Re: [Trustedjava-support] Problems with AIK create cycle (both local and XMKS types) [2]

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

hi

just try using " -e ASCII  "option with aik_create command.

saurabh

On 8/16/07, Nektarios Ioannides <ine...@gm...> wrote:
> Hello,
>
> Thanks  Martin and Thomas for your replies.
>
> >The error occurs when the activateIdentity method is called.
> >Are you sure that you are using the correct SRK secret
> (TSS_WELL_KNOWN_SECRET
>  >in your case)? YOu have to use the SRK secret you provided when taking
>  >ownership of your TPM.
>
> I am pretty sure I am using the right owner password. I tried clearing and
> taking ownership several times and then tried the command again to make sure
> I was using the right owner password. I had not specified a custom SRK
> password so the TSS_WELL_KNOWN_SECRET should have been used by default. I
> did take a new ownership with a custom SRK key and specified this during
> "aik_create" but I am still getting the same exact error.
>
> Just to confirm here are my "clear_owner" and "take_owner" results just
> before trying "aik_create":
>
> [root@localhost jTpmTools_0.3]# ./jtt.sh clear_owner -o theBIGsecret
>
> gives
>
> 16:16:54:270 [INFO] CommonSettings::getTssFactory (39): TrouSerS and/or jTSS
> Wrapper not found. Trying IAIK jTSS.
>  16:16:54:367 [INFO] TcTcsi::<clinit> (-1):      Unable to open TCS
> configuration file for system persistent storage information. Disabling
> system persistent storage.
>  16:16:54:392 [INFO] CommonSettings::getTssFactory (47): IAIK jTSS found.
> Using local bindings...
> 16:16:54:416 [INFO] ClearOwnership::execute (63):       ClearOwnership
> succeeded
>
> [root@localhost jTpmTools_0.3]# ./jtt.sh take_owner -o theBIGsecret
>
> gives
>
>  16:17:00:507 [INFO] CommonSettings::getTssFactory (39): TrouSerS and/or
> jTSS Wrapper not found. Trying IAIK jTSS.
> 16:17:00:586 [INFO] TcTcsi::<clinit> (-1):      Unable to open TCS
> configuration file for system persistent storage information. Disabling
> system persistent storage.
> 16:17:00:617 [INFO] CommonSettings::getTssFactory (47): IAIK jTSS found.
> Using local bindings...
>  16:17:02:525 [INFO] TakeOwnership::execute (82):        TakeOwnership
> succeeded
>
>
> Now, trying "aik_create" with the new password:
>
>  [root@localhost jTpmTools_0.3]# ./jtt.sh aik_create -o theBIGsecret -a
> theAIKsecret -l myAIK_0
>
> still gives
>
> 16:20:06:492 [INFO] CommonSettings::getTssFactory (39): TrouSerS and/or jTSS
> Wrapper not found. Trying IAIK jTSS.
> 16:20:06:602 [INFO] TcTcsi::<clinit> (-1):      Unable to open TCS
> configuration file for system persistent storage information. Disabling
> system persistent storage.
> 16:20:06:615 [INFO] CommonSettings::getTssFactory (47): IAIK jTSS found.
> Using local bindings...
>  ***
>                ***
> ***                    Welcome to the IAIK JCE Library
> ***
> ***
>               ***
>  *** This version of IAIK JCE is licensed for educational and research use
> ***
> *** and evaluation only. Commercial use of this software is prohibited.
> ***
> *** For details please see
> http://jce.iaik.tugraz.at/sales/licences/.     ***
>  *** This message does not appear in the registered commercial version.
> ***
> ***
>               ***
>
> 16:20:07:611 [INFO] AikUtil::createEKCertificate (123): created EK
> certificate on-the-fly
>  16:20:07:687 [INFO] Client::overrideCertificates (113): overriding default
> EK certificate used by TSS
> 16:20:08:401 [INFO] PrivacyCa::processRequest (180):    included EK
> certificate size: 1065 bytes
> 16:20:08:410 [INFO] PrivacyCa::processRequest (181):    SubjAltName:
> id:49465800,SLD9630TT1.1,id:0104
>  16:20:08:410 [INFO] PrivacyCa::processRequest (188):    PE: not included
> 16:20:08:410 [INFO] PrivacyCa::processRequest (196):    CC: not included
> 16:20:08:451 [INFO] AikUtil::createPECertificate (176): created PE
> certificate on-the-fly
>  16:20:08:460 [INFO] AikUtil::createAIKCertificate (213):        created AIK
> certificate on-the-fly
> 16:20:08:461 [INFO] PrivacyCa::processRequest (212):    AIK blob size: 1386
> iaik.tc.tss.api.exceptions.tsp.TcTspException:
>
>  TSS Error:
> error layer:                0x3000 (TSP)
> error code (without layer): 0x0113
> error code (full):          0x3113
> error message: Authorization failed.
>
>         at
> iaik.tc.tss.impl.java.tsp.internal.TcTspCommon.validateRespAuth(Unknown
> Source)
>          at
> iaik.tc.tss.impl.java.tsp.internal.TcTspInternal.TspLoadKeyByBlob_Internal(TcTspInternal.java:105)
>         at
> iaik.tc.tss.impl.java.tsp.TcRsaKey.loadKey(Unknown Source)
>         at
