0

I'm discovering the tpm2.0 chip on Ubuntu 17.10. I'm using tpm2-tools package in version 1.1.0. (I have physical chip on my laptop). However when I try to clear the chip I have an error.

$ tpm2_takeownership -c
Clear Failed ! ErrorCode: 0x921

I launched tpmtest too and had few more error.

9 - DICTIONARY ATTACK LOCK RESET TEST
DICTIONARY ATTACK LOCK RESET TEST:
    passing case:   FAILED!  TPM Error: 0x921

16 - POLICY TESTS
POLICY TESTS:
Policy Test: PASSWORD
    passing case:   PASSED!
    passing case:   PASSED!
    passing case:   PASSED!
    passing case:   PASSED!
    passing case:   PASSED!
    passing case:   PASSED!
    passing case:   FAILED!  TPM Error: 0x9a2

24 - QUOTE CONTROL TESTS
QUOTE CONTROL TESTS:
    passing case:   FAILED!  TPM Error: 0x184

I also had a failed test in tpmclient.

$ tpmclient
[...]
STARTUP TESTS:
passing case:   PASSED!
passing case:   FAILED!  TPM Error: 0x100

I checked that resourcemgr service is well activated. I tryed some basics commands over the tpm (tpm2_create, tpm2_load, tpm2_rsaencrypt, tpm2_sign, etc...) and they worked.

Here is the output of tpm2_rc_decode:

$ tpm2_rc_decode 0x921
error layer
  hex: 0x0
  identifier: TSS2_TPM_ERROR_LEVEL
  description: Error produced by the TPM
format 0 warning code
  hex: 0x21
  name: TPM_RC_LOCKOUT
  description: authorizations for objects subject to DA protection are not allowed at this time because the TPM is in DA lockout mode

$ tpm2_rc_decode 0x9a2
error layer
  hex: 0x0
  identifier: TSS2_TPM_ERROR_LEVEL
  description: Error produced by the TPM
format 1 error code
  hex: 0x22
  identifier: TPM_RC_BAD_AUTH
  description: authorization failure without DA implications
session
  hex: 0x100
  identifier: TPM_RC_1
  description:  (null) 

$ tpm2_rc_decode 0x184
error layer
  hex: 0x0
  identifier: TSS2_TPM_ERROR_LEVEL
  description: Error produced by the TPM
format 1 error code
  hex: 0x04
  identifier: TPM_RC_VALUE
  description: value is out of range or is not correct for the context
handle
  hex:0x100
  identifier:  TPM_RC_1
  description:  (null)

$ tpm2_rc_decode 0x100
error layer
  hex: 0x0
  identifier: TSS2_TPM_ERROR_LEVEL
  description: Error produced by the TPM
format 0 error code
  hex: 0x00
  name: TPM_RC_INITIALIZE
  description: TPM not initialized

I'm new in tpm technology so I wonder if those errors come from the tpm itself or from the package tpm2-tools. Thank you for your help !

Charles
  • 19
  • 1
  • 5
  • Try clearing the TPM through BIOS settings. – mnistic Apr 12 '18 at 12:15
  • Thanks, it worked for errors 0x921 and 0x9a2. I still have the 0x100 in tpmclient. For tpmtest when I run all tests cases I don't have error but when I run just 24 - QUOTE CONTROL TESTS, I have error 0x184. Do you know if there are any requirements for this test ? – Charles Apr 13 '18 at 12:47
  • No, no idea why quote would fail, but I'm not that familiar with the framework you're using. You might want to submit an issue asking that on their github page: https://github.com/tpm2-software/tpm2-tss/issues – mnistic Apr 13 '18 at 15:28
  • Ok, I'll try this. Thanks for your help ! – Charles Apr 14 '18 at 16:23

1 Answers1

0

RC = 0x100 is not a 100%-error indeed. I have a look to tpm2-tss sources. In their integration test that error (and only it) is ignored at test start-up (files: test/integration/main-sapi.c test/integration/main-esapi.c)

Moreover, they describe the error as 'TPM not initialized by TPM2_Startup or already initialized' in their headers. So, the most likely, your error is just an initialization repetition.

Jackal
  • 9
  • 2