Menu
▾
▴
trustedjava-support
|
From: Carl N. <car...@go...> - 2007-07-12 01:00:38
|
Hello All,
I am new to the Linux world and need some help to implement an integrity
measurement for couple of files as a demonstration.
I am using a TPM Emulator for all these tests and have successfully took
ownership of it through the jTSS (which does not enable persistent storage)
First from my understanding there are 2 ways to get the jTPM-Tools working.
1) Either through TrouSerS and the jTpm-Wrapper0.3
2) OR using the jTSS
I have installed the TrouSerS and the jTpm-Wrapper0.3 (and 0.2.5) and run
the 52 tests successfully in both distributions, however when trying through
the jTPM-Tools I get the following error messages.
---------------------------------------------------
23:34:47:240 [INFO] CommonSettings::getTssFactory (39): TrouSerS and/or jTSS
Wrapper not found. Trying IAIK jTSS.
23:34:47:327 [INFO] TcTcsi::<clinit> (-1): Unable to open TCS
configuration file for system persistent storage information. Disabling
system persistent storage.
---------------------------------------------------
Therefore I installed jTSS works, but I noticed that persistent storage is
not working and that there's additional commands which are available through
the TSS and Wrapper, which I probably need them in my tests. So is there any
helpful comments to get them working.
If I start the Trusted Core Services Daemon tcsd of the TrouSerS TSS, I get
another error message.
-----------------------------------------------------------
23:50:18:338 [INFO] CommonSettings::getTssFactory (39): TrouSerS and/or jTSS
Wrapper not found. Trying IAIK jTSS.
23:50:18:406 [WARN] TcTddlLinux::open (-1): Unable to open TPM device
file /dev/tpm.
Reason: /dev/tpm (Device or resource busy)
23:50:18:407 [ERROR] TcTcsi::<clinit> (-1): TCS startup failed.
23:50:18:407 [ERROR] TcTcsi::<clinit> (-1):
TSS Error:
error layer: 0x1000 (TDDL)
error code (without layer): 0x87
error code (full): 0x1087
error message: The request could not be performed because of an IO device
error.
additional info: Unable to open TPM device file /dev/tpm.
Reason: /dev/tpm (Device or resource busy)
iaik.tc.tss.api.exceptions.tcs.TcTddlException:
TSS Error:
error layer: 0x1000 (TDDL)
error code (without layer): 0x87
error code (full): 0x1087
error message: The request could not be performed because of an IO device
error.
additional info: Unable to open TPM device file /dev/tpm.
Reason: /dev/tpm (Device or resource busy)
-----------------------------------------------------------
In addition when using the jTSS I am not able to create AIK key I get the
following Exception.
-----------------------------------------------------------------------------
00:20:25:506 [INFO] TcTcsi::<clinit> (-1): Unable to open TCS
configuration file for system persistent storage information. Disabling
system persistent storage.
00:20:25:525 [INFO] CommonSettings::getTssFactory (47): IAIK jTSS found.
Using local bindings...
Exception in thread "main" java.lang.NoClassDefFoundError:
iaik/x509/X509ExtensionException
at iaik.tc.apps.jtt.aik.AikCreate.execute(AikCreate.java:258)
at iaik.tc.utils.cmdline.SubCommand.run (SubCommand.java:69)
at iaik.tc.utils.cmdline.SubCommandParser.parse(
SubCommandParser.java:41)
at iaik.tc.apps.JTpmTools.main(JTpmTools.java:110)
-------------------------------------------------------------------------------------
Thank you in advance for your help.
