Re: [Qemu-discuss] Trustedgrub2 reports No TPM found

[anshul makkar]

Hi Stefan,

Its the same number of entries for TPM 1.2 and TPM 2.0

TPM menu during boot:

/The current state of TPM is:/

/Enabled and active/

/Ownership has not be taken/

/A user can take ownership of the TPM/

///Available options are:/

/d) disable the TPM/

/v Deactivate the TPM/

/p) Prevent installation of an owner.///
Just did a quick runthrough with the IBM tools (the link that you shared)
##>createprimary

Error: TSS_SOcket_Open: Error on connect to localhost:2321
TSS_Socket_Open: client connect: error 111 Connection refused.
createprimary: failed, rc 000b0008
TSS_RC_NO_CONNECTION - Failure connecting to lower layer.

I believe this error is due to the fact that tool is trying to connect using 
socket while I need to
change it to direct device access. I saw this option in Makefile.

Anshul


On 10/05/17 12:56, Stefan Berger wrote:
>     Hi Anshul,
>
>      so does the SeaBIOS menu show several entries in case of TPM 1.2 and
>     the single entry in case of TPM 2?
>
>      I don't know these TPM 2 tools and how they work. You may want to try
>     these tools here as an alternative:
>     [1]https://sourceforge.net/projects/ibmtpm20tss/files/?source=navbar
>
>     Regards,
>        Stefan
>
>       ----- Original message -----
>       From: anshul makkar <address@hidden>
>       To: Stefan Berger <address@hidden>
>       Cc: <address@hidden>
>       Subject: Re: Trustedgrub2 reports No TPM found
>       Date: Wed, May 10, 2017 4:41 AM
>
>       Hi Stefan,
>       Thanks..
>
>       " swtpm: ./configure --prefix=/usr --with-openssl ; make ; sudo make
>       check -j16 ; sudo make install" . Don't we need to specify
>       "--with-cuse" or its typo from you ?
>
>       While building libtpm, even though we specify "--with-tpm2" flag
>       during configuration phase, it builds libtpm for both 1.2 and 2.0
>       and when I did make install I found that only 1.2 libraries were
>       getting installed. Its kind of weird but I worked around this by
>       deleting the 1.2 libraries after doing make and then did make
>       install.
>       swtpm_cuse --name vtpm0 --tpmstate dir=/tmp/vtpm0 --log
>       file=/root/out.log
>       sudo qemu-system-x86_64  -enable-kvm -display sdl  -m 2048 -boot b
>       -bios /local/home/anshulma/tpm/seabios-tpm/out/bios.bin -boot
>       menu=on -tpmdev cuse-tpm,id=tpm0,path=/dev/vtpm0 -device
>       tpm-tis,tpmdev=tpm0 -drive
>       format=raw,file=../../stefanberger_qemu_tpm/qemu-tpm/ubuntu.img
>
>       After following the above steps, my ubuntu guest and trusted grub
>       can see TPM. I installed TPM2-tss and tpm-tools in the guest. But I
>       am not able to execute tpm2 commands.
>
>       ##>tpm2_takeownership
>
>       Error: Failed to initialize tcti context: 0x1 //trying to
>       communicate over socket. initsocketTCTI failed.
>       ##> resourcemgr
>        Resource Mgr, device TCTI, failed initialization: 0xa000a.
>       Exiting....
>       ./tpm2_rc_decode 0xa000a : TSS2_BASE_RC_IO_ERROR.
>       Then I read that I can remove resourcemgr from the configuration and
>       can use direct TCTI mechanism introduced in TPM 2.0.
>       ##>tpm2_takeownership -T device
>       Error: Failed to initialize device TCTI context. //directly
>       communicate with TCTI device. initdeviceTCTI failed.
>       ./tpm2_rc_decode: 0xa00a: TSS2_BASE_RC_IO_ERROR, IO failure.
>       I think I am missing some library or configuration which prevents
>       initialization of TCTI interface.
>       Please can you suggest.
>       Thanks
>       Anshul Makkar
>
>     On 05/05/17 18:36, Stefan Berger wrote:
>
>     I would use the following configure lines. You may want to watch out so
>     you don't have two versions of the library on your system, though:
>
>     libtpms: ./configure --prefix=/usr --with-tpm2 --with-openssl ; make ;
>     make check ; sudo make install
>     swtpm: ./configure --prefix=/usr --with-openssl ; make ; sudo make
>     check -j16 ; sudo make install
>
>     Please run a 'make check -j16' on the swtpm project before running a
>     'make install'.
>
>     Can you follow the setup steps that the person raising this issue
>     followed: [2]https://github.com/stefanberger/swtpm/issues/21
>
>
>       ----- Original message -----
>       From: anshul makkar [3]<address@hidden>
>       To: [4]<address@hidden>, [5]<address@hidden>
>       Cc:
>       Subject: Trustedgrub2 reports No TPM found
>       Date: Fri, May 5, 2017 12:32 PM
>
>     Hi,
>     I had a working vTPM solution with TPM 1.2 using swtpm, libtpm qemu2.8,
>     cuse.
>     I wanted to try TPM 2.0 so I switched to:
>     swtpm: tpm2-preview branch. Compiled using ./configure --with-tpm2
>     --enable-debug --enable-cuse
>     libtpm: tpm2-preview.rev142 branch. Compiled using ./configure
>     --with-tpm2 --enable-debug
>     Installed TPM2.0-TSS software stack.
>     Using seabios with TPM patches and TrustedGrub2.
>     [6]https://github.com/ts468/seabios-tpm
>     Now when I start guest with TrustedGrub2, I get an error message from
>     grub that TPM device not found. Even Windows guest fails to detect TPM.
>     Command that I used to start the guest
>     swtpm_cuse --tpm2 -M 260 -m 1 -n vtpm0 . I can see /dev/vtpm0 after
>     this
>     command.
>     Launch the guest: sudo qemu-system-x86_64  -enable-kvm  -m 2048 -boot b
>     -bios seabios.bin -boot menu=on -tpmdev
>     cuse-tpm,id=tpm0,path=/dev/vtpm0
>     -device tpm-tis,tpmdev=tpm0 -drive format=raw,file=ubuntu.img
>     I debugged TrustedGrub2.0 code and found that it issues BIOS call INT
>     1Ah, (AH)=BBh,(AL)=00h ( TCG_StatusCheck ) which fails.
>     TPM 1.2 used to work fine, so just wondering if I have missed any
>     components.
>     Please can you share your thoughts.
>     Thanks
>     Anshul Makkar
>
> References
>
>     1. https://sourceforge.net/projects/ibmtpm20tss/files/?source=navbar
>     2. https://github.com/stefanberger/swtpm/issues/21
>     3. mailto:address@hidden
>     4. mailto:address@hidden
>     5. mailto:address@hidden
>     6. https://github.com/ts468/seabios-tpm