Menu
▾
▴
trustedjava-support
|
From: Till B. <ti...@on...> - 2007-07-04 16:44:23
|
Hello,
I am new to this list so fist a hello to everyone.
Now my problem. :)
I just installed JTSS, jTpmTools and the wrapper. I then took ownership of
my TPM, which is a STM 1.2 on a Dell Optiplex GX620, using the following
command:
----
$ sh jtt.sh take_owner -o till
-----------------------------------
IAIK/OpenTC Java TPM Tools
- - - - - - - - - -
using IAIK Trusted Computing libs
jTSS, TCcert and XKMS
-----------------------------------
LOG_DEBUG TSPI ../tcsd_api/clntside.c:102 Sending TSP packet to host
localhost.
LOG_DEBUG TSPI ../tcsd_api/clntside.c:118 Connecting to 127.0.0.1
LOG_ERR TSPI ../tcsd_api/clntside.c:121 ERROR: connect: Connection refused
LOG_ERR TSPI ../tcsd_api/tcstp.c:247 ERROR: Failed to send packet
18:18:04:207 [INFO] CommonSettings::getTssFactory (39): TrouSerS and/or jTSS
Wrapper not found. Trying IAIK jTSS.
18:18:04:405 [INFO] TcTcsi::<clinit> (-1): Unable to open TCS
configuration file for system persistent storage information. Disabling
system persistent storage.
18:18:04:453 [INFO] CommonSettings::getTssFactory (47): IAIK jTSS found.
Using local bindings...
18:18:17:680 [INFO] TakeOwnership::execute (82): TakeOwnership
succeeded
----
If I now try to read the pubek, I get the following error:
----
$ sh jtt.sh read_pubek -o till
-----------------------------------
IAIK/OpenTC Java TPM Tools
- - - - - - - - - -
using IAIK Trusted Computing libs
jTSS, TCcert and XKMS
-----------------------------------
LOG_DEBUG TSPI ../tcsd_api/clntside.c:102 Sending TSP packet to host
localhost.
LOG_DEBUG TSPI ../tcsd_api/clntside.c:118 Connecting to 127.0.0.1
LOG_ERR TSPI ../tcsd_api/clntside.c:121 ERROR: connect: Connection refused
LOG_ERR TSPI ../tcsd_api/tcstp.c:247 ERROR: Failed to send packet
18:18:37:697 [INFO] CommonSettings::getTssFactory (39): TrouSerS and/or jTSS
Wrapper not found. Trying IAIK jTSS.
18:18:37:897 [INFO] TcTcsi::<clinit> (-1): Unable to open TCS
configuration file for system persistent storage information. Disabling
system persistent storage.
18:18:37:943 [INFO] CommonSettings::getTssFactory (47): IAIK jTSS found.
Using local bindings...
iaik.tc.tss.api.exceptions.tcs.TcTpmException:
TSS Error:
error layer: 0x00 (TPM)
error code (without layer): 0x01
error code (full): 0x01
error message: Authentication failed
at iaik.tc.tss.impl.java.tcs.pbg.TcTpmCmdCommon.handleRetCode(Unknown
Source)
at
iaik.tc.tss.impl.java.tcs.pbg.TcTpmCmdEkHandling.TpmOwnerReadInternalPub(Unknown
Source)
at
iaik.tc.tss.impl.java.tcs.kcmgr.TcTcsKeyManager.OwnerReadInternalPub(Unknown
Source)
at iaik.tc.tss.impl.java.tcs.tcsi.TcTcsi.TcsipOwnerReadInternalPub(Unknown
Source)
at
iaik.tc.tss.impl.java.tsp.tcsbinding.local.TcTcsBindingLocal.TcsipOwnerReadInternalPub(Unknown
Source)
at
iaik.tc.tss.impl.java.tsp.internal.TcTspInternal.TspOwnerReadInternalPub_Internal
(TcTspInternal.java:3545)
at iaik.tc.tss.impl.java.tsp.TcTpm.getPubEndorsementKey(Unknown
Source)
at iaik.tc.tss.impl.java.tsp.TcTpm.getPubEndorsementKeyOwner(Unknown
Source)
at iaik.tc.apps.jtt.ek.ReadPublicEk.getEk(ReadPublicEk.java:47)
at iaik.tc.apps.jtt.ek.ReadPublicEk.execute(ReadPublicEk.java:67)
at iaik.tc.utils.cmdline.SubCommand.run(SubCommand.java:69)
at iaik.tc.utils.cmdline.SubCommandParser.parse(
SubCommandParser.java:41)
at iaik.tc.apps.JTpmTools.main(JTpmTools.java:110)
----
Any ideas?
Thanks a lot!
