-
Notifications
You must be signed in to change notification settings - Fork 375
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Encrypting data with tpm2_encryptdecrypt is failing on an Intel PTT TPM2.0 #621
Comments
This may be better split up into two separate issues. We're about to mix discussion of two separate issues into a single thread. To your first item above @martinezjavier: The RC you're getting back says it's coming from the TCTI layer. Which TCTI are you using in your test setup? I'll try to repro to get some clarity on this. |
@flihp yes, sorry for reporting both problems in the same issue... I was testing with the device TCTI and the in-kernel resource manager (/dev/tpmrm0), with the tpm2-abrmd and the abrmd TCTI it works correctly (EncryptDecrypt2 returns TPM_RC_COMMAND_CODE). |
I modified my original report to only include the EncryptDecrypt2 not returning a TPM_RC_COMMAND_CODE issue and will file a new issue for the other problem. |
The TCTI data is very valuable. The issue then is either in the device TCTI or the kernel. if you're able to test the device TCTI against |
Yes, I tried that too but got TPM_RC_OBJECT_MEMORY due the TPM only supporting 3 transients objects. I don't have acceas to the machine now but I'll try tomorrow to make the primary key and the key persistent to prevent that and let you know how that goes. |
@flihp so I've tested now with the device TCTI but without the in-kernel resource manager, just using We don't have a TPM2_FlushContext tool yet (@jiazhang0 are you planning to share yours?) so I've used the one in the IBM TSS project. This is what I did:
So the problem appears to be in the kernel resource manager. I'll investigate there but it seems this isn't a tpm2-{tools,tss} issue after all. Thanks a lot for your help! |
So running the tpm2_encryptdecrypt with strace in both cases, I do see that the kernel is returning an -EINVAL when writing the TPM2_EncryptDecrypt2 command to
|
@flihp @williamcroberts Ok, after studying the TPM kernel code I found the semantic difference. When not sending TPM commands through the in-kernel resource manager (TPM spaces using the kernel nomenclature), the TPM commands are just sent to the TPM without checking if are supported or not by the TPM, by it does check if using the TPM spaces. The tpm_transmit() function calls to tpm_validate_command() that's just a no-op if TPM spaces are not used:
And indeed, when enabling that dynamic debug printout about the invalid command, I see that the kernel reports it in its ring buffer that 0x193 (TPM_CC_EncryptDecrypt2) is an invalid command.
I'll try to cook a patch for the kernel, but first I need to dig further on this and understand why this check is done in the TPM space code and not just let the TPM2 to return TPM_RC_COMMAND_CODE as is the case when not using the in-kernel RM. But yeah, it's confirmed that's a kernel issue and not related to the TCTI device or SAPI layers. I'm still keeping the bug open since it could be of interest to others that face the same, at least until we have fixed the kernel. |
I've proposed an RFC patch for the Linux kernel that fixes the issue. I'm not completely sure if is the correct way to handle this, but let's see what they say on the list. |
@flihp @williamcroberts it would be great if you can answer in the Linux patch thread with your opinions on how this issue should be solved. |
@martinezjavier I'm not on that Mailing List so it would be a PITA for me to jump in and i'm lazy. |
@martinezjavier I see you copied me on them, disregard |
@williamcroberts from your last message in the thread, I see that we are on the same page on this. I really don't understand Jason's argument TBH, but maybe I'm missing something. |
For completeness, following is the second version of the RFC kernel patch [0] that sends a synthesized command response to user-space. I didn't post it because Jarkko doesn't agree with the approach. @flihp I think our options then are to check for [0]:
|
I'm not a fan of either option too. I'm going back through the tpmdd thread now. Unfortunately changing minds upstream is more work than just hacking up workarounds. |
@flihp indeed... and as you can see from the v2 patch I shared here, the implementation of what Jason suggested is very trivial. I really don't understand why Jarkko wouldn't take it in order to have a consistent behavior when using either /dev/tpm* or /dev/tpmrm* chardevs. I guess he would value your opinion more than mine (for very good reasons). So if you think that it should be fixed as suggested by Jason, it would be great if you comment in the thread. If that's the case then I may post my v2 patch to have further discussions. |
Just went to comment on the list and realized I haven't been getting tpmdd emails since it's been moved / retired. Only got this thread since I was directly copied. What was tpmdd replaced with? |
@flihp yes, the mailing list for TPM kernel stuff now is linux-integrity@vger.kernel.org and patchwork https://patchwork.kernel.org/project/linux-integrity/list. It's a shared mailing list with other related projects (IMA, EVM, etc) and the idea is to have a more coordinate effort between these, so be prepared to receive a lot of non-TPM related stuff. |
This is a question for @tstruk |
whoops, sorry about that |
We can just check which command is supported via getcap and then choose the right one. |
@williamcroberts yeah, it's just sad having to workaround what I believe is a very clear bug in the kernel. It seems we managed to convince Jason about my RFCv2, now let's hope that Jarkko could change his mind. |
@williamcroberts @flihp I've just posted a new version of the patch that takes into account the feedback on the RFCv2 patch. Please review it and answer with your Reviewed-by/Acked-by tags if you think that's correct. It seems that Jarkko is changing his mind so we may get a fix for this issue in the kernel after all. |
I think the initial 'no' was just @jsakkine-intel implementing a proof of work of sorts 😄 I'm looking over your patch now. Thanks for keeping after this. |
@flihp great, thanks a lot for your help. There's a bug in the tools that's exposed by that patch though. When setting the RESMGRTPM error level (or anything that's not in the low-order 12 bits), the response code won't be TPM2_RC_COMMAND_CODE anymore so the TPM2_EncryptDecrypt command won't be called. I've fixed that in PR #652. |
Yeah this makes checking RCs more complex than just using a simple equality test. Growing pains. |
@martinezjavier looks like you got traction on synthesizing the tpm response from the in-kernel RM when the CC is not supported, can we safely close this as a kernel bug? |
@williamcroberts yes, I think it's safe to close it now. |
Posted today what I hope it's the final version of the kernel resource manager fix for this issue, so I'm closing this bug. Thanks a lot @flihp @williamcroberts and @jsakkine-intel for your help wit this! |
FYI, the fix for this was merged in the kernel. |
When testing the upcoming 3.X branch, I noticed an issue (that's also present in master) with tpm2_encryptdecrypt and an Intel PTT firmware based TPM2.0 device.
The tpm2_encryptdecrypt tools now first tries to use the EncryptDecrypt2 command and only if that fails fallbacks to EncryptDecrypt. But it does so only if returns EncryptDecrypt2 a TPM_RC_COMMAND_CODE response code.
But on this TPM2, a call to EncryptDecrypt2 returns a TSS2_BASE_RC_IO_ERROR error:
I think that a solution could be to just check if the response code isn't TPM_RC_SUCCESS and fallback on any error. Something like the following:
@flihp what do you suggest?
The text was updated successfully, but these errors were encountered: