Menu
▾
▴
trustedjava-support
|
From: Nektarios I. <ine...@gm...> - 2007-08-16 15:22:19
|
Hello, Thanks Martin and Thomas for your replies. >The error occurs when the activateIdentity method is called. >Are you sure that you are using the correct SRK secret (TSS_WELL_KNOWN_SECRET >in your case)? YOu have to use the SRK secret you provided when taking >ownership of your TPM. I am pretty sure I am using the right owner password. I tried clearing and taking ownership several times and then tried the command again to make sure I was using the right owner password. I had not specified a custom SRK password so the TSS_WELL_KNOWN_SECRET should have been used by default. I did take a new ownership with a custom SRK key and specified this during "aik_create" but I am still getting the same exact error. Just to confirm here are my "clear_owner" and "take_owner" results just before trying "aik_create": [root@localhost jTpmTools_0.3]# ./jtt.sh clear_owner -o theBIGsecret gives 16:16:54:270 [INFO] CommonSettings::getTssFactory (39): TrouSerS and/or jTSS Wrapper not found. Trying IAIK jTSS. 16:16:54:367 [INFO] TcTcsi::<clinit> (-1): Unable to open TCS configuration file for system persistent storage information. Disabling system persistent storage. 16:16:54:392 [INFO] CommonSettings::getTssFactory (47): IAIK jTSS found. Using local bindings... 16:16:54:416 [INFO] ClearOwnership::execute (63): ClearOwnership succeeded [root@localhost jTpmTools_0.3]# ./jtt.sh take_owner -o theBIGsecret gives 16:17:00:507 [INFO] CommonSettings::getTssFactory (39): TrouSerS and/or jTSS Wrapper not found. Trying IAIK jTSS. 16:17:00:586 [INFO] TcTcsi::<clinit> (-1): Unable to open TCS configuration file for system persistent storage information. Disabling system persistent storage. 16:17:00:617 [INFO] CommonSettings::getTssFactory (47): IAIK jTSS found. Using local bindings... 16:17:02:525 [INFO] TakeOwnership::execute (82): TakeOwnership succeeded Now, trying "aik_create" with the new password: [root@localhost jTpmTools_0.3]# ./jtt.sh aik_create -o theBIGsecret -a theAIKsecret -l myAIK_0 still gives 16:20:06:492 [INFO] CommonSettings::getTssFactory (39): TrouSerS and/or jTSS Wrapper not found. Trying IAIK jTSS. 16:20:06:602 [INFO] TcTcsi::<clinit> (-1): Unable to open TCS configuration file for system persistent storage information. Disabling system persistent storage. 16:20:06:615 [INFO] CommonSettings::getTssFactory (47): IAIK jTSS found. Using local bindings... *** *** *** Welcome to the IAIK JCE Library *** *** *** *** This version of IAIK JCE is licensed for educational and research use *** *** and evaluation only. Commercial use of this software is prohibited. *** *** For details please see http://jce.iaik.tugraz.at/sales/licences/. *** *** This message does not appear in the registered commercial version. *** *** *** 16:20:07:611 [INFO] AikUtil::createEKCertificate (123): created EK certificate on-the-fly 16:20:07:687 [INFO] Client::overrideCertificates (113): overriding default EK certificate used by TSS 16:20:08:401 [INFO] PrivacyCa::processRequest (180): included EK certificate size: 1065 bytes 16:20:08:410 [INFO] PrivacyCa::processRequest (181): SubjAltName: id:49465800,SLD9630TT1.1,id:0104 16:20:08:410 [INFO] PrivacyCa::processRequest (188): PE: not included 16:20:08:410 [INFO] PrivacyCa::processRequest (196): CC: not included 16:20:08:451 [INFO] AikUtil::createPECertificate (176): created PE certificate on-the-fly 16:20:08:460 [INFO] AikUtil::createAIKCertificate (213): created AIK certificate on-the-fly 16:20:08:461 [INFO] PrivacyCa::processRequest (212): AIK blob size: 1386 iaik.tc.tss.api.exceptions.tsp.TcTspException: TSS Error: error layer: 0x3000 (TSP) error code (without layer): 0x0113 error code (full): 0x3113 error message: Authorization failed. at iaik.tc.tss.impl.java.tsp.internal.TcTspCommon.validateRespAuth(Unknown Source) at iaik.tc.tss.impl.java.tsp.internal.TcTspInternal.TspLoadKeyByBlob_Internal( TcTspInternal.java:105) at