--
Regards
Till
**********************************************
Der Benutzer ist eine nicht zu
tolerierende Quelle der Unsicherheit
**********************************************
|
|
From: Thomas W. <tc...@to...> - 2007-07-04 18:59:20
|
Hello, > $ sh jtt.sh take_owner -o till [...] > LOG_DEBUG TSPI ../tcsd_api/clntside.c:102 Sending TSP packet to host > localhost. > LOG_DEBUG TSPI ../tcsd_api/clntside.c:118 Connecting to 127.0.0.1 > LOG_ERR TSPI ../tcsd_api/clntside.c:121 ERROR: connect: Connection refused > LOG_ERR TSPI ../tcsd_api/tcstp.c:247 ERROR: Failed to send packet > 18:18:04:207 [INFO] CommonSettings::getTssFactory (39): TrouSerS and/or > jTSS Wrapper not found. Trying IAIK jTSS. > 18:18:04:405 [INFO] TcTcsi::<clinit> (-1): Unable to open TCS > configuration file for system persistent storage information. Disabling > system persistent storage. > 18:18:04:453 [INFO] CommonSettings::getTssFactory (47): IAIK jTSS found. > Using local bindings... > 18:18:17:680 [INFO] TakeOwnership::execute (82): TakeOwnership > succeeded The above trace is telling me that you are using the full jTSS and not the wrapper. Taking the ownership succeeded. So far so good. > $ sh jtt.sh read_pubek -o till [...] > 18:18:37:943 [INFO] CommonSettings::getTssFactory (47): IAIK jTSS found. > Using local bindings... > iaik.tc.tss.api.exceptions.tcs.TcTpmException: > > TSS Error: > error layer: 0x00 (TPM) > error code (without layer): 0x01 > error code (full): 0x01 > error message: Authentication failed This indeed is strange. Since you have supplied the same password as when taking ownership this should not fail. Back at the IAIK labs we had a machine with an STM 1.2 TPM and as far as I can recall everything worked as expected on that machine. bye, -- Thomas Winkler e-mail: tc...@to... |
|
From: Till B. <ti...@on...> - 2007-07-05 06:34:43
|
Hello,
I just tried using the wrapper and TrouSerS and now it works. So I guess
there is a problem inside JTSS or something like that...
On 7/4/07, Thomas Winkler <tc...@to...> wrote:
>
> Hello,
>
> > $ sh jtt.sh take_owner -o till
> [...]
> > LOG_DEBUG TSPI ../tcsd_api/clntside.c:102 Sending TSP packet to host
> > localhost.
> > LOG_DEBUG TSPI ../tcsd_api/clntside.c:118 Connecting to 127.0.0.1
> > LOG_ERR TSPI ../tcsd_api/clntside.c:121 ERROR: connect: Connection
> refused
> > LOG_ERR TSPI ../tcsd_api/tcstp.c:247 ERROR: Failed to send packet
> > 18:18:04:207 [INFO] CommonSettings::getTssFactory (39): TrouSerS and/or
> > jTSS Wrapper not found. Trying IAIK jTSS.
> > 18:18:04:405 [INFO] TcTcsi::<clinit> (-1): Unable to open TCS
> > configuration file for system persistent storage information. Disabling
> > system persistent storage.
> > 18:18:04:453 [INFO] CommonSettings::getTssFactory (47): IAIK jTSS found.
> > Using local bindings...
> > 18:18:17:680 [INFO] TakeOwnership::execute (82): TakeOwnership
> > succeeded
>
> The above trace is telling me that you are using the full jTSS and not the
> wrapper. Taking the ownership succeeded. So far so good.
>
>
>
> > $ sh jtt.sh read_pubek -o till
> [...]
> > 18:18:37:943 [INFO] CommonSettings::getTssFactory (47): IAIK jTSS found.
> > Using local bindings...
> > iaik.tc.tss.api.exceptions.tcs.TcTpmException:
> >
> > TSS Error:
> > error layer: 0x00 (TPM)
> > error code (without layer): 0x01
> > error code (full): 0x01
> > error message: Authentication failed
>
> This indeed is strange. Since you have supplied the same password as when
> taking ownership this should not fail. Back at the IAIK labs we had a
> machine
> with an STM 1.2 TPM and as far as I can recall everything worked as
> expected
> on that machine.
>
> bye,
> --
> Thomas Winkler
> e-mail: tc...@to...
>
--
Regards
Till
**********************************************
Der Benutzer ist eine nicht zu
tolerierende Quelle der Unsicherheit
**********************************************
|
|
From: Martin P. <Mar...@ia...> - 2007-07-05 07:10:06
Attachments:
smime.p7s
|
Till Bentz wrote: > I am new to this list so fist a hello to everyone. Hi, welcome to the world of Trusted Computing :-) > Now my problem. :) JTpmTools can work with both pure JTss and the JTssWrapper. On startup JTpmTools tries to be smart and autodetect which variant to use. If "iaik_jtss_wrapper.jar", "iaik_jtss_wrapper_swig.jar" and "libtspiwrapper.so" and a running TrouSerS are present, it will use the JTssWrapper, otherwise it will fall back to pure JTss. Both options have advantages and disadvantages: the wrapper maps to TrouSerS and thus is pretty 1.1 feature complete, but introduces the fragility/complexity of the JNI mapping (e.g. 64bit support hasn't received much testing). JTss offers some 1.2 things like access to the on-chip certificates, while still lacking implementation even for fundamental things like key persistant storage. Summarizing, it's all "under construction", wear a hard hat while venturing :-) > LOG_DEBUG TSPI ../tcsd_api/clntside.c:102 Sending TSP packet to host localhost. > LOG_DEBUG TSPI ../tcsd_api/clntside.c:118 Connecting to 127.0.0.1 > LOG_ERR TSPI ../tcsd_api/clntside.c:121 ERROR: connect: Connection refused > LOG_ERR TSPI ../tcsd_api/tcstp.c:247 ERROR: Failed to send packet This appears to be a problem with your TrouSerS setup... > 18:18:04:207 [INFO] CommonSettings::getTssFactory (39): TrouSerS and/or > jTSS Wrapper not found. Trying IAIK jTSS. ...so the fallback to JTss is tried instead > I just installed JTSS, jTpmTools and the wrapper. I then took ownership of > my TPM, which is a STM 1.2 on a Dell Optiplex GX620, using the following > command: ST got the least testing, but it was tested on ST before release and it worked AFAIR. Hm. Sorry, can't help right now why JTss isn't working on ST. HTH -- Martin Pirker IAIK, TU Graz |
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X