I appreciate the responses, thank you. Given that we are not using tcsd - but a native Java equivalent (jTSS) - it would appear that jTSS might be the culprit for not managing the key- swaps. However, what makes this perplexing is that there are other machines - more than a hundred of them - using an identical configuration and are NOT reporting this error under even heavier loads.
What is stranger is that we are now seeing this error even when the very first key is loaded into the TPM to be decrypted. Since I'm not knowledgeable too much about hardware, is it possible that the TPM can return such an error when the part where the SRK is stored is defective, but the PCRs are reporting OK? Or, is that a contradiction because the PCRs and SRK are using the same storage components? TIA. Arshad ----- Original Message ----- From: "Kent Yoder" <[email protected]> To: "Ariel E Segall" <[email protected]> Cc: "Arshad Noor" <[email protected]>, [email protected] Sent: Wednesday, September 5, 2012 7:41:59 AM (GMT-0800) America/Los_Angeles Subject: Re: [TrouSerS-users] TSS Errors with TPM On Tue, Sep 4, 2012 at 11:30 PM, Segall, Ariel E <[email protected]> wrote: > At first glance, it sure looks like your TPM is out of key slots. The TSS is > supposed to handle swapping keys in and out for you, so getting that from a > TSS seems very odd. I'll also be honest and admit that I *thought* the TPM > handled that for you (by simply dumping some loaded key for the new one) but > it looks like LoadKey does, in fact, give back no space errors if there isn't > room in memory for the key. At a glance, it looks like FlushSpecific is the > command to use to explicitly force a key out. Presumably, your TSS isn't > doing something right in its key management behind the scenes, although > debugging that is going to be a pain in the neck, I'm afraid. > > Ariel Agree. Just to clarify, this is tcsd's responsibility (key caching and swapping), so under the covers tcsd will be calling flush/load as it context switches between processes serving the applications connected to it. You can think of an app connected to tcsd in the same way as you might think of multiple processes executing on the same cpu - they all think they have exclusive access to the TPM and as long as tcsd is doing its job correctly, they'll be none the wiser. Kent > ________________________________________ > From: Arshad Noor [[email protected]] > Sent: Tuesday, September 04, 2012 4:46 PM > To: [email protected] > Subject: [TrouSerS-users] TSS Errors with TPM > > Hi, > > I realize I'm on the wrong forum - since we use the TPM with the Trusted > Java (JTSS) stack - but, I'm hoping for a little more insight, if anyone > can provide it. (if someone from Dell TPM Engineering is on the list), > I would definitely welcome hearing from them directly. > > We've been using a TPM with an application without any trouble for 2+ > years. Two days ago - without any changes to the hardware or software - > it (presumably the OS driver) started throwing up the following errors > when the software library attempted loading a binding key: > > TSS Error: > error layer: 0x3000 (TSP) > error code (without layer): 0x04 > error code (full): 0x3004 > error message: unknown > additional info: Unable to determine LRU key handle > > Subsequent attempts to decrypt other binding keys result in this error: > > TSS Error: > error layer: 0x00 (TPM) > error code (without layer): 0x15 > error code (full): 0x15 > error message: The TPM has insufficient internal resources to perform > the requested action. > > The details of our configuration: > > TPM: STM v1.2 > OS: CentOS 5.3 (64-bit) > JDK: 6 Update 16 (64-bit) > JTSS: 0.5 > > The people on JTSS have not seen this before either, and have given > us a few suggestions (using a newer library). We have also contacted > Dell for support and are working with them. > > I would appreciate any information that forum members can provide that > sheds light on these errors - finding it within the voluminous TPM > specs and resources is challenging. > > Thanks in advance. > > Arshad Noor > StrongAuth, Inc. > > ------------------------------------------------------------------------------ > Live Security Virtual Conference > Exclusive live event will cover all the ways today's security and > threat landscape has changed and how IT managers can respond. Discussions > will include endpoint security, mobile security and the latest in malware > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > _______________________________________________ > TrouSerS-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/trousers-users > > ------------------------------------------------------------------------------ > Live Security Virtual Conference > Exclusive live event will cover all the ways today's security and > threat landscape has changed and how IT managers can respond. Discussions > will include endpoint security, mobile security and the latest in malware > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > _______________________________________________ > TrouSerS-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/trousers-users -- IBM LTC Security ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ TrouSerS-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/trousers-users
