Menu
▾
▴
#219 tpm_nvread - 'No space to load key'
I'm trying to setup a laptop with a LUKS keyfile stored in the TPM. But I ran into a wall; I can write the key file into the TPM's NVRAM, but I can't read it back out.
When running:
tpm_nvread -i 1
...instead of reading out the contents of the index, I get:
Tspi_nv_ReadValue failed:0x00000011 - layer=tpm, code=0011 (17), No space to load key
I'm running Linux Mint 17.3 (Ubuntu 16.04,) kernel 4.13.0-26-generic, with Trousers v. 0.3.14 and tpm-tools v. 1.3.9.1.
tpm_version prints:
TPM 1.2 Version Info:
Chip Version: 1.2.2.42
Spec Level: 2
Errate Revision: 1
TPM Vendor ID: BRCM
TPM Version: 01010000
Manufacturer Info: 4252434d
To reproduce from a freshly cleared TPM:
tpm_takeover -z
tpm_nvdefine -i 0xFFFFFFFF
tpm_nvdefine -z -o $PASS -i 1 -s $(wc -c $KEYFILE) -p 'OWNERWRITE|READ_STCLEAR'
tpm_nvwrite -z --password=$PASS -i 1 -f $KEYFILE
tpm_nvread -i 1
Is this a bug in the TPM? The only references I can find to that error are in the TPM 1.2 spec, and the Trousers source code that defines that error...
I'm not a trousers expert, but I do know the TPM well. I recommend debugging first with a software TPM (e.g, https://sourceforge.net/projects/ibmswtpm/. The trace should tell you what the TSS is doing and where the bug is. Feel free to send me the trace file if the error isn't obvious.
Okay, running the emulated TPM, I can read back the keyfile perfectly fine.
So I ran the TPM proxy instead on a cleared TPM, and it fails. I've attached the resulting trace.
For future reference , I got the TPM proxy running reliably like this in two terminals:
Then ran my keyfile setup like normal in a third terminal.
It looks like the NVRAM in this TPM is bad. I tried moving the key to index 2, and got a "Bad memory index error" instead. Same thing occurred at various other indexes. Using an identical laptop (same TPM version and everything) with this workflow worked flawlessly...
Guess you can close this ticket.