From: Ronald T. <ron...@ia...> - 2012-09-04 14:30:46
|
The jTSS test suite does not expect a general/systematic error. Actually, a TPM is expected to do a self-test at power-on, but I believe it is vendor specific what happens there. You could try to replace the TPM with the TPM Emulator to learn if the hardware or the software is failing. Ronald On 09/04/2012 02:53 PM, Arshad Noor wrote: > Thank you for your response, Ronald. > > I was afraid that your answer might be along these lines. The hardware is about 2 years old and has been using the TPM everyday. So, it is quite possible that the NVRAM has degraded. > > I will try your suggestions, but is there any test in the JTSS suite that can confirm that the TPM has permanently failed? Or, must one assume that if all/most of the tests fail? > > Thanks. > > Arshad > > On Sep 4, 2012, at 1:37 AM, Ronald Tögl <ron...@ia...> wrote: > >> Hello Arshad, >> >> We have not encountered this before, but I'd guess that something in your ecosystem must have changed. >> >> Is it an issue with a specific piece of (old) hardware? Perhaps the TPM you use has aged and now encounters problems with its NV-storage memory. >> >> Or is it an issue that occurs in several devices? >> A not so obvious thing to check is the JCE library you use. Could there be a license issue? >> Some OS hotfix might also influence the setup, for instance a new TPM driver. >> >> Of course, you should also test if the newest jTSS version happens to fix for your issues. >> >> Ronald >> >> >> On 09/04/2012 06:14 AM, Arshad Noor wrote: >>> Hello, >>> >>> We've been using JTSS 0.5 for two years and it has been fairly >>> stable. However, suddenly without explanation, it has started >>> failing on almost all decryptions. Some of the error messages >>> are: >>> >>> ----------------------- >>> iaik.tc.tss.api.exceptions.tcs.TcTcsException: >>> TSS Error: >>> error layer: 0x3000 (TSP) >>> error code (without layer): 0x04 >>> error code (full): 0x3004 >>> error message: unknown >>> additional info: Unable to determine LRU key handle >>> >>> at >>> iaik.tc.tss.impl.java.tcs.kcmgr.TcTcsKeyHandleMgr.getTpmKhLruNotParent(TcTcsKeyHandleMgr.java:196) >>> at >>> iaik.tc.tss.impl.java.tcs.kcmgr.TcTcsKeyCacheTpm12.swapOutKeyNotParent(TcTcsKeyCacheTpm12.java:43) >>> at >>> iaik.tc.tss.impl.java.tcs.kcmgr.TcTcsKeyCache.ensureCanLoadKey(TcTcsKeyCache.java:205) >>> at >>> iaik.tc.tss.impl.java.tcs.kcmgr.TcTcsKeyManager.LoadKey2ByBlob(TcTcsKeyManager.java:100) >>> at >>> iaik.tc.tss.impl.java.tcs.tcsi.TcTcsi.TcsipLoadKey2ByBlob(TcTcsi.java:626) >>> at >>> iaik.tc.tss.impl.java.tsp.tcsbinding.local.TcTcsBindingLocal.TcsipLoadKey2ByBlob(TcTcsBindingLocal.java:121) >>> at >>> iaik.tc.tss.impl.java.tsp.internal.TcTspInternal.TspLoadKey2ByBlob_Internal(TcTspInternal.java:140) >>> at iaik.tc.tss.impl.java.tsp.TcRsaKey.loadKey(TcRsaKey.java:633) >>> ----------------------- >>> >>> Later on, similar attempts at the operation result in: >>> >>> ----------------------- >>> iaik.tc.tss.api.exceptions.tcs.TcTpmException: >>> >>> TSS Error: >>> error layer: 0x00 (TPM) >>> error code (without layer): 0x15 >>> error code (full): 0x15 >>> error message: The TPM has insufficient internal resources to perform >>> the requested action. >>> >>> at >>> iaik.tc.tss.impl.java.tcs.pbg.TcTpmCmdCommon.handleRetCode(TcTpmCmdCommon.java:73) >>> at >>> iaik.tc.tss.impl.java.tcs.pbg.TcTpmCmdAuthorization.TpmOIAP(TcTpmCmdAuthorization.java:52) >>> at >>> iaik.tc.tss.impl.java.tcs.authmgr.TcTcsAuthManager.startOIAP(TcTcsAuthManager.java:27) >>> at >>> iaik.tc.tss.impl.java.tcs.tcsi.TcTcsi.TcsipOIAP(TcTcsi.java:2720) >>> at >>> iaik.tc.tss.impl.java.tsp.tcsbinding.local.TcTcsBindingLocal.TcsipOIAP(TcTcsBindingLocal.java:739) >>> at >>> iaik.tc.tss.impl.java.tsp.internal.TcTspInternal.TspOIAP_Internal(TcTspInternal.java:4064) >>> at iaik.tc.tss.impl.java.tsp.TcRsaKey.loadKey(TcRsaKey.java:629) >>> ----------------------- >>> >>> The details of our configuration: >>> >>> TPM: STM v1.2 >>> OS: CentOS 5.3 (64-bit) >>> JDK: 6 Update 16 (64-bit) >>> JTSS: 0.5 >>> >>> >>> Any suggestions on what might be causing these problems suddenly on >>> something that has been behaving well for nearly two years? Thanks. >>> >>> Arshad Noor >>> StrongAuth, Inc. >>> >>> ------------------------------------------------------------------------------ >>> Live Security Virtual Conference >>> Exclusive live event will cover all the ways today's security and >>> threat landscape has changed and how IT managers can respond. Discussions >>> will include endpoint security, mobile security and the latest in malware >>> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ >>> _______________________________________________ >>> Trustedjava-support mailing list >>> Tru...@li... >>> https://lists.sourceforge.net/lists/listinfo/trustedjava-support >> >> -- >> Dipl.-Ing. Ronald Tögl phone +43 316/873-5502 >> Secure and Correct Systems fax +43 316/873-5520 >> IAIK ron...@ia... >> Graz University of Technology http://www.iaik.tugraz.at >> >> -- Dipl.-Ing. Ronald Tögl phone +43 316/873-5502 Secure and Correct Systems fax +43 316/873-5520 IAIK ron...@ia... Graz University of Technology http://www.iaik.tugraz.at |