iaik.tc.tss.impl.java.tsp.TcRsaKey.loadKey(Unknown Source) at iaik.tc.apps.jtt.aik.Client.activateIdentity(Client.java:153) at iaik.tc.apps.jtt.aik.AikCreate.execute(AikCreate.java:322) at iaik.tc.utils.cmdline.SubCommand.run(SubCommand.java:69) at iaik.tc.utils.cmdline.SubCommandParser.parse( SubCommandParser.java:41) at iaik.tc.apps.JTpmTools.main(JTpmTools.java:110) 16:20:08:720 [ERROR] AikCreate::execute (326): client: ActivateIdentity failed Guessing that this might be an issue with jTSS_0.1 I reverted back to jTSSWrapper0.3, cleared and took ownership again (just to be safe) but now I get something more weird. Here's a sample: ./jtt.sh aik_create -o theBIGsecret -a theAIKsecret -l myAIK_0 And what I get is: 15:50:28:601 [INFO] CommonSettings::getTssFactory (37): TrouSerS TSS found. Using JNI bindings... 15:50:28:684 [WARN] TcTddlLinux::open (-1): Unable to open TPM device file /dev/tpm. Reason: /dev/tpm (Device or resource busy) 15:50:28:685 [ERROR] TcTcsi::<clinit> (-1): TCS startup failed. 15:50:28:685 [ERROR] TcTcsi::<clinit> (-1): TSS Error: error layer: 0x1000 (TDDL) error code (without layer): 0x87 error code (full): 0x1087 error message: The request could not be performed because of an IO device error. additional info: Unable to open TPM device file /dev/tpm. Reason: /dev/tpm (Device or resource busy) iaik.tc.tss.api.exceptions.tcs.TcTddlException: TSS Error: error layer: 0x1000 (TDDL) error code (without layer): 0x87 error code (full): 0x1087 error message: The request could not be performed because of an IO device error. additional info: Unable to open TPM device file /dev/tpm. Reason: /dev/tpm (Device or resource busy) at iaik.tc.tss.impl.java.tddl.TcTddlLinux.open(Unknown Source) at iaik.tc.tss.impl.java.tddl.TcTddl.getInstance(Unknown Source) at iaik.tc.tss.impl.java.tcs.TcTcsCommon.isOrdinalSupported(Unknown Source) at iaik.tc.tss.impl.java.tcs.tcsi.TcTcsi.<clinit>(Unknown Source) at iaik.tc.tss.impl.java.tsp.tcsbinding.local.TcTcsBindingLocal.TcsiOpenContext(Unknown Source) at iaik.tc.tss.impl.java.tsp.internal.TcTspInternal.TspContextOpen_Internal( TcTspInternal.java:378) at iaik.tc.tss.impl.java.tsp.TcContext.connect(Unknown Source) at iaik.tc.tss.impl.java.tsp.TcContext.connect(Unknown Source) at iaik.tc.apps.jtt.ek.ReadEkCert.getEkCert(ReadEkCert.java:41) at iaik.tc.apps.jtt.aik.AikCreate.execute(AikCreate.java:255) at iaik.tc.utils.cmdline.SubCommand.run(SubCommand.java:69) at iaik.tc.utils.cmdline.SubCommandParser.parse( SubCommandParser.java:41) at iaik.tc.apps.JTpmTools.main(JTpmTools.java:110) I know that this seems similar to the problem experienced by Carl in https://sourceforge.net/mailarchive/message.php?msg_id=300eed510707111800h71eadba1xf0113bd4b433ce65%40mail.gmail.combut the difference in my case is that TSS TrouSerS is found! (i.e. both the TPM and TSS (TrouSerS since I am using the jTSSWrapper this time) are both loaded correctly ---> This is awfully weird since other commands run fine under the same (TrouSerS + jTSSWrapper) configuration. For example, [root@localhost jTpmTools_0.3]# ./jtt.sh clear_owner -o theBIGsecret gives: 16:14:14:090 [INFO] CommonSettings::getTssFactory (37): TrouSerS TSS found. Using JNI bindings... 16:14:14:142 [INFO] ClearOwnership::execute (63): ClearOwnership succeeded and [root@localhost jTpmTools_0.3]# ./jtt.sh take_owner -o theBIGsecret gives 16:14:47:218 [INFO] CommonSettings::getTssFactory (37): TrouSerS TSS found. Using JNI bindings... 16:14:47:699 [INFO] TakeOwnership::execute (82): TakeOwnership succeeded P.S I don't think the two errors are related with the same cause but I am reporting them in the same mail anyways since they are both related to what I am trying to do! |
|
From: Nektarios I. <ine...@gm...> - 2007-08-23 11:52:08
|
Hello again,
So the situation so far is as follows:
Becoming desperate I resorted to extreme measures like reverting back to
Java 1.5 JDK , updating my Linux kernel to 2.6.22.2-42,
re-installed everything (from emulator to TrouSerS etc etc) from scratch....
