Re: [TrouSerS-users] Takeownership

Thomas, Ronnie L. Mon, 20 Jun 2016 13:08:46 -0700

Thanks for finding that out for me!

Ronnie Thomas
Senior Software Development Engineer-TPM/Microchip Technology, Inc.
1150 E. Cheyenne Mountain Blvd, Colorado Springs, CO 80906
Tel:(+1)(719)-540-1604/Fax:(+1)(719)-540-1759<tel:(+1)(719)(540-1604)/Fax:(+1)540-1759>
[email protected]/<mailto:[email protected]/> http://www.atmel.com/

From: Tadd Seiff [mailto:[email protected]]
Sent: Monday, June 20, 2016 2:06 PM
To: Thomas, Ronnie L. <[email protected]>; Phil Lacroute 
<[email protected]>
Cc: [email protected]
Subject: Re: [TrouSerS-users] Takeownership

Hey Ronnie,

I don't know what this means exactly, but in the code where I think this error 
is getting thrown, there is special handling for ATMEL chips.:

In tspi_ek.c:
                        /* check validation of the entire pubkey structure */
                        if (memcmp(digest.digest, checkSum.digest, 
TPM_SHA1_160_HASH_LEN)) {
                                    /* validation failed, unload the pubEK in 
order to hash
                                    * just the pubKey portion of the pubEK. 
This is done on
                                    * Atmel chips specifically.
                                    */
                                    offset = 0;
                                    __tspi_memset(&pubKey, 0, 
sizeof(TCPA_PUBKEY));
                                    if ((result = 
Trspi_UnloadBlob_PUBKEY(&offset, pubEK, &pubKey)))
                                                goto done;

                                    result = Trspi_HashInit(&hashCtx, 
TSS_HASH_SHA1);
                                    result |= Trspi_HashUpdate(&hashCtx, 
pubKey.pubKey.keyLength,

pubKey.pubKey.key);
                                    result |= Trspi_HashUpdate(&hashCtx, 
TPM_SHA1_160_HASH_LEN,

antiReplay.nonce);
                                    if ((result |= Trspi_HashFinal(&hashCtx, 
digest.digest)))
                                                goto done;

                                    if (memcmp(digest.digest, checkSum.digest, 
TCPA_SHA1_160_HASH_LEN)) {
                                                result = 
TSPERR(TSS_E_EK_CHECKSUM);
                                                goto done;
                                    }
                        }

It looks like the trousers developers knew ATMEL would fail the first pass 
validation, and they try something else, and maybe your chip isn't playing nice 
there either.  I'm just speculating that you are running an ATMEL.

Hope this helps:
-Tadd

On Mon, Jun 20, 2016 at 12:21 PM Thomas, Ronnie L. 
<[email protected]<mailto:[email protected]>> wrote:
Thanks.
Not sure where to go from here. The checksum should be ok for the EK.

Ronnie Thomas
Senior Software Development Engineer-TPM/Microchip Technology, Inc.
1150 E. Cheyenne Mountain Blvd, Colorado Springs, CO 80906
Tel:(+1)(719)-540-1604/Fax:(+1)(719)-540-1759<tel:(+1)(719)(540-1604)/Fax:(+1)540-1759>
[email protected]/<mailto:[email protected]/> http://www.atmel.com/

From: Phil Lacroute 
[mailto:[email protected]<mailto:[email protected]>]
Sent: Monday, June 20, 2016 11:39 AM
To: Thomas, Ronnie L. <[email protected]<mailto:[email protected]>>
Cc: 
[email protected]<mailto:[email protected]>
Subject: Re: [TrouSerS-