Regards, Carl
|
|
From: Saurabh A. <tan...@gm...> - 2007-07-12 03:58:01
|
Hi On 7/12/07, Carl Nickelson <car...@go...> wrote: > Hello All, > > I am new to the Linux world and need some help to implement an integrity > measurement for couple of files as a demonstration. > I am using a TPM Emulator for all these tests and have successfully took > ownership of it through the jTSS (which does not enable persistent storage) > > First from my understanding there are 2 ways to get the jTPM-Tools working. > 1) Either through TrouSerS and the jTpm-Wrapper0.3 > 2) OR using the jTSS I also implemented a remote attestation demo sometime back and I used Trousers and jTssWrapper 025. It worked good on my HP dc7600 with broadcom 1.2 TPM. The only hitch is that its hard to debug or "dwell" into the code because of the native interface and trousers link and the support frm mailing list is not very supportive. on the other hand, jTSS has complete source code on platter. > > I have installed the TrouSerS and the jTpm-Wrapper0.3 (and 0.2.5) and run > the 52 tests successfully in both distributions, however when trying through > the jTPM-Tools I get the following error messages. > > ------------------------------ > --------------------- > 23:34:47:240 [INFO] CommonSettings::getTssFactory (39): TrouSerS and/or jTSS > Wrapper not found. Trying IAIK jTSS. > 23:34:47:327 [INFO] TcTcsi::<clinit> (-1): Unable to open TCS > configuration file for system persistent storage information. Disabling > system persistent storage. > --------------------------------------------------- > > Therefore I installed jTSS works, but I noticed that persistent storage is > not working and that there's additional commands which are available through > the TSS and Wrapper, which I probably need them in my tests. So is there any > helpful comments to get them working. > > If I start the Trusted Core Services Daemon tcsd of the TrouSerS TSS, I get > another error message. > ----------------------------------------------------------- > 23:50:18:338 [INFO] CommonSettings::getTssFactory (39): TrouSerS and/or jTSS > Wrapper not found. Trying IAIK jTSS. > 23:50:18:406 [WARN] TcTddlLinux::open (-1): Unable to open TPM device > file /dev/tpm. > Reason: /dev/tpm (Device or resource busy) > > 23:50:18:407 [ERROR] TcTcsi::<clinit> (-1): TCS startup failed. > 23:50:18:407 [ERROR] TcTcsi::<clinit> (-1): > TSS Error: > error layer: 0x1000 (TDDL) > error code (without layer): 0x87 > error code (full): 0x1087 > error message: The request could not be performed because of an IO device > error. > additional info: Unable to open TPM device file /dev/tpm. > Reason: /dev/tpm (Device or resource busy) > > iaik.tc.tss.api.exceptions.tcs.TcTddlException: > TSS Error: > error layer: 0x1000 (TDDL) > error code (without layer): 0x87 > error code (full): 0x1087 > error message: The request could not be performed because of an IO device > error. > additional info: Unable to open TPM device file /dev/tpm. > Reason: /dev/tpm (Device or resource busy) > ----------------------------------------------------------- if you will run Trousers daemon, you will not be able to use with jTSS. resource will be blocked by trousers daemon and hence the error. you can use trousers here only with the jtsswrapper. and I am not sure of this .. whether persistent storage has to do with TPM emulator not supporting it ?? best Tanish |
|
From: Thomas W. <tc...@to...> - 2007-07-12 08:48:10
|
Hello, > The only hitch is that its hard to debug or "dwell" > into the code because of the native interface and trousers link and > the support frm mailing list is not very supportive. This list should also be seen as a "users help users" list. According to the SF download numbers there are some users for the TC libraries. But either they have no problems at all or they are not on this list for some other reason.... > and I am not sure of this .. whether persistent storage has to do with > TPM emulator not supporting it ?? This has nothing to do with the emulator or the TPM. The persistent storage is a pure software thing which simply is not implemented in the current release of jTSS (but TrouSerS via jTSS Wrapper provides a persistent storage). Maybe the IAIK guys are already working on a persistent sotrage implementation for jTSS. But this is not a trivial thing if you want to get it right (I only say thread safety and proper synchronization, key hierarchies, ...). Bye, -- Thomas Winkler e-mail: tc...@to... |
|
From: Carl N. <car...@go...> - 2007-07-12 16:13:47
|
Hi All, Thanks for the reply, but I need to clear some points. 1) I can run the jTssWrapper_0.3 tests successfully. 2) Additional libraries iaik_jtss_wrapper.jar, iaik_jtss_wrapper_swig.jar and libtspiwrapper.so are located in the ext_lib of the jTpm-Tools. So is there any other sources of problem that could lead to this error. ----------------------------------------------------------------------------------------------------------- 23:34:47:240 [INFO] CommonSettings::getTssFactory (39): TrouSerS and/or jTSS Wrapper not found. Trying IAIK jTSS. ----------------------------------------------------------------------------------------------------------- In addition I would like to add that during the tests I have to enable TrouSerS Daemon (tcsd). Regards, Carl |
|
From: <ron...@ia...> - 2007-07-13 08:53:14
Attachments:
smime.p7s
|
Hello Carl,
It is good to hear that the wrapper tests are running.
