tpm2_load fail on out of memory for object contexts with driver PTT

[ambtid]

Hi i run part of load.sh from test/integration/test and use divice ptt, this issue happens when trying to use load command,
i run this script
`

> source

 helpers.sh

start_up

alg_primary_obj=sha256
alg_primary_key=rsa
alg_create_obj=sha256
alg_create_key=hmac

alg_load=sha1

file_primary_key_ctx=context.p_"$alg_primary_obj"_"$alg_primary_key"
file_load_key_pub=opu_"$alg_create_obj"_"$alg_create_key"
file_load_key_priv=opr_"$alg_create_obj"_"$alg_create_key"
file_load_key_name=name.load_"$alg_primary_obj"_"$alg_primary_key"-"$alg_create_obj"_"$alg_create_key"
file_load_key_ctx=ctx_load_out_"$alg_primary_obj"_"$alg_primary_key"-"$alg_create_obj"_"$alg_create_key"
file_load_output=load_"$file_load_key_ctx"

Handle_parent=0x81010018
Handle_ek_load=0x81010017

cleanup() {

  rm -f $file_load_key_pub $file_load_key_priv $file_load_key_name $file_load_key_ctx

  sudo tpm2_evictcontrol -T device -Q -ao -c $Handle_parent 2>/dev/null || true

  ina "$@" "keep_ctx"
  if [ $? -ne 0 ]; then
    rm -f $file_primary_key_ctx
  fi

  ina "$@" "no-shut-down"
  if [ $? -ne 0 ]; then
          shut_down
  fi
}
trap cleanup EXIT

cleanup "no-shut-down"

tpm2_clear

#####file test


**### sudo tpm2_create -T device -Q -g $alg_create_obj -G $alg_create_key -u $file_load_key_pub -r $file_load_key_priv  -C $file_primary_key_ctx

sudo tpm2_load -T device -Q -C $file_primary_key_ctx  -u $file_load_key_pub  -r $file_load_key_priv -n $file_load_key_name -o 

> $file_load_key_ctx**

`
and i receive this error

`--- To recreate this test run the following from: tpm2-tools/test/integration/tests ---
#!/usr/bin/env bash
export TPM2_ABRMD="" TPM2_SIM="" PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin" TPM2_SIM_NV_CHIP="" TPM2_TOOLS_TEST_FIXTURES=""
./load.sh
--- EOF ---

creating simulator working dir: /tmp/tpm2_test_V6ClnI
/tmp/tpm2_test_V6ClnI ~/tpm2-tools/test/integration/tests
Switched to CWD: /tmp/tpm2_test_V6ClnI
Running tpm2_clear
WARNING:esys:src/tss2-esys/api/Esys_Load.c:325:Esys_Load_Finish() Received TPM Error 
ERROR:esys:src/tss2-esys/api/Esys_Load.c:118:Esys_Load() Esys Finish ErrorCode (0x00000902) 
ERROR: Eys_Load(0x902) - tpm:warn(2.0): out of memory for object contexts
ERROR: Unable to run tpm2_load
tpm2_load -Q -C $file_primary_key_ctx -u $file_load_key_pub -r $file_load_key_priv -n $file_load_key_name -o $file_load_key_ctx on line 83 failed: 1
Shutting down
~/tpm2-tools/test/integration/tests
Removing sim dir: /tmp/tpm2_test_V6ClnI

`
NOTE: this error seem to return when i use tpm2_load on any script, it seems that it is a issue that related to the resource manager.

thanks

[lestums]

If you use tcti-device, you actually end up doing direct calls to /dev/tpmX. Therefore you have to perform resource management on your own...

If you ran the test multiple times without managing transient object, you might have ended in a situation where you used all the transient slots, explaining the error on "out of memory"
(Added note : tpm2_clear does not do what you might think)

It does not happen in CI tests because simulator is mostly restarted at each test case, hence clearing its memory

Plan on using tcti-abrmd if you want the userland resource manager or -T device:/dev/tpmrm0 to use kernel resource manager (if supported)

dTPMs have a limit on how many transient objects can be loaded at anytime in TPM memory. You can check that limit using tpm2_getcap -c "properties-fixed" | grep HR_TRANSIENT_MIN

You can also monitor transient objects by using tpm2_getcap -c "handles-transient"

To workaround this situation in that particular case you can execute tpm2_flushcontext -t once you got the context object created via tpm2_create

Note that doing this is a big hammer approach and would not help you in complex situations in which you must have a resource manager

[williamcroberts]

Yeah you need to use a resource manager with these scripts, either abrmd or on newer kernels you can use the "in kernel resource manager" -T device=/dev/tpmrm0. Note the kernel RM is missing certain features that abrmd has.