Menu
▾
▴
[Trustedjava-support] Problems with AIK create cycle (both local and XMKS types) [2]
|
From: Nektarios I. <ine...@gm...> - 2007-08-16 15:22:19
|
Hello, Thanks Martin and Thomas for your replies. >The error occurs when the activateIdentity method is called. >Are you sure that you are using the correct SRK secret (TSS_WELL_KNOWN_SECRET >in your case)? YOu have to use the SRK secret you provided when taking >ownership of your TPM. I am pretty sure I am using the right owner password. I tried clearing and taking ownership several times and then tried the command again to make sure I was using the right owner password. I had not specified a custom SRK password so the TSS_WELL_KNOWN_SECRET should have been used by default. I did take a new ownership with a custom SRK key and specified this during "aik_create" but I am still getting the same exact error. Just to confirm here are my "clear_owner" and "take_owner" results just before trying "aik_create": [root@localhost jTpmTools_0.3]# ./jtt.sh clear_owner -o theBIGsecret gives 16:16:54:270 [INFO] CommonSettings::getTssFactory (39): TrouSerS and/or jTSS Wrapper not found. Trying IAIK jTSS. 16:16:54:367 [INFO] TcTcsi::<clinit> (-1): Unable to open TCS configuration file for system persistent storage information. Disabling system persistent storage. 16:16:54:392 [INFO] CommonSettings::getTssFactory (47): IAIK jTSS found. Using local bindings... 16:16:54:416 [INFO] ClearOwnership::execute (63): ClearOwnership succeeded [root@localhost jTpmTools_0.3]# ./jtt.sh take_owner -o theBIGsecret gives 16:17:00:507 [INFO] CommonSettings::getTssFactory (39): TrouSerS and/or jTSS Wrapper not found. Trying IAIK jTSS. 16:17:00:586 [INFO] TcTcsi::<clinit> (-1): Unable to open TCS configuration file for system persistent storage information. Disabling system persistent storage. 16:17:00:617 [INFO] CommonSettings::getTssFactory (47): IAIK jTSS found. Using local bindings... 16:17:02:525 [INFO] TakeOwnership::execute (82): TakeOwnership succeeded Now, trying "aik_create" with the new password: [root@localhost jTpmTools_0.3]# ./jtt.sh aik_create -o theBIGsecret -a theAIKsecret -l myAIK_0 still gives 16:20:06:492 [INFO] CommonSettings::getTssFactory (39): TrouSerS and/or jTSS Wrapper not found. Trying IAIK jTSS. 16:20:06:602 [INFO] TcTcsi::<clinit> (-1): Unable to open TCS configuration file for system persistent storage information. Disabling system persistent storage. 16:20:06:615 [INFO] CommonSettings::getTssFactory (47): IAIK jTSS found. Using local bindings... *** *** *** Welcome to the IAIK JCE Library *** *** *** *** This version of IAIK JCE is licensed for educational and research use *** *** and evaluation only. Commercial use of this software is prohibited. *** *** For details please see http://jce.iaik.tugraz.at/sales/licences/. *** *** This message does not appear in the registered commercial version. *** *** *** 16:20:07:611 [INFO] AikUtil::createEKCertificate (123): created EK certificate on-the-fly 16:20:07:687 [INFO] Client::overrideCertificates (113): overriding default EK certificate used by TSS 16:20:08:401 [INFO] PrivacyCa::processRequest (180): included EK certificate size: 1065 bytes 16:20:08:410 [INFO] PrivacyCa::processRequest (181): SubjAltName: id:49465800,SLD9630TT1.1,id:0104 16:20:08:410 [INFO] PrivacyCa::processRequest (188): PE: not included 16:20:08:410 [INFO] PrivacyCa::processRequest (196): CC: not included 16:20:08:451 [INFO] AikUtil::createPECertificate (176): created PE certificate on-the-fly 16:20:08:460 [INFO] AikUtil::createAIKCertificate (213): created AIK certificate on-the-fly 16:20:08:461 [INFO] PrivacyCa::processRequest (212): AIK blob size: 1386 iaik.tc.tss.api.exceptions.tsp.TcTspException: TSS Error: error layer: 0x3000 (TSP) error code (without layer): 0x0113 error code (full): 0x3113 error message: Authorization failed. at