> iaik.tc.apps.jtt.aik.Client.activateIdentity(Client.java:153)
>          at
> iaik.tc.apps.jtt.aik.AikCreate.execute(AikCreate.java:322)
>         at iaik.tc.utils.cmdline.SubCommand.run
> (SubCommand.java:69)
>         at
> iaik.tc.utils.cmdline.SubCommandParser.parse(SubCommandParser.java:41)
>          at iaik.tc.apps.JTpmTools.main(JTpmTools.java:110)
> 16:20:08:720 [ERROR] AikCreate::execute (326):  client: ActivateIdentity
> failed
>
>
> Guessing that this might be an issue with jTSS_0.1 I reverted back to
> jTSSWrapper0.3, cleared and took ownership again (just to be safe) but now I
> get something more weird. Here's a sample:
>
>  ./jtt.sh aik_create -o theBIGsecret -a theAIKsecret -l myAIK_0
>
> And what I get is:
>
> 15:50:28:601 [INFO] CommonSettings::getTssFactory (37): TrouSerS TSS found.
> Using JNI bindings...
> 15:50:28:684 [WARN] TcTddlLinux::open (-1):     Unable to open TPM device
> file /dev/tpm.
>  Reason: /dev/tpm (Device or resource busy)
>
> 15:50:28:685 [ERROR] TcTcsi::<clinit> (-1):     TCS startup failed.
> 15:50:28:685 [ERROR] TcTcsi::<clinit> (-1):
> TSS Error:
>  error layer:                0x1000 (TDDL)
> error code (without layer): 0x87
>  error code (full):          0x1087
> error message: The request could not be performed because of an IO device
> error.
>  additional info: Unable to open TPM device file /dev/tpm.
> Reason: /dev/tpm (Device or resource busy)
>
>
> iaik.tc.tss.api.exceptions.tcs.TcTddlException:
> TSS Error:
> error layer:                0x1000 (TDDL)
> error code (without layer): 0x87
> error code (full):          0x1087
> error message: The request could not be performed because of an IO device
> error.
> additional info: Unable to open TPM device file /dev/tpm.
> Reason: /dev/tpm (Device or resource busy)
>
>
>         at
> iaik.tc.tss.impl.java.tddl.TcTddlLinux.open(Unknown Source)
>          at
> iaik.tc.tss.impl.java.tddl.TcTddl.getInstance(Unknown
> Source)
>         at
> iaik.tc.tss.impl.java.tcs.TcTcsCommon.isOrdinalSupported
> (Unknown Source)
>         at
> iaik.tc.tss.impl.java.tcs.tcsi.TcTcsi.<clinit>(Unknown
> Source)
>          at
> iaik.tc.tss.impl.java.tsp.tcsbinding.local.TcTcsBindingLocal.TcsiOpenContext(Unknown
> Source)
>         at
> iaik.tc.tss.impl.java.tsp.internal.TcTspInternal.TspContextOpen_Internal
> (TcTspInternal.java:378)
>         at
> iaik.tc.tss.impl.java.tsp.TcContext.connect(Unknown Source)
>          at
> iaik.tc.tss.impl.java.tsp.TcContext.connect(Unknown Source)
>         at
> iaik.tc.apps.jtt.ek.ReadEkCert.getEkCert(ReadEkCert.java:41)
>         at
> iaik.tc.apps.jtt.aik.AikCreate.execute(AikCreate.java:255)
>         at iaik.tc.utils.cmdline.SubCommand.run
> (SubCommand.java:69)
>         at
> iaik.tc.utils.cmdline.SubCommandParser.parse(SubCommandParser.java:41)
>          at iaik.tc.apps.JTpmTools.main(JTpmTools.java:110)
>
>
> I know that this seems similar to the problem experienced by Carl in
> https://sourceforge.net/mailarchive/message.php?msg_id=300eed510707111800h71eadba1xf0113bd4b433ce65%40mail.gmail.com
> but the difference in my case is that
> TSS TrouSerS is found! (i.e. both the TPM and TSS (TrouSerS since I am using
> the jTSSWrapper this time) are both loaded correctly ---> This is awfully
> weird since other commands run fine under the same (TrouSerS + jTSSWrapper)
> configuration.
>
> For example,
>
> [root@localhost jTpmTools_0.3]# ./jtt.sh clear_owner -o theBIGsecret
>
> gives:
>
>  16:14:14:090 [INFO] CommonSettings::getTssFactory (37): TrouSerS TSS found.
> Using JNI bindings...
> 16:14:14:142 [INFO] ClearOwnership::execute (63):       ClearOwnership
> succeeded
>
> and
>
> [root@localhost jTpmTools_0.3]# ./jtt.sh take_owner -o theBIGsecret
>
> gives
>
>  16:14:47:218 [INFO] CommonSettings::getTssFactory (37): TrouSerS TSS found.
> Using JNI bindings...
> 16:14:47:699 [INFO] TakeOwnership::execute (82):        TakeOwnership
> succeeded
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> P.S I don't think the two errors are related with the same cause but I am
> reporting them in the same mail anyways since they are both related to what
> I am trying to do!
>
>
>
> -------------------------------------------------------------------------
> This SF.net email is sponsored by: Splunk Inc.
> Still grepping through log files to find problems?  Stop.
> Now Search log events and configuration files using AJAX and a browser.
> Download your FREE copy of Splunk now >>  http://get.splunk.com/
> _______________________________________________
> Trustedjava-support mailing list
> Tru...@li...
> https://lists.sourceforge.net/lists/listinfo/trustedjava-support
>
>