Open Platform Trust Services

Fork

• openpts
• pts-testsuite

[Openpts-users] Running 'ptsc -sz start' failed against an Infineon 1.2 TPM Chip (SLB9635) as 'TPM_E_BAD_ORDINAL'

Yang, Xiao (Linux) Xiao.****@windr*****
Mon Nov 28 19:11:27 JST 2011

• Previous message: [Openpts-users] Running 'ptsc -sz start' failed against an Infineon 1.2 TPM Chip (SLB9635) as 'TPM_E_BAD_ORDINAL'
• Next message: [Openpts-users] Running 'ptsc -sz start' failed against an Infineon 1.2 TPM Chip (SLB9635) as 'TPM_E_BAD_ORDINAL'
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Seiji,

Glad to hear quick workaround for this issue does exist if modify OpenPTS.

>Hi,
>
>On Mon, Nov 28, 2011 at 5:48 PM, Yang, Xiao (Linux)
><Xiao.****@windr*****> wrote:
>>> Ok, I had same error.
>>> Probably the reason is that this TPM does not support old TPM (v1.1b?)
>>> behavior.
>>
>> Hi Seiji,
>>
>> Exactly, now Wind River and Intel and Infineon's developers all involved.
>>
>> We got this information from Infineon that their chip (IFX SLB9635) on my
>> system 'exclusively' support TSS 1.2 spec.
>
>That explains everything.
>
>The next problem is TrouSerS's LoadKeyByUUID function does not support
>auth secret.
>
>The quick workaround is OpenPTS uses LoadKeyByBlob in place of
>LoadKeyByUUID for this TPM.
>So the key blob will be stored in some place. e.g. /var/lib/openpts/key.blob
>And the key auth type and storage location will be configured by /etc/ptsc.conf.

Could you please tell more about how to write ptsc.conf to use this work
around ?

According to my study into your souce code, seems replacing LoadKeyByUUID
to LoadKeyByBlob can not be triggered with only configurations' change.

>From my understanding, currently openpts-0.2.5 hard-coding use SYSTEM as
ps_type, TSS_PS_TYPE_USER as 1, TSS_PS_TYPE_SYSTEM as 2, but 0 for
key blob will never happen unless modify source code. Is it correct ?

$ vi src/ptsc.c
490 int main(int argc, char *argv[]) {
491     int rc;
679         rc = getTssPubKey(
680                 conf->uuid->uuid,
681                 TSS_PS_TYPE_SYSTEM,
682                 conf->srk_password_mode,
683                 conf->tpm_resetdalock,
684                 NULL,

I saw ps_type is hard-coding 'SYSTEM', and filename arg is 'NULL'.

$ vi src/tss.c
 653 int getTssPubKey(
 654     PTS_UUID *uuid,
 655     int ps_type,
 656     int srk_password_mode,
 657     int resetdalock,
 658     char *filename, int *pubkey_length, BYTE **pubkey) {
 754     /* Load AIK or Sign key */
 755     if (ps_type == 0) {
 756         /* Blob file */
 757         FILE *fp;
 777     } else {
 778         /* TSS PS*/
 779         result = Tspi_Context_LoadKeyByUUID(
 780                     hContext,
 781                     (UINT32) ps_type,  // TSS_PS_TYPE_SYSTEM,

So... when you say 'workaround', do you mean further modify code in this call
trace, pass 0 as 2nd arg and /var/lig/openpts/key.blob as 5th arg to getTssPubKey()?

Thanks.

Best Regards 
Edward.Yang (#7023) 

>
>regards,
>--
>Seiji

• Previous message: [Openpts-users] Running 'ptsc -sz start' failed against an Infineon 1.2 TPM Chip (SLB9635) as 'TPM_E_BAD_ORDINAL'
• Next message: [Openpts-users] Running 'ptsc -sz start' failed against an Infineon 1.2 TPM Chip (SLB9635) as 'TPM_E_BAD_ORDINAL'
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]