In the mean time, back to the TC scene...
* I have managed to create and validate correctly an "ek.cert" file and I am
using that with my AIK creation "attempts". (Many thanks to Martin ;-) )
* None of the AIK creation sub-commands work neither with jTSS nor TrouSerS.
However I do get different errors in each case:
==========
jTSS case
==========
xkms_aik_create -a theAIKsecret -l aikLabel -o theBIGsecret --ekfile
/root/workspace/certificates/ek.cert
gives
12:34:24:847 [INFO] Client::overrideCertificates (123): overriding
default EK certificate used by TSS
sending RegisterRequest...
...result received
Validating XKMS message signature using certificate:
CN=IAIK OpenTC XKMS Test Responder,OU=IAIK trusted computing labs,O=Graz
University of Technology,C=AT
XKMS Result message signature is VALID.
iaik.tc.tss.api.exceptions.tsp.TcTspException:
TSS Error:
error layer: 0x3000 (TSP)
error code (without layer): 0x0113
error code (full): 0x3113
error message: Authorization failed.
at iaik.tc.tss.impl.java.tsp.internal.TcTspCommon.validateRespAuth(
TcTspCommon.java:144)
12:34:26:883 [ERROR] AikCreate::execute (360): client: ActivateIdentity
failed
at
iaik.tc.tss.impl.java.tsp.internal.TcTspInternal.TspLoadKeyByBlob_Internal(
TcTspInternal.java:105)
at iaik.tc.tss.impl.java.tsp.TcRsaKey.loadKey(TcRsaKey.java:494)
at iaik.tc.apps.jtt.aik.Client.activateIdentity(Client.java:171)
at iaik.tc.apps.jtt.aik.AikCreate.execute(AikCreate.java:356)
at iaik.tc.utils.cmdline.SubCommand.run(SubCommand.java:80)
at iaik.tc.utils.cmdline.SubCommandParser.parse(
SubCommandParser.java:52)
at iaik.tc.apps.JTpmTools.main(JTpmTools.java:113)
at com.test.CommandTool.main(CommandTool.java:31)
I have also print the two hashes that don't match in validateRespAuth():
outAuthValues hash: 06 9b 61 c5 21 2a ac 5a 02 fd 1f 11 1d f6 5e 04
0b 97 da 60
resAuthDataExpected hash: b6 99 29 09 ad 9f 82 1c 6c b7 d7 7f 2b 00 5b 9e
fd 88 82 93
Does anyone know what these two are? Where do the derive from?
==============
TrouSerS case
==============
xkms_aik_create -a theAIKsecret -l aikLabel -o theBIGsecret --noek
(I have specified the "ek.cert" file in tcsd.conf of TrouSerS so I am using
the --noek option here.)
this gives:
iaik.tc.tss.api.exceptions.tcs.TcTpmException:
TSS Error:
error layer: 0x00 (TPM)
error code (without layer): 0x22
error code (full): 0x22
error message: An invalid handle was used.
at iaik.tc.tss.impl.jni.tsp.TcBaseObject.handleRetCode(
TcBaseObject.java:104)
at iaik.tc.tss.impl.jni.tsp.TcTpm.collateIdentityRequest(TcTpm.java
:1071)
at iaik.tc.apps.jtt.aik.Client.collateIdentityReq(Client.java:110)
at iaik.tc.apps.jtt.aik.AikCreate.execute(AikCreate.java:335)
at iaik.tc.utils.cmdline.SubCommand.run(SubCommand.java:80)
at iaik.tc.utils.cmdline.SubCommandParser.parse(
SubCommandParser.java:52)
at iaik.tc.apps.JTpmTools.main(JTpmTools.java:113)
at com.test.CommandTool.main(CommandTool.java:31)
12:50:20:862 [ERROR] AikCreate::execute (339): client:
CollateIdentityRequest failed
Any comments?