iaik.tc.tss.impl.java.tsp.internal.TcTspCommon.validateRespAuth(Unknown Source) at iaik.tc.tss.impl.java.tsp.internal.TcTspInternal.TspLoadKeyByBlob_Internal( TcTspInternal.java:105) at iaik.tc.tss.impl.java.tsp.TcRsaKey.loadKey(Unknown Source) at iaik.tc.apps.jtt.aik.Client.activateIdentity(Client.java:153) at iaik.tc.apps.jtt.aik.AikCreate.execute(AikCreate.java:322) at iaik.tc.utils.cmdline.SubCommand.run(SubCommand.java:69) at iaik.tc.utils.cmdline.SubCommandParser.parse( SubCommandParser.java:41) at iaik.tc.apps.JTpmTools.main(JTpmTools.java:110) 16:20:08:720 [ERROR] AikCreate::execute (326): client: ActivateIdentity failed Guessing that this might be an issue with jTSS_0.1 I reverted back to jTSSWrapper0.3, cleared and took ownership again (just to be safe) but now I get something more weird. Here's a sample: ./jtt.sh aik_create -o theBIGsecret -a theAIKsecret -l myAIK_0 And what I get is: 15:50:28:601 [INFO] CommonSettings::getTssFactory (37): TrouSerS TSS found. Using JNI bindings... 15:50:28:684 [WARN] TcTddlLinux::open (-1): Unable to open TPM device file /dev/tpm. Reason: /dev/tpm (Device or resource busy) 15:50:28:685 [ERROR] TcTcsi::<clinit> (-1): TCS startup failed. 15:50:28:685 [ERROR] TcTcsi::<clinit> (-1): TSS Error: error layer: 0x1000 (TDDL) error code (without layer): 0x87 error code (full): 0x1087 error message: The request could not be performed because of an IO device error. additional info: Unable to open TPM device file /dev/tpm. Reason: /dev/tpm (Device or resource busy) iaik.tc.tss.api.exceptions.tcs.TcTddlException: TSS Error: error layer: 0x1000 (TDDL) error code (without layer): 0x87 error code (full): 0x1087 error message: The request could not be performed because of an IO device error. additional info: Unable to open TPM device file /dev/tpm. Reason: /dev/tpm (Device or resource busy) at iaik.tc.tss.impl.java.tddl.TcTddlLinux.open(Unknown Source) at iaik.tc.tss.impl.java.tddl.TcTddl.getInstance(Unknown Source) at iaik.tc.tss.impl.java.tcs.TcTcsCommon.isOrdinalSupported(Unknown Source) at iaik.tc.tss.impl.java.tcs.tcsi.TcTcsi.<clinit>(Unknown Source) at iaik.tc.tss.impl.java.tsp.tcsbinding.local.TcTcsBindingLocal.TcsiOpenContext(Unknown Source) at iaik.tc.tss.impl.java.tsp.internal.TcTspInternal.TspContextOpen_Internal( TcTspInternal.java:378) at iaik.tc.tss.impl.java.tsp.TcContext.connect(Unknown Source) at iaik.tc.tss.impl.java.tsp.TcContext.connect(Unknown Source) at iaik.tc.apps.jtt.ek.ReadEkCert.getEkCert(ReadEkCert.java:41) at iaik.tc.apps.jtt.aik.AikCreate.execute(AikCreate.java:255) at iaik.tc.utils.cmdline.SubCommand.run(SubCommand.java:69) at iaik.tc.utils.cmdline.SubCommandParser.parse( SubCommandParser.java:41) at iaik.tc.apps.JTpmTools.main(JTpmTools.java:110) I know that this seems similar to the problem experienced by Carl in https://sourceforge.net/mailarchive/message.php?msg_id=300eed510707111800h71eadba1xf0113bd4b433ce65%40mail.gmail.combut the difference in my case is that TSS TrouSerS is found! (i.e. both the TPM and TSS (TrouSerS since I am using the jTSSWrapper this time) are both loaded correctly ---> This is awfully weird since other commands run fine under the same (TrouSerS + jTSSWrapper) configuration. For example, [root@localhost jTpmTools_0.3]# ./jtt.sh clear_owner -o theBIGsecret gives: 16:14:14:090 [INFO] CommonSettings::getTssFactory (37): TrouSerS TSS found. Using JNI bindings... 16:14:14:142 [INFO] ClearOwnership::execute (63): ClearOwnership succeeded and [root@localhost jTpmTools_0.3]# ./jtt.sh take_owner -o theBIGsecret gives 16:14:47:218 [INFO] CommonSettings::getTssFactory (37): TrouSerS TSS found. Using JNI bindings... 16:14:47:699 [INFO] TakeOwnership::execute (82): TakeOwnership succeeded P.S I don't think the two errors are related with the same cause but I am reporting them in the same mail anyways since they are both related to what I am trying to do! |
