Menu
▾
▴
Re: [Trustedjava-support] Sudden errors with TPM and JTSS
|
From: Arshad N. <ars...@st...> - 2012-09-05 12:40:29
|
Ronald, Any thoughts/comments on Ariel's response to my query on the Trousers mailing list? http://sourceforge.net/mailarchive/forum.php?thread_name=7265F7B88E689F4B97101260F8F70B71013A99E2%40IMCMBX03.MITRE.ORG&forum_name=trousers-users Thanks. Arshad On 09/04/2012 07:30 AM, Ronald Tögl wrote: > > The jTSS test suite does not expect a general/systematic error. > Actually, a TPM is expected to do a self-test at power-on, but I believe > it is vendor specific what happens there. > > You could try to replace the TPM with the TPM Emulator to learn if the > hardware or the software is failing. > > Ronald > > On 09/04/2012 02:53 PM, Arshad Noor wrote: >> Thank you for your response, Ronald. >> >> I was afraid that your answer might be along these lines. The hardware >> is about 2 years old and has been using the TPM everyday. So, it is >> quite possible that the NVRAM has degraded. >> >> I will try your suggestions, but is there any test in the JTSS suite >> that can confirm that the TPM has permanently failed? Or, must one >> assume that if all/most of the tests fail? >> >> Thanks. >> >> Arshad >> >> On Sep 4, 2012, at 1:37 AM, Ronald Tögl <ron...@ia...> >> wrote: >> >>> Hello Arshad, >>> >>> We have not encountered this before, but I'd guess that something in >>> your ecosystem must have changed. >>> >>> Is it an issue with a specific piece of (old) hardware? Perhaps the >>> TPM you use has aged and now encounters problems with its NV-storage >>> memory. >>> >>> Or is it an issue that occurs in several devices? >>> A not so obvious thing to check is the JCE library you use. Could >>> there be a license issue? >>> Some OS hotfix might also influence the setup, for instance a new TPM >>> driver. >>> >>> Of course, you should also test if the newest jTSS version happens to >>> fix for your issues. >>> >>> Ronald >>> >>> >>> On 09/04/2012 06:14 AM, Arshad Noor wrote: >>>> Hello, >>>> >>>> We've been using JTSS 0.5 for two years and it has been fairly >>>> stable. However, suddenly without explanation, it has started >>>> failing on almost all decryptions. Some of the error messages >>>> are: >>>> >>>> ----------------------- >>>> iaik.tc.tss.api.exceptions.tcs.TcTcsException: >>>> TSS Error: >>>> error layer: 0x3000 (TSP) >>>> error code (without layer): 0x04 >>>> error code (full): 0x3004 >>>> error message: unknown >>>> additional info: Unable to determine LRU key handle >>>> >>>> at >>>> iaik.tc.tss.impl.java.tcs.kcmgr.TcTcsKeyHandleMgr.getTpmKhLruNotParent(TcTcsKeyHandleMgr.java:196) >>>> >>>> at >>>> iaik.tc.tss.impl.java.tcs.kcmgr.TcTcsKeyCacheTpm12.swapOutKeyNotParent(TcTcsKeyCacheTpm12.java:43) >>>> >>>> at >>>> iaik.tc.tss.impl.java.tcs.kcmgr.TcTcsKeyCache.ensureCanLoadKey(TcTcsKeyCache.java:205) >>>> >>>> at >>>> iaik.tc.tss.impl.java.tcs.kcmgr.TcTcsKeyManager.LoadKey2ByBlob(TcTcsKeyManager.java:100) >>>> >>>> at >>>> iaik.tc.tss.impl.java.tcs.tcsi.TcTcsi.TcsipLoadKey2ByBlob(TcTcsi.java:626) >>>> >>>> at >>>> iaik.tc.tss.impl.java.tsp.tcsbinding.local.TcTcsBindingLocal.TcsipLoadKey2ByBlob(TcTcsBindingLocal.java:121) >>>> >>>> at >>>> iaik.tc.tss.impl.java.tsp.internal.TcTspInternal.TspLoadKey2ByBlob_Internal(TcTspInternal.java:140) >>>> >>>> at iaik.tc.tss.impl.java.tsp.TcRsaKey.loadKey(TcRsaKey.java:633) >>>> ----------------------- >>>> >>>> Later on, similar attempts at the operation result in: >>>> >>>> ----------------------- >>>> iaik.tc.tss.api.exceptions.tcs.TcTpmException: >>>> >>>> TSS Error: >>>> error layer: 0x00 (TPM) >>>> error code (without layer): 0x15 >>>> error code (full): 0x15 >>>> error message: The TPM has insufficient internal resources to perform >>>> the requested action. >>>> >>>> at >>>> iaik.tc.tss.impl.java.tcs.pbg.TcTpmCmdCommon.handleRetCode(TcTpmCmdCommon.java:73) >>>> >>>> at >>>> iaik.tc.tss.impl.java.tcs.pbg.TcTpmCmdAuthorization.TpmOIAP(TcTpmCmdAuthorization.java:52) >>>> >>>> at >>>> iaik.tc.tss.impl.java.tcs.authmgr.TcTcsAuthManager.startOIAP(TcTcsAuthManager.java:27) >>>> >>>> at >>>> iaik.tc.tss.impl.java.tcs.tcsi.TcTcsi.TcsipOIAP(TcTcsi.java:2720) >>>> at >>>> iaik.tc.tss.impl.java.tsp.tcsbinding.local.TcTcsBindingLocal.TcsipOIAP(TcTcsBindingLocal.java:739) >>>> >>>> at >>>> iaik.tc.tss.impl.java.tsp.internal.TcTspInternal.TspOIAP_Internal(TcTspInternal.java:4064) >>>> >>>> at iaik.tc.tss.impl.java.tsp.TcRsaKey.loadKey(TcRsaKey.java:629) >>>> ----------------------- >>>> >>>> The details of our configuration: >>>> >>>> TPM: STM v1.2 >>>> OS: CentOS 5.3 (64-bit) >>>> JDK: 6 Update 16 (64-bit) >>>> JTSS: 0.5 >>>> >>>> >>>> Any suggestions on what might be causing these problems suddenly on >>>> something that has been behaving well for nearly two years? Thanks. >>>> >>>> Arshad Noor >>>> StrongAuth, Inc. >>>> >>>> ------------------------------------------------------------------------------ >>>> >>>> Live Security Virtual Conference >>>> Exclusive live event will cover all the ways today's security and >>>> threat landscape has changed and how IT managers can respond. >>>> Discussions >>>> will include endpoint security, mobile security and the latest in >>>> malware >>>> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ >>>> _______________________________________________ >>>> Trustedjava-support mailing list >>>> Tru...@li... >>>> https://lists.sourceforge.net/lists/listinfo/trustedjava-support >>> >>> -- >>> Dipl.-Ing. Ronald Tögl phone +43 316/873-5502 >>> Secure and Correct Systems fax +43 316/873-5520 >>> IAIK ron...@ia... >>> Graz University of Technology http://www.iaik.tugraz.at >>> >>> > > |