Regards,
Nektarios
|
|
From: Martin P. <Mar...@ia...> - 2007-08-23 12:36:59
Attachments:
smime.p7s
|
Nektarios Ioannides wrote:
> None of the AIK creation sub-commands work neither with jTSS nor TrouSerS.
> Any comments?
We still cannot reproduce this, so we cannot debug it. :-/
For reference, commands as I run them:
(with TPM Emu 0.5)
root@...:/home/mpirker # tcsd -f
TCSD trousers 0.2.9.1 (with TPM 1.2 DUAL patch by IAIK <tho...@ia...>): TCSD up and running.
[...]
/testjtt/jTpmTools_0.3$ ./jtt.sh version
-----------------------------------
IAIK/OpenTC Java TPM Tools
- - - - - - - - - -
using IAIK Trusted Computing libs
jTSS, TCcert and XKMS
-----------------------------------
14:26:09:640 [INFO] CommonSettings::getTssFactory (37): TrouSerS TSS found. Using JNI bindings...
JTpmTools: 0.3 20070425 11:38:53
JTSS_TSP: 0.1 20070425 10:54:03
JTSS_JNI: 0.3 20070425 11:44:45
XKMS: 0.2-20070208
TCcert: 0.2.2-20070423-111432
/testjtt/jTpmTools_0.3$ md5sum ext_libs/*
0fa07ab364b2c696fdea40ba0a42ec90 ext_libs/iaik_jce.jar
321c846448df1eeead65f7007ea0cb76 ext_libs/iaik_jtss_tcs.jar
699a1d5653d3bb6d4291c260e0d33c6d ext_libs/iaik_jtss_tsp.jar
444a998ec535a37d6dd335254b897fbe ext_libs/iaik_jtss_wrapper.jar
4f933fd2bebbb3bcef2974b722337574 ext_libs/iaik_jtss_wrapper_swig.jar
4fc96bac6143ccac3be5850ea8653d8d ext_libs/iaik_tccert.jar
f1d00a83d6be8b8974678fb071d938d0 ext_libs/iaik_xkms.jar
f789ce61c05a8efd6c4c829f0cc607fd ext_libs/iaik_xsect.jar
/testjtt/jTpmTools_0.3$ ./jtt.sh aik_create -a whatever -l mycertlabel -o opentc --aikfile aik.file --noek
-----------------------------------
IAIK/OpenTC Java TPM Tools
- - - - - - - - - -
using IAIK Trusted Computing libs
jTSS, TCcert and XKMS
-----------------------------------
14:29:41:177 [INFO] CommonSettings::getTssFactory (37): TrouSerS TSS found. Using JNI bindings...
*** ***
*** Welcome to the IAIK JCE Library ***
*** ***
*** This version of IAIK JCE is licensed for educational and research use ***
*** and evaluation only. Commercial use of this software is prohibited. ***
*** For details please see http://jce.iaik.tugraz.at/sales/licences/. ***
*** This message does not appear in the registered commercial version. ***
*** ***
14:29:43:769 [INFO] PrivacyCa::decryptIdentityReqBlob (276): processed request from TrouSerS
14:29:43:851 [INFO] PrivacyCa::processRequest (180): included EK certificate size: 1389 bytes
14:29:43:881 [INFO] PrivacyCa::processRequest (181): SubjAltName: id:4941494B,unknownTPM,id:0100
14:29:43:890 [INFO] PrivacyCa::processRequest (188): PE: not included
14:29:43:897 [INFO] PrivacyCa::processRequest (196): CC: not included
14:29:50:635 [INFO] AikUtil::createPECertificate (176): created PE certificate on-the-fly
14:29:50:659 [INFO] AikUtil::createAIKCertificate (213): created AIK certificate on-the-fly
14:29:50:666 [INFO] PrivacyCa::processRequest (212): AIK blob size: 1448
14:29:51:059 [INFO] AikCreate::execute (330): AIK ActivateIdentity succeeded!