I'm not sure what causes the problem you encounter, so I will repeat the
relevant steps to take and will sprinkle some versions numbers over it:
Before using the jTpmTools 0.3, be sure to start the tpmd_dev kernel
module for the emulator (V0.5).
Of course, for the jTSS Wrapper 0.3 to run you need to start the tcsd
with root privileges first. Are you using TrouSerS version 0.2.9.1?
The message you encounter is not an error, but rather informative: There
is some problem with trousers, and it will try to use jTSS 0.1 instead.
If there is no other error message, jTSS will be used: then we know at
least, that the TPM emulator is still up and running correctly.
Please check again, that those libs are indeed contained in ext_libs
(list taken from the documentation) and also check that you have the
most recent versions. Check if you have a Java5 VM running.
jTSS
ext_libs/iaik_jtss_tsp.jar - V0.1
ext_libs/iaik_jtss_tcs.jar - V0.1
JTss Wrapper
ext_libs/iaik_jtss_wrapper.jar - V0.3
ext_libs/iaik_jtss_wrapper_swig.jar - V0.3
ext_libs/libtspiwrapper.so - V0.3
IAIK JCE
ext_libs/iaik_jce.jar
IAIK XSECT
ext_libs/iaik_xsect.jar
IAIK XKMS
ext_libs/iaik_xkms.jar
IAIK TCcert
ext_libs/iaik_tccert.jar
JAXB - Version 2.05
ext_libs/jaxb/activation.jar
ext_libs/jaxb/jaxb-api.jar
ext_libs/jaxb/jaxb-impl.jar
ext_libs/jaxb/jsr173_1.0_api.jar
hth,
--
Ronald Toegl
IAIK, TU Graz
|
|
From: Thomas W. <tc...@to...> - 2007-07-12 08:42:00
|
Hello, > If I start the Trusted Core Services Daemon tcsd of the TrouSerS TSS, I get > another error message. > ----------------------------------------------------------- > 23:50:18:338 [INFO] CommonSettings::getTssFactory (39): TrouSerS and/or > jTSS Wrapper not found. Trying IAIK jTSS. > 23:50:18:406 [WARN] TcTddlLinux::open (-1): Unable to open TPM device > file /dev/tpm. > Reason: /dev/tpm (Device or resource busy) > > 23:50:18:407 [ERROR] TcTcsi::<clinit> (-1): TCS startup failed. >[...] > additional info: Unable to open TPM device file /dev/tpm. > Reason: /dev/tpm (Device or resource busy) If you are running TrouSerS (tcsd), it exclusively opens the TPM device file. Therefore jTSS (full Java TSS) can not access the device and you get the TCS startup error message. By default, jTpmTools first try to use TrouSerS via jTSS Wrapper. If that fails (as in the case above) it falls back to jTSS (which in turn fails because TrouSerS Daemon (tcsd) is blocking the TPM device). So far so good. Question now is why jTSS Wrapper does not work for you. jTpmTools documentation says: "The jTpmTools expect the additional IAIK/OpenTC jTSS Wrapper libraries to be located in the ext_libs subfolder. jTpmTools requires a IAIK/OpenTC jTSS Wrapper of the 0.3.x series, the 0.2.x series is not compatible!" In other words you have to copy (or symlink) iaik_jtss_wrapper.jar, iaik_jtss_wrapper_swig.jar and libtspiwrapper.so into the ext_libs folder. > In addition when using the jTSS I am not able to create AIK key I get the > following Exception. > [...] > Exception in thread "main" java.lang.NoClassDefFoundError: > iaik/x509/X509ExtensionException > at iaik.tc.apps.jtt.aik.AikCreate.execute(AikCreate.java:258) > at iaik.tc.utils.cmdline.SubCommand.run (SubCommand.java:69) > at iaik.tc.utils.cmdline.SubCommandParser.parse( > SubCommandParser.java:41) > at iaik.tc.apps.JTpmTools.main(JTpmTools.java:110) Please double check that you have IAIK JCE, TcCert and friends installed correctly. Regards, -- Thomas Winkler e-mail: tc...@to... |
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X