From: Arshad N. <ars...@st...> - 2012-09-04 12:53:36
|
Thank you for your response, Ronald. I was afraid that your answer might be along these lines. The hardware is about 2 years old and has been using the TPM everyday. So, it is quite possible that the NVRAM has degraded. I will try your suggestions, but is there any test in the JTSS suite that can confirm that the TPM has permanently failed? Or, must one assume that if all/most of the tests fail? Thanks. Arshad On Sep 4, 2012, at 1:37 AM, Ronald Tögl <ron...@ia...> wrote: > Hello Arshad, > > We have not encountered this before, but I'd guess that something in your ecosystem must have changed. > > Is it an issue with a specific piece of (old) hardware? Perhaps the TPM you use has aged and now encounters problems with its NV-storage memory. > > Or is it an issue that occurs in several devices? > A not so obvious thing to check is the JCE library you use. Could there be a license issue? > Some OS hotfix might also influence the setup, for instance a new TPM driver. > > Of course, you should also test if the newest jTSS version happens to fix for your issues. > > Ronald > > > On 09/04/2012 06:14 AM, Arshad Noor wrote: >> Hello, >> >> We've been using JTSS 0.5 for two years and it has been fairly >> stable. However, suddenly without explanation, it has started >> failing on almost all decryptions. Some of the error messages >> are: >> >> ----------------------- >> iaik.tc.tss.api.exceptions.tcs.TcTcsException: >> TSS Error: >> error layer: 0x3000 (TSP) >> error code (without layer): 0x04 >> error code (full): 0x3004 >> error message: unknown >> additional info: Unable to determine LRU key handle >> >> at >> iaik.tc.tss.impl.java.tcs.kcmgr.TcTcsKeyHandleMgr.getTpmKhLruNotParent(TcTcsKeyHandleMgr.java:196) >> at >> iaik.tc.tss.impl.java.tcs.kcmgr.TcTcsKeyCacheTpm12.swapOutKeyNotParent(TcTcsKeyCacheTpm12.java:43) >> at >> iaik.tc.tss.impl.java.tcs.kcmgr.TcTcsKeyCache.ensureCanLoadKey(TcTcsKeyCache.java:205) >> at >> iaik.tc.tss.impl.java.tcs.kcmgr.TcTcsKeyManager.LoadKey2ByBlob(TcTcsKeyManager.java:100) >> at >> iaik.tc.tss.impl.java.tcs.tcsi.TcTcsi.TcsipLoadKey2ByBlob(TcTcsi.java:626) >> at >> iaik.tc.tss.impl.java.tsp.tcsbinding.local.TcTcsBindingLocal.TcsipLoadKey2ByBlob(TcTcsBindingLocal.java:121) >> at >> iaik.tc.tss.impl.java.tsp.internal.TcTspInternal.TspLoadKey2ByBlob_Internal(TcTspInternal.java:140) >> at iaik.tc.tss.impl.java.tsp.TcRsaKey.loadKey(TcRsaKey.java:633) >> ----------------------- >> >> Later on, similar attempts at the operation result in: >> >> ----------------------- >> iaik.tc.tss.api.exceptions.tcs.TcTpmException: >> >> TSS Error: >> error layer: 0x00 (TPM) >> error code (without layer): 0x15 >> error code (full): 0x15 >> error message: The TPM has insufficient internal resources to perform >> the requested action. >> >> at >> iaik.tc.tss.impl.java.tcs.pbg.TcTpmCmdCommon.handleRetCode(TcTpmCmdCommon.java:73) >> at >> iaik.tc.tss.impl.java.tcs.pbg.TcTpmCmdAuthorization.TpmOIAP(TcTpmCmdAuthorization.java:52) >> at >> iaik.tc.tss.impl.java.tcs.authmgr.TcTcsAuthManager.startOIAP(TcTcsAuthManager.java:27) >> at >> iaik.tc.tss.impl.java.tcs.tcsi.TcTcsi.TcsipOIAP(TcTcsi.java:2720) >> at >> iaik.tc.tss.impl.java.tsp.tcsbinding.local.TcTcsBindingLocal.TcsipOIAP(TcTcsBindingLocal.java:739) >> at >> iaik.tc.tss.impl.java.tsp.internal.TcTspInternal.TspOIAP_Internal(TcTspInternal.java:4064) >> at iaik.tc.tss.impl.java.tsp.TcRsaKey.loadKey(TcRsaKey.java:629) >> ----------------------- >> >> The details of our configuration: >> >> TPM: STM v1.2 >> OS: CentOS 5.3 (64-bit) >> JDK: 6 Update 16 (64-bit) >> JTSS: 0.5 >> >> >> Any suggestions on what might be causing these problems suddenly on >> something that has been behaving well for nearly two years? Thanks. >> >> Arshad Noor >> StrongAuth, Inc. >> >> ------------------------------------------------------------------------------ >> Live Security Virtual Conference >> Exclusive live event will cover all the ways today's security and >> threat landscape has changed and how IT managers can respond. Discussions >> will include endpoint security, mobile security and the latest in malware >> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ >> _______________________________________________ >> Trustedjava-support mailing list >> Tru...@li... >> https://lists.sourceforge.net/lists/listinfo/trustedjava-support > > > -- > Dipl.-Ing. Ronald Tögl phone +43 316/873-5502 > Secure and Correct Systems fax +43 316/873-5520 > IAIK ron...@ia... > Graz University of Technology http://www.iaik.tugraz.at > > |