Ok, thanks for the info. The message that packet element 5 doesn't match happens because TPM_ActivateIdentity can take up to 2 authorization contexts (one for hIdentKey, the other for the TPM owner), but it would only take 1 if hIdentKey doesn't require authorization. When passing the params to the daemon, it checks the types of each and noticed that only 1 auth context is there. When it sees this it knows that the auth context must be the owner auth (since that's required) and passes it to the TPM.
Unfortunately we don't have a broadcom TPM I know of here to test against, but from reading through the spec, I can take a stab at what it might be unhappy about. The one bad parameter return code I see for this API is when hIdentKey is not a TPM identity key. If that's not the case, I'd try using an hIdentKey that does require auth. Either way should work, regardless of whether the key requires auth, but this could be a TPM bug. Kent On Tue, Aug 31, 2010 at 2:18 PM, Stephen Smalley <[email protected]> wrote: > On Tue, 2010-08-31 at 14:07 -0500, Kent Yoder wrote: >> Hi Stephen, which version of trousers are you using? > > I started with the stock Fedora 13 version (0.3.4), but subsequently > tried trousers-0.3.6 from sourceforge.net and then the git repo, all > with the same result. > >> On Tue, Aug 31, 2010 at 1:03 PM, Stephen Smalley <[email protected]> wrote: >> > On Tue, 2010-08-24 at 12:04 -0400, Stephen Smalley wrote: >> >> Hi, >> >> >> >> I was trying the identity.c sample program from http://privacyca.com, >> >> and encountered the following error: >> >> Retrieving PCA certificate... >> >> TPM owner secret >> >> Enter PIN: >> >> Generating identity key... >> >> Sending request to PrivacyCA.com... >> >> Processing response... >> >> Error 0x3 on Tspi_TPM_ActivateIdentity >> >> >> >> I think error 0x3 is bad parameter. >> >> >> >> My tpm_version output is: >> >> TPM 1.2 Version Info: >> >> Chip Version: 1.2.7.11 >> >> Spec Level: 2 >> >> Errata Revision: 1 >> >> TPM Vendor ID: BRCM >> >> TPM Version: 01010000 >> >> Manufacturer Info: 4252434d >> > >> > After rebuilding trousers with debugging enabled and running it with -f, >> > I obtained the following output from tcsd for the failed >> > ActivateIdentity request: >> > >> > ... >> > TCSD TCS rpc/tcstp/rpc_aik.c:171 tcs_wrap_ActivateIdentity: thread >> > 140402927216400 context a0f5ed00 >> > TCSD TCS rpc/tcstp/rpc.c:241 Data type of TCS packet element 5 doesn't >> > match. >> > TCSD TCS tcsi_aik.c:113 TCSP_ActivateTPMIdentity >> > TCSD TCS tcs_key_mem_cache.c:159 ensureKeyIsLoaded: 0x22330000 >> > TCSD TCS tcs_key_mem_cache.c:716 mc_get_slot_by_handle: TCSD mem_cached >> > handle: 0x22330000 >> > TCSD TCS tcs_key_mem_cache.c:167 keySlot is F9047438 >> > TCSD TCS tcsi_caps_tpm.c:43 Entering Get Cap >> > TCSD TCS tcs_context.c:186 Success: 30000000 is an Internal Context >> > To TPM: 00 C1 00 00 00 12 00 00 00 65 00 00 00 07 00 00 >> > To TPM: 00 00 >> > TCSD TDDL tddl.c:171 Calling write to driver >> > >From TPM: 00 C4 00 00 00 14 00 00 00 00 00 00 00 06 00 01 >> > >From TPM: F9 04 74 38 >> > TCSD TCS tcs_key_mem_cache.c:946 isKeyLoaded: loaded TPM key handle: >> > 0xf9047438 >> > TCSD TCS tcs_key_mem_cache.c:872 mc_update_time_stamp: TCSD mem_cached >> > handle: 0x22330000 >> > TCSD TCS tcs_key_mem_cache.c:192 ensureKeyIsLoaded: Exit >> > To TPM: 00 C2 00 00 01 3F 00 00 00 7A F9 04 74 38 00 00 >> > To TPM: 01 00 13 43 99 69 EC 8E 25 BA FB D3 39 C6 C2 B3 >> > To TPM: 0F CB 88 16 EC F6 4E 2C A7 12 52 6D 55 50 21 53 >> > To TPM: 3B 9B 8B 98 D3 55 51 BF 26 9E 86 49 78 61 3E 12 >> > To TPM: 85 84 DF A6 64 5D 10 E4 29 41 2C 43 73 DE 1F 03 >> > To TPM: 49 C9 93 18 F1 25 99 8A DC 23 F6 62 A8 25 4F A5 >> > To TPM: DD 9B 48 EF 0C C0 3F 2D 65 2C D6 F6 97 04 C3 EA >> > To TPM: E6 BB C1 57 65 96 4B 68 13 77 59 A1 28 51 50 44 >> > To TPM: E2 72 10 79 92 1F 74 9F 88 1F B0 CE EB FB BF 3B >> > To TPM: 83 A2 F1 66 FE B2 B8 7E 8E 33 02 50 0A 29 0D B1 >> > To TPM: B8 27 ED 2A 4E 87 66 D6 A0 FC 3A 52 7D 0B F4 DA >> > To TPM: AD 22 58 C8 99 A6 F1 C3 C6 26 13 C4 B6 05 1E 96 >> > To TPM: 41 A7 80 39 91 35 A2 B7 42 F9 75 0A 50 A6 62 B2 >> > To TPM: 8B 69 03 C1 62 1C F3 92 40 68 79 E6 37 DE 9C 5D >> > To TPM: 40 17 05 24 F6 44 1E 8A 8A 2A 5B 9F 0C 0F 60 C3 >> > To TPM: 18 3E A2 35 03 84 4E 53 69 86 F8 8E E3 0F 96 B4 >> > To TPM: 8F 91 3D C6 55 20 30 53 A9 68 7F FA 5B EE 52 CC >> > To TPM: 68 90 57 D5 C9 21 2B 72 CA 66 57 7B 55 36 60 94 >> > To TPM: 61 69 E8 98 BE BF E5 02 61 92 00 E1 A2 29 CE A9 >> > To TPM: AC C7 2C 42 AF 53 0C 50 6F A4 1E A1 1A 1D C6 >> > TCSD TDDL tddl.c:171 Calling write to driver >> > >From TPM: 00 C4 00 00 00 0A 00 00 00 03 >> > LOG_RETERR TPM tcsi_aik.c:136: 0x3 >> > ... >> > >> > The "Data type of TCS packet element 5 doesn't match" looks suspect. >> > Can anyone elaborate on whether that is in fact significant, and if so, >> > what might be causing it (or where else to look)? >> > >> > -- >> > Stephen Smalley >> > National Security Agency >> > >> > >> > ------------------------------------------------------------------------------ >> > This SF.net Dev2Dev email is sponsored by: >> > >> > Show off your parallel programming skills. >> > Enter the Intel(R) Threading Challenge 2010. >> > http://p.sf.net/sfu/intel-thread-sfd >> > _______________________________________________ >> > TrouSerS-users mailing list >> > [email protected] >> > https://lists.sourceforge.net/lists/listinfo/trousers-users >> > > > -- > Stephen Smalley > National Security Agency > > ------------------------------------------------------------------------------ This SF.net Dev2Dev email is sponsored by: Show off your parallel programming skills. Enter the Intel(R) Threading Challenge 2010. http://p.sf.net/sfu/intel-thread-sfd _______________________________________________ TrouSerS-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/trousers-users
