[Trustedjava-support] "Unable to open TPM device" error while using TrouSerS TSS 0.2.9.1 & jTSSWrap

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

>Only one process can use /dev/tpm at a time.

>a) standalone/native JTSS directly accesses /dev/tpm
>or
>b) tcsd is sitting on /dev/tpm, JTssWrapper talks to tcsd on port 30003.

Yes I am aware of that.

>To see who is currently using /dev/tpm use the lsof command, e.g.:
>$ sudo lsof /dev/tpm
>COMMAND   PID USER   FD   TYPE DEVICE SIZE  NODE NAME
>tcsd    26753 root    3u   CHR 10,224      29876 /dev/tpm

Yes I have tried that and I get a similar output showing that tcsd is in
control (when I have TrouSerS running), otherwise I don't get any output.

>If you want to test your access/permission/setup try a simple command, e.g
.:

OK here's a small experiment. I am writing it here as I perform the steps in
my terminal:

1) I load my TPM emulator
2) I load TCSD
3) I run a jTPMTools command:

./jtt.sh pcr_read

09:46:55:455 [INFO] CommonSettings::getTssFactory (37): TrouSerS TSS found.
Using JNI bindings...
number of PCRs: 24
00:  ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
01:  ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
...

4) I unload TCSD (so that jTSS gets picked up by jTPMTools)
5) I run the SAME command:

./jtt.sh pcr_read

09:49:55:260 [INFO] CommonSettings::getTssFactory (39): TrouSerS and/or jTSS
Wrapper not found. Trying IAIK jTSS.
09:49:55:382 [INFO] TcTcsi::<clinit> (-1):      Unable to instantiate system
persistent storage (iaik.tc.tss.impl.ps.TcTssPsFileSystem). Disabling system
persistent storage.
09:49:55:394 [INFO] CommonSettings::getTssFactory (47): IAIK jTSS found.
Using local bindings...
number of PCRs: 24
00:  ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
01:  ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
...

This shows that both configurations (jTSS and TrouSerS-jTSSWrapper) work
fine.

Now, lets try "aik_create"...

6) I reload TCSD
I run
./jtt.sh aik_create -a theAIKsecret -o theBIGsecret -l myAIK_0

and I get:

09:52:31:305 [INFO] CommonSettings::getTssFactory (37): TrouSerS TSS found.
Using JNI bindings...
09:52:31:425 [WARN] TcTddlLinux::open (-1):     Unable to open TPM device
file /dev/tpm.
Reason: /dev/tpm (Device or resource busy)

09:52:31:427 [ERROR] TcTcsi::<clinit> (-1):     TCS startup failed.
09:52:31:427 [ERROR] TcTcsi::<clinit> (-1):
TSS Error:
error layer:                0x1000 (TDDL)
error code (without layer): 0x87
error code (full):          0x1087
error message: The request could not be performed because of an IO device
error.
additional info: Unable to open TPM device file /dev/tpm.
Reason: /dev/tpm (Device or resource busy)

iaik.tc.tss.api.exceptions.tcs.TcTddlException:
TSS Error:
error layer:                0x1000 (TDDL)
error code (without layer): 0x87
error code (full):          0x1087
error message: The request could not be performed because of an IO device
error.
additional info: Unable to open TPM device file /dev/tpm.
Reason: /dev/tpm (Device or resource busy)

        at iaik.tc.tss.impl.java.tddl.TcTddlLinux.open(Unknown Source)
        at iaik.tc.tss.impl.java.tddl.TcTddl.getInstance(Unknown Source)
        at iaik.tc.tss.impl.java.tcs.TcTcsCommon.isOrdinalSupported(Unknown
Source)
        at iaik.tc.tss.impl.java.tcs.tcsi.TcTcsi.<clinit>(Unknown Source)
        at
iaik.tc.tss.impl.java.tsp.tcsbinding.local.TcTcsBindingLocal.TcsiOpenContext(Unknown
Source)
        at
iaik.tc.tss.impl.java.tsp.internal.TcTspInternal.TspContextOpen_Internal(
TcTspInternal.java:378)
        at iaik.tc.tss.impl.java.tsp.TcContext.connect(Unknown Source)
        at iaik.tc.tss.impl.java.tsp.TcContext.connect(Unknown Source)
        at iaik.tc.apps.jtt.ek.ReadEkCert.getEkCert(ReadEkCert.java:41)
        at iaik.tc.apps.jtt.aik.AikCreate.execute(AikCreate.java:255)
        at iaik.tc.utils.cmdline.SubCommand.run(SubCommand.java:69)
        at iaik.tc.utils.cmdline.SubCommandParser.parse(
SubCommandParser.java:41)
        at iaik.tc.apps.JTpmTools.main(JTpmTools.java:110)