14:29:51:069 [INFO] AikCreate::verifyAndPrintAikLabel (171): received AIK certificate with IdLabel: 'mycertlabel'
14:29:51:070 [INFO] AikCreate::execute (339): AIK certificate written into file: aik.file
14:29:51:070 [INFO] AikCreate::execute (358): AIK TPM key structure written into file: aik.tpmkey
/testjtt/jTpmTools_0.3$ ./jtt.sh xkms_aik_create -a whatever -l mycertlabel -o opentc --aikfile aik.file --noek
-----------------------------------
IAIK/OpenTC Java TPM Tools
- - - - - - - - - -
using IAIK Trusted Computing libs
jTSS, TCcert and XKMS
-----------------------------------
14:30:35:355 [INFO] CommonSettings::getTssFactory (37): TrouSerS TSS found. Using JNI bindings...
*** ***
*** Welcome to the IAIK JCE Library ***
*** ***
*** This version of IAIK JCE is licensed for educational and research use ***
*** and evaluation only. Commercial use of this software is prohibited. ***
*** For details please see http://jce.iaik.tugraz.at/sales/licences/. ***
*** This message does not appear in the registered commercial version. ***
*** ***
*** ***
*** Welcome to the IAIK XKMS Library ***
*** ***
*** This version of XKMS is licensed for educational, research use ***
*** and evaluation only. Commercial use of this software is prohibited. ***
*** ***
*** ***
*** Welcome to the IAIK XML Security Toolkit (XSECT) ***
*** ***
*** This version of XSECT is licensed for educational and research use ***
*** and evaluation only. Commercial use of this software is prohibited. ***
*** For more details please see http://jce.iaik.at/products/. ***
*** This message does not appear in the registered commercial version. ***
*** ***
sending RegisterRequest...
...result received
Validating XKMS message signature using certificate:
CN=IAIK OpenTC XKMS Test Responder,OU=IAIK trusted computing labs,O=Graz University of Technology,C=AT
WARNING: No Version of Xerces found, please check your classpath, defaulting to DOM LEVEL 3
XKMS Result message signature is VALID.
14:30:40:635 [INFO] AikCreate::execute (330): AIK ActivateIdentity succeeded!
14:30:40:646 [INFO] AikCreate::verifyAndPrintAikLabel (171): received AIK certificate with IdLabel: 'mycertlabel'
14:30:40:647 [INFO] AikCreate::execute (339): AIK certificate written into file: aik.file
14:30:40:647 [INFO] AikCreate::execute (358): AIK TPM key structure written into file: aik.tpmkey
/testjtt/jTpmTools_0.3$ sudo killall tcsd
/testjtt/jTpmTools_0.3$ ./jtt.sh aik_create -a whatever -l mycertlabel -o opentc --aikfile aik.file --ekfile ek.cert
-----------------------------------
IAIK/OpenTC Java TPM Tools
- - - - - - - - - -
using IAIK Trusted Computing libs
jTSS, TCcert and XKMS
-----------------------------------
14:31:35:638 [INFO] CommonSettings::getTssFactory (39): TrouSerS and/or jTSS Wrapper not found. Trying IAIK jTSS.
14:31:35:759 [INFO] TcTcsi::<clinit> (-1): Unable to open TCS configuration file for system persistent storage information. Disabling system persistent
storage.
14:31:35:789 [INFO] CommonSettings::getTssFactory (47): IAIK jTSS found. Using local bindings...
*** ***
*** Welcome to the IAIK JCE Library ***
*** ***
*** This version of IAIK JCE is licensed for educational and research use ***
*** and evaluation only. Commercial use of this software is prohibited. ***
*** For details please see http://jce.iaik.tugraz.at/sales/licences/. ***
*** This message does not appear in the registered commercial version. ***
*** ***
14:31:36:596 [INFO] Client::overrideCertificates (113): overriding default EK certificate used by TSS
14:31:39:072 [INFO] PrivacyCa::processRequest (180): included EK certificate size: 1390 bytes
14:31:39:101 [INFO] PrivacyCa::processRequest (181): SubjAltName: id:4941494B,unknownTPM,id:0100
14:31:39:102 [INFO] PrivacyCa::processRequest (188): PE: not included
14:31:39:102 [INFO] PrivacyCa::processRequest (196): CC: not included
14:31:39:468 [INFO] AikUtil::createPECertificate (176): created PE certificate on-the-fly
14:31:39:492 [INFO] AikUtil::createAIKCertificate (213): created AIK certificate on-the-fly
14:31:39:501 [INFO] PrivacyCa::processRequest (212): AIK blob size: 1448
14:31:39:922 [INFO] AikCreate::execute (330): AIK ActivateIdentity succeeded!
