only one, tpm_unsealdata also doesn't list the -u option
-
Please indicate in the manpage that tpm_restrictpubek is permanant
-
tpm_resetdalock doesn't list -u option
-
Michael Cronenworth posted a comment on ticket #224
To be specific: src/tspi/ps/ps_utils.c: read_data(int fd, void *data, UINT32 size)
-
Rename the shared symbol read_data
-
Tomasz Kazimierczak created ticket #223
Libtspi der/ber encoding/decoding machinery fails with libssl1.1
-
please, this flag must be removed and determined by the toolchain, packages should not set this flag as it damage some of the configuration, for example building 32bit on amd64 or the new abi of linux. no package should enforce cpu specific flags. at gentoo maintainer I need to patch this package every new release.
-
Bernard Spil created ticket #222
Fix build with LibreSSL 2.7
-
Susan Hinrichs posted a comment on ticket #221
Sorry, it is been a long time since I created a patch file outside of git. I've attached a proper patch file.
-
Segfault on tcsd thread shutdown
-
Steffen created ticket #220
Issue with handle randomization - getNextHandle()
-
Francis Theodore Catte posted a comment on ticket #219
It looks like the NVRAM in this TPM is bad. I tried moving the key to index 2, and got a "Bad memory index error" instead. Same thing occurred at various other indexes. Using an identical laptop (same TPM version and everything) with this workflow worked flawlessly... Guess you can close this ticket.
-
Okay, running the emulated TPM, I can read back the keyfile perfectly fine. So I ran the TPM proxy instead on a cleared TPM, and it fails. I've attached the resulting trace. For future reference , I got the TPM proxy running reliably like this in two terminals: sudo ./tpm_proxy --port 6543 --nodaemon --log ~/tpm_proxy.log --verbose --device /dev/tpm0 --persisttpm sudo tcsd -e -f Then ran my keyfile setup like normal in a third terminal. sudo -i tpm_takeownership -z tpm_nvdefine -i 0xffffffff -s 0...
-
I'm not a trousers expert, but I do know the TPM well. I recommend debugging first with a software TPM (e.g, https://sourceforge.net/projects/ibmswtpm/. The trace should tell you what the TSS is doing and where the bug is. Feel free to send me the trace file if the error isn't obvious.
-
tpm_nvread - 'No space to load key'
-
Matthias Gerstner created merge request #2
OpenSSL 1.1 compatibility and autotools improvement
-
Extra dot after NAME in Tspi_Context_Connect.3 man page
-
libtspi assumes linux equals glibc
-
Shouldn't tpm_resetdalock support unicode?
-
A bit off topic ... Dan Anderson: IBM has a TSS for TPM 2.0. If you would like to test it on Solaris, I'd be happy to fix any bugs you find. kgoldman@us.ibm.com
-
Dan Anderson created ticket #217
Fix compiler warnings in tcsd with inproper printf format
-
TDDL function open_device() fails if fd == 0
-
Core dump caused by misaligned pointer in tcs get_tpm_metrics()
-
FYI, the downstream Oracle Solaris patch above is trousers/patches/include_tspps.h.patch
-
Header file tsp_delegate.h missing __spi_freeTable definition
-
Include Solaris with operating systems using const keyword to remove compiler warnings
-
The above link is dead. It would be better, I think, to file individual bugs for each patch or each problem.
-
Extra dot after NAME in Tspi_Context_Connect.3 man page
-
Natanael Copa posted a comment on ticket #211
Better (untested) variant, without mutex, using getpwuid_r, which also deals with the situation that the euid does not exist: diff --git a/src/tspi/ps/tspps.c b/src/tspi/ps/tspps.c index b5e83d0..4874509 100644 --- a/src/tspi/ps/tspps.c +++ b/src/tspi/ps/tspps.c @@ -51,9 +51,6 @@ static int user_ps_fd = -1; static MUTEX_DECLARE_INIT(user_ps_lock); -#if (defined (__FreeBSD__) || defined (__OpenBSD__)) -static MUTEX_DECLARE_INIT(user_ps_path); -#endif static struct flock fl; @@ -66,9 +63,7 @@ get_user_ps_path(char...
-
Something like: diff --git a/src/tspi/ps/tspps.c b/src/tspi/ps/tspps.c index b5e83d0..838522c 100644 --- a/src/tspi/ps/tspps.c +++ b/src/tspi/ps/tspps.c @@ -51,9 +51,7 @@ static int user_ps_fd = -1; static MUTEX_DECLARE_INIT(user_ps_lock); -#if (defined (__FreeBSD__) || defined (__OpenBSD__)) static MUTEX_DECLARE_INIT(user_ps_path); -#endif static struct flock fl; @@ -66,9 +64,6 @@ get_user_ps_path(char **file) TSS_RESULT result; char *file_name = NULL, *home_dir = NULL; struct passwd *pwp; -#if...
-
Apparently getpwent_r is not re-entrant. From man page: The function getpwent_r() is not really reentrant since it shares the reading position in the stream with all other threads. http://man7.org/linux/man-pages/man3/getpwent_r.3.html#NOTES I think it might be wise to simply drop the #if (defined(__linux) .....) and #if (defined (__FreeBSD__) || ...) and always use the mutex and posix compatible getpwent.
-
libtspi assumes linux equals glibc
-
syed mahaboob created ticket #210
Trousers on Android -N
-
Please considere debian patches
-
tpm_version prints non-initialised memory
-
tpm_nvdefine not ask passwords
-
Was able to build on x86_64 with patch. Still need to test on other architectures.
-
Rojikku created ticket #207
Build failed in function readx509Cert
-
Max Resch posted a comment on ticket #44
After some feedback from colleagues, I revised my patch and removed the necesity to decide at compile time, if support for UNIX Socket is compiled, insted it is treated the same as INET and INET6 sockets, with an option in the configuration option, that allows it to be disabled
-
obj_context: unlock mutex in err path (patch provided)
-
Seg faults in Test Suite due to hard coded return codes
-
Tested and merged patch into my 'dev' branch. Needs to be merged into master.
-
Merged patch into my 'dev' branch. Needs to be merged into master.
-
[PATCH] TCSD unix socket
-
tpm-tools - patches for OpenSSL 1.1
-
Unfortunately we won't be able to merge these patches due to the following found in one of the patches: + * Getter functions for OpenSSL < 1.1 compatibility. Based on code from: + * https://wiki.openssl.org/index.php/1.1_API_Changes#Adding_forward-compatible_code_to_older_versions + * and therefore: + * Copyright OpenSSL 2016 + * Contents licensed under the terms of the OpenSSL license + * See http://www.openssl.org/source/license.html for details My understanding is that the OpenSSL license is not...
-
Adam S created ticket #206
Problem with Binding/Unbinding
-
tpm-tools - patches for OpenSSL 1.1
-
obj_context: unlock mutex in err path (patch provided)
-
[tpm-tools PATCH] autoconf inject unneeded -m64 to CFLAGS
-
Patch contains the following: Getter functions for OpenSSL < 1.1 compatibility. Based...
-
tpm-tools - patches for OpenSSL 1.1