7) I unload the TCSD and try the SAME EXACT command:

./jtt.sh aik_create -a theAIKsecret -o theBIGsecret -l myAIK_0

and I get a DIFFERENT output !!! :

09:54:07:897 [INFO] CommonSettings::getTssFactory (39): TrouSerS and/or jTSS
Wrapper not found. Trying IAIK jTSS.
09:54:08:020 [INFO] TcTcsi::<clinit> (-1):      Unable to instantiate system
persistent storage (iaik.tc.tss.impl.ps.TcTssPsFileSystem). Disabling system
persistent storage.
09:54:08:032 [INFO] CommonSettings::getTssFactory (47): IAIK jTSS found.
Using local bindings...
                                                ***
09:54:09:121 [INFO] AikUtil::createEKCertificate (123): created EK
certificate on-the-fly
09:54:09:197 [INFO] Client::overrideCertificates (113): overriding default
EK certificate used by TSS
09:54:10:792 [INFO] PrivacyCa::processRequest (180):    included EK
certificate size: 1065 bytes
09:54:10:800 [INFO] PrivacyCa::processRequest (181):    SubjAltName:
id:49465800,SLD9630TT1.1,id:0104
09:54:10:800 [INFO] PrivacyCa::processRequest (188):    PE: not included
09:54:10:800 [INFO] PrivacyCa::processRequest (196):    CC: not included
09:54:10:852 [INFO] AikUtil::createPECertificate (176): created PE
certificate on-the-fly
09:54:10:860 [INFO] AikUtil::createAIKCertificate (213):        created AIK
certificate on-the-fly
09:54:10:862 [INFO] PrivacyCa::processRequest (212):    AIK blob size: 1386
iaik.tc.tss.api.exceptions.tsp.TcTspException:

TSS Error:
error layer:                0x3000 (TSP)
error code (without layer): 0x0113
error code (full):          0x3113
error message: Authorization failed.

        at iaik.tc.tss.impl.java.tsp.internal.TcTspCommon.validateRespAuth(Unknown
Source)
        at
iaik.tc.tss.impl.java.tsp.internal.TcTspInternal.TspLoadKeyByBlob_Internal(
TcTspInternal.java:105)
        at iaik.tc.tss.impl.java.tsp.TcRsaKey.loadKey(Unknown Source)
        at iaik.tc.apps.jtt.aik.Client.activateIdentity(Client.java:153)
        at iaik.tc.apps.jtt.aik.AikCreate.execute(AikCreate.java:322)
        at iaik.tc.utils.cmdline.SubCommand.run(SubCommand.java:69)
        at iaik.tc.utils.cmdline.SubCommandParser.parse(
SubCommandParser.java:41)
        at iaik.tc.apps.JTpmTools.main(JTpmTools.java:110)
09:54:11:123 [ERROR] AikCreate::execute (326):  client: ActivateIdentity
failed

It seems that when the pure jTSS is running "aik_create" does not get the IO
devife error and goes on... OK I haven't the reason I am getting the 0x3113
error yet BUT THE ISSUE REMAINS:
The only explanation I can give is that jTPMTools is trying to use jTSS with
"aik_create" when it SHOULD have been using TrouSerS and jTSSWrapper...

>Sorry, I cannot reproduce your problem.
As I said, the problem appears ONLY when i try to use "aik_create"!  -->
could this be bug then with jTpmTools ???
Please, try it with "aik_create" as well ... this is giving me a big
headache :-) !

>a full set of libraries:

Yes I have multi-checked. I have all the necessary libraries.

Many thanks,

Nektarios

[Trustedjava-support] "Unable to open TPM device" error while using TrouSerS TSS 0.2.9.1 & jTSSWrap

[Trustedjava-support] "Unable to open TPM device" error while using TrouSerS TSS 0.2.9.1 & jTSSWrapper 0.3