14:31:39:927 [INFO] AikCreate::verifyAndPrintAikLabel (171): received AIK certificate with IdLabel: 'mycertlabel'
14:31:39:927 [INFO] AikCreate::execute (339): AIK certificate written into file: aik.file
14:31:39:927 [INFO] AikCreate::execute (358): AIK TPM key structure written into file: aik.tpmkey
/testjtt/jTpmTools_0.3$ ./jtt.sh xkms_aik_create -a whatever -l mycertlabel -o opentc --aikfile aik.file --ekfile ek.cert
-----------------------------------
IAIK/OpenTC Java TPM Tools
- - - - - - - - - -
using IAIK Trusted Computing libs
jTSS, TCcert and XKMS
-----------------------------------
14:31:58:190 [INFO] CommonSettings::getTssFactory (39): TrouSerS and/or jTSS Wrapper not found. Trying IAIK jTSS.
14:31:58:311 [INFO] TcTcsi::<clinit> (-1): Unable to open TCS configuration file for system persistent storage information. Disabling system persistent
storage.
14:31:58:341 [INFO] CommonSettings::getTssFactory (47): IAIK jTSS found. Using local bindings...
*** ***
*** Welcome to the IAIK JCE Library ***
*** ***
*** This version of IAIK JCE is licensed for educational and research use ***
*** and evaluation only. Commercial use of this software is prohibited. ***
*** For details please see http://jce.iaik.tugraz.at/sales/licences/. ***
*** This message does not appear in the registered commercial version. ***
*** ***
*** ***
*** Welcome to the IAIK XKMS Library ***
*** ***
*** This version of XKMS is licensed for educational, research use ***
*** and evaluation only. Commercial use of this software is prohibited. ***
*** ***
*** ***
*** Welcome to the IAIK XML Security Toolkit (XSECT) ***
*** ***
*** This version of XSECT is licensed for educational and research use ***
*** and evaluation only. Commercial use of this software is prohibited. ***
*** For more details please see http://jce.iaik.at/products/. ***
*** This message does not appear in the registered commercial version. ***
*** ***
14:32:00:733 [INFO] Client::overrideCertificates (113): overriding default EK certificate used by TSS
sending RegisterRequest...
...result received
Validating XKMS message signature using certificate:
CN=IAIK OpenTC XKMS Test Responder,OU=IAIK trusted computing labs,O=Graz University of Technology,C=AT
WARNING: No Version of Xerces found, please check your classpath, defaulting to DOM LEVEL 3
XKMS Result message signature is VALID.
14:32:03:115 [INFO] AikCreate::execute (330): AIK ActivateIdentity succeeded!
14:32:03:136 [INFO] AikCreate::verifyAndPrintAikLabel (171): received AIK certificate with IdLabel: 'mycertlabel'
14:32:03:136 [INFO] AikCreate::execute (339): AIK certificate written into file: aik.file
14:32:03:137 [INFO] AikCreate::execute (358): AIK TPM key structure written into file: aik.tpmkey
|
|
From: Saurabh A. <tan...@gm...> - 2007-08-16 17:34:06
|
hi just try using " -e ASCII "option with aik_create command. saurabh On 8/16/07, Nektarios Ioannides <ine...@gm...> wrote: > Hello, > > Thanks Martin and Thomas for your replies. > > >The error occurs when the activateIdentity method is called. > >Are you sure that you are using the correct SRK secret > (TSS_WELL_KNOWN_SECRET > >in your case)? YOu have to use the SRK secret you provided when taking > >ownership of your TPM. > > I am pretty sure I am using the right owner password. I tried clearing and > taking ownership several times and then tried the command again to make sure > I was using the right owner password. I had not specified a custom SRK > password so the TSS_WELL_KNOWN_SECRET should have been used by default. I > did take a new ownership with a custom SRK key and specified this during > "aik_create" but I am still getting the same exact error. > > Just to confirm here are my "clear_owner" and "take_owner" results just > before trying "aik_create": > > [root@localhost jTpmTools_0.3]# ./jtt.sh clear_owner -o theBIGsecret > > gives > > 16:16:54:270 [INFO] CommonSettings::getTssFactory (39): TrouSerS and/or jTSS > Wrapper not found. Trying IAIK jTSS. > 16:16:54:367 [INFO] TcTcsi::<clinit> (-1): Unable to open TCS > configuration file for system persistent storage information. Disabling > system persistent storage. > 16:16:54:392 [INFO] CommonSettings::getTssFactory (47): IAIK jTSS found. > Using local bindings... > 16:16:54:416 [INFO] ClearOwnership::execute (63): ClearOwnership > succeeded > > [root@localhost jTpmTools_0.3]# ./jtt.sh take_owner -o theBIGsecret > > gives > > 16:17:00:507 [INFO] CommonSettings::getTssFactory (39): TrouSerS and/or > jTSS Wrapper not found. Trying IAIK jTSS. > 16:17:00:586 [INFO] TcTcsi::<clinit> (-1): Unable to open TCS > configuration file for system persistent storage information. Disabling > system persistent storage. > 16:17:00:617 [INFO] CommonSettings::getTssFactory (47): IAIK jTSS found. > Using local bindings... > 16:17:02:525 [INFO] TakeOwnership::execute (82): TakeOwnership > succeeded > > > Now, trying "aik_create" with the new password: > > [root@localhost jTpmTools_0.3]# ./jtt.sh aik_create -o theBIGsecret -a > theAIKsecret -l myAIK_0 > > still gives > > 16:20:06:492 [INFO] CommonSettings::getTssFactory (39): TrouSerS and/or jTSS > Wrapper not found. Trying IAIK jTSS. > 16:20:06:602 [INFO] TcTcsi::<clinit> (-1): Unable to open TCS > configuration file for system persistent storage information. Disabling > system persistent storage. > 16:20:06:615 [INFO] CommonSettings::getTssFactory (47): IAIK jTSS found. > Using local bindings... > *** > *** > *** Welcome to the IAIK JCE Library > *** > *** > *** > *** This version of IAIK JCE is licensed for educational and research use > *** > *** and evaluation only. Commercial use of this software is prohibited. > *** > *** For details please see > http://jce.iaik.tugraz.at/sales/licences/. *** > *** This message does not appear in the registered commercial version. > *** > *** > *** > > 16:20:07:611 [INFO] AikUtil::createEKCertificate (123): created EK > certificate on-the-fly > 16:20:07:687 [INFO] Client::overrideCertificates (113): overriding default > EK certificate used by TSS > 16:20:08:401 [INFO] PrivacyCa::processRequest (180): included EK > certificate size: 1065 bytes > 16:20:08:410 [INFO] PrivacyCa::processRequest (181): SubjAltName: > id:49465800,SLD9630TT1.1,id:0104 > 16:20:08:410 [INFO] PrivacyCa::processRequest (188): PE: not included > 16:20:08:410 [INFO] PrivacyCa::processRequest (196): CC: not included > 16:20:08:451 [INFO] AikUtil::createPECertificate (176): created PE > certificate on-the-fly > 16:20:08:460 [INFO] AikUtil::createAIKCertificate (213): created AIK > certificate on-the-fly > 16:20:08:461 [INFO] PrivacyCa::processRequest (212): AIK blob size: 1386 > iaik.tc.tss.api.exceptions.tsp.TcTspException: > > TSS Error: > error layer: 0x3000 (TSP) > error code (without layer): 0x0113 > error code (full): 0x3113 > error message: Authorization failed. > > at > iaik.tc.tss.impl.java.tsp.internal.TcTspCommon.validateRespAuth(Unknown > Source) > at > iaik.tc.tss.impl.java.tsp.internal.TcTspInternal.TspLoadKeyByBlob_Internal(TcTspInternal.java:105) > at > iaik.tc.tss.impl.java.tsp.TcRsaKey.loadKey(Unknown Source) > at > iaik.tc.apps.jtt.aik.Client.activateIdentity(Client.java:153) > at > iaik.tc.apps.jtt.aik.AikCreate.execute(AikCreate.java:322) > at iaik.tc.utils.cmdline.SubCommand.run > (SubCommand.java:69) > at > iaik.tc.utils.cmdline.SubCommandParser.parse(SubCommandParser.java:41) > at iaik.tc.apps.JTpmTools.main(JTpmTools.java:110) > 16:20:08:720 [ERROR] AikCreate::execute (326): client: ActivateIdentity > failed > > > Guessing that this might be an issue with jTSS_0.1 I reverted back to > jTSSWrapper0.3, cleared and took ownership again (just to be safe) but now I > get something more weird. Here's a sample: > > ./jtt.sh aik_create -o theBIGsecret -a theAIKsecret -l myAIK_0 > > And what I get is: > > 15:50:28:601 [INFO] CommonSettings::getTssFactory (37): TrouSerS TSS found. > Using JNI bindings... > 15:50:28:684 [WARN] TcTddlLinux::open (-1): Unable to open TPM device > file /dev/tpm. > Reason: /dev/tpm (Device or resource busy) > > 15:50:28:685 [ERROR] TcTcsi::<clinit> (-1): TCS startup failed. > 15:50:28:685 [ERROR] TcTcsi::<clinit> (-1): > TSS Error: > error layer: 0x1000 (TDDL) > error code (without layer): 0x87 > error code (full): 0x1087 > error message: The request could not be performed because of an IO device > error. > additional info: Unable to open TPM device file /dev/tpm. > Reason: /dev/tpm (Device or resource busy) > > > iaik.tc.tss.api.exceptions.tcs.TcTddlException: > TSS Error: > error layer: 0x1000 (TDDL) > error code (without layer): 0x87 > error code (full): 0x1087 > error message: The request could not be performed because of an IO device > error. > additional info: Unable to open TPM device file /dev/tpm. > Reason: /dev/tpm (Device or resource busy) > > > at > iaik.tc.tss.impl.java.tddl.TcTddlLinux.open(Unknown Source) > at > iaik.tc.tss.impl.java.tddl.TcTddl.getInstance(Unknown > Source) > at > iaik.tc.tss.impl.java.tcs.TcTcsCommon.isOrdinalSupported > (Unknown Source) > at > iaik.tc.tss.impl.java.tcs.tcsi.TcTcsi.<clinit>(Unknown > Source) > at > iaik.tc.tss.impl.java.tsp.tcsbinding.local.TcTcsBindingLocal.TcsiOpenContext(Unknown > Source) > at > iaik.tc.tss.impl.java.tsp.internal.TcTspInternal.TspContextOpen_Internal > (TcTspInternal.java:378) > at > iaik.tc.tss.impl.java.tsp.TcContext.connect(Unknown Source) > at > iaik.tc.tss.impl.java.tsp.TcContext.connect(Unknown Source) > at > iaik.tc.apps.jtt.ek.ReadEkCert.getEkCert(ReadEkCert.java:41) > at > iaik.tc.apps.jtt.aik.AikCreate.execute(AikCreate.java:255) > at iaik.tc.utils.cmdline.SubCommand.run > (SubCommand.java:69) > at > iaik.tc.utils.cmdline.SubCommandParser.parse(SubCommandParser.java:41) > at iaik.tc.apps.JTpmTools.main(JTpmTools.java:110) > > > I know that this seems similar to the problem experienced by Carl in > https://sourceforge.net/mailarchive/message.php?msg_id=300eed510707111800h71eadba1xf0113bd4b433ce65%40mail.gmail.com > but the difference in my case is that > TSS TrouSerS is found! (i.e. both the TPM and TSS (TrouSerS since I am using > the jTSSWrapper this time) are both loaded correctly ---> This is awfully > weird since other commands run fine under the same (TrouSerS + jTSSWrapper) > configuration. > > For example, > > [root@localhost jTpmTools_0.3]# ./jtt.sh clear_owner -o theBIGsecret > > gives: > > 16:14:14:090 [INFO] CommonSettings::getTssFactory (37): TrouSerS TSS found. > Using JNI bindings... > 16:14:14:142 [INFO] ClearOwnership::execute (63): ClearOwnership > succeeded > > and > > [root@localhost jTpmTools_0.3]# ./jtt.sh take_owner -o theBIGsecret > > gives > > 16:14:47:218 [INFO] CommonSettings::getTssFactory (37): TrouSerS TSS found. > Using JNI bindings... > 16:14:47:699 [INFO] TakeOwnership::execute (82): TakeOwnership > succeeded > > > > > > > > > > > > > > > P.S I don't think the two errors are related with the same cause but I am > reporting them in the same mail anyways since they are both related to what > I am trying to do! > > > > ------------------------------------------------------------------------- > This SF.net email is sponsored by: Splunk Inc. > Still grepping through log files to find problems? Stop. > Now Search log events and configuration files using AJAX and a browser. > Download your FREE copy of Splunk now >> http://get.splunk.com/ > _______________________________________________ > Trustedjava-support mailing list > Tru...@li... > https://lists.sourceforge.net/lists/listinfo/trustedjava-support > > |
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X