Re: [qubes-users] AEM failure after upgrade

2017-07-14 Thread Rusty Bird
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

loke...@gmail.com:
> The AEM package was upgraded recently (probably because of this
> thread:
> https://groups.google.com/forum/#!topic/qubes-users/3ZkmS5v7E38),
> and after I installed the updated version, AEM stopped working
> completely.
>
> Now, it asks me for the AEM password. I type it in, and it doesn't
> display my secret message. Instead, it immediately asks me for the
> disk password, and while it boots the system, I see a message
> telling me: "PCR sanity check failed".

Below that, it should say "See /usr/share/doc/anti-evil-maid/README
for details." You can find some hints for debugging there.

> This is the content of the journalctl log:
> 
> Jul 07 16:25:36 dom0 systemd[1]: Starting Anti Evil Maid sealing...
> Jul 07 16:25:39 dom0 anti-evil-maid-seal[1982]: tpm_z_srk: detecting whether 
> SRK is password protected
> Jul 07 16:25:39 dom0 anti-evil-maid-seal[1982]: Tspi_Key_CreateKey failed: 
> 0x0001 - layer=tpm, code=0001 (1), Authentication failed
> Jul 07 16:25:39 dom0 anti-evil-maid-seal[1982]: tpm_z_srk: yes, SRK is 
> password protected; resetting dictionary attack lock...
> Jul 07 16:25:39 dom0 anti-evil-maid-seal[1982]: PCR-17: FF FF FF FF FF FF FF 
> FF FF FF FF FF FF FF FF FF FF FF FF FF
> Jul 07 16:25:39 dom0 anti-evil-maid-seal[1982]: PCR-18: FF FF FF FF FF FF FF 
> FF FF FF FF FF FF FF FF FF FF FF FF FF
> Jul 07 16:25:39 dom0 anti-evil-maid-seal[1982]: PCR-19: FF FF FF FF FF FF FF 
> FF FF FF FF FF FF FF FF FF FF FF FF FF
> Jul 07 16:25:39 dom0 systemd[1]: anti-evil-maid-seal.service: Main process 
> exited, code=exited, status=1/FAILURE

Looks like tboot/SINIT is not working correctly on your system. The
new AEM version refuses to seal in this situation, so that you don't
get a false sense of security.

Rusty
-BEGIN PGP SIGNATURE-

iQJ8BAEBCgBmBQJZaMNAXxSAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ4NEI1OUJDRkM2MkIxMjlGRTFCMDZEMDQ0
NjlENzhGNDdBQUYyQURGAAoJEEadePR6ryrfytAP/ArUcgXB5vKoBz+SP6My2QQQ
SXsjK1jqCqgXYziK/JI6r7LUEhXIvJfMsJKW/mdjd7OQv4davlSZxXVT9mxqA/0E
rCzF0AoIoAqtNYRSy0r+5t301KGy2I9efr0aziIFv591JEnOqKJK+F/MFNn7Zitb
+IY8YCQ6s+pgJcuKOycF2vz/9Dc817cILTfW+tzcSDMkG1NcbI4AbxXPxNwvMxkw
OZ0BJ9IMPfGVfAmKCGsouvnVc7vg/9mPgG7BhjD5Nojwwyb2dle8mhGiiWKtNPRw
2Eksk/m/NqCQb2F5NiQnQDOjJTwLvzf3hnEKSIwuKxLjrlVUyvsbmSrMwIbAUK7v
VdG2iCpCSgIPwTqUOlVPmQ2TNWhA3cDP2jGRSSi1RRWS2nGQd2w1tYKw3dibr/K7
RD6KQUgJdyxW3Y6cBidQ+zy0vbmMFyuQ6DyTF/T3Zmq2XvvBVaq6U/LwMZOpt+s+
X56JQa1HDdVBKTEXbPnxI+sT0ehMhfn1YOZBZ93lYkJyiyrIAvwCiQKfPLsVQqZH
M9e6L1C+CePEqNyb2btMUPJOuRtVd0059mgQ+x5PpdhnQOia0RR4A9Bn6oW5515m
qGsqY2wIg2wb7xG8O+Gl9sxQk8jtQX7Or/V4oixfGEqMb5Xi6a97nFKLha22lc7J
A5aT5+xMPvsk+02b33sg
=mUFf
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170714131232.GA5546%40mutt.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] AEM failure after upgrade

2017-07-07 Thread lokedhs
The AEM package was upgraded recently (probably because of this thread: 
https://groups.google.com/forum/#!topic/qubes-users/3ZkmS5v7E38), and after I 
installed the updated version, AEM stopped working completely.

Now, it asks me for the AEM password. I type it in, and it doesn't display my 
secret message. Instead, it immediately asks me for the disk password, and 
while it boots the system, I see a message telling me: "PCR sanity check 
failed".

I have tried to completely clear and reinstall AEM several times, but the same 
issue persists.

This is the content of the journalctl log:

Jul 07 16:25:36 dom0 systemd[1]: Starting Anti Evil Maid sealing...
Jul 07 16:25:39 dom0 anti-evil-maid-seal[1982]: tpm_z_srk: detecting whether 
SRK is password protected
Jul 07 16:25:39 dom0 anti-evil-maid-seal[1982]: Tspi_Key_CreateKey failed: 
0x0001 - layer=tpm, code=0001 (1), Authentication failed
Jul 07 16:25:39 dom0 anti-evil-maid-seal[1982]: tpm_z_srk: yes, SRK is password 
protected; resetting dictionary attack lock...
Jul 07 16:25:39 dom0 anti-evil-maid-seal[1982]: PCR-17: FF FF FF FF FF FF FF FF 
FF FF FF FF FF FF FF FF FF FF FF FF
Jul 07 16:25:39 dom0 anti-evil-maid-seal[1982]: PCR-18: FF FF FF FF FF FF FF FF 
FF FF FF FF FF FF FF FF FF FF FF FF
Jul 07 16:25:39 dom0 anti-evil-maid-seal[1982]: PCR-19: FF FF FF FF FF FF FF FF 
FF FF FF FF FF FF FF FF FF FF FF FF
Jul 07 16:25:39 dom0 systemd[1]: anti-evil-maid-seal.service: Main process 
exited, code=exited, status=1/FAILURE

Any idea what the cause of this issue could be?

Regards,
Elias

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/36028d9f-fb42-4761-b605-ef69d219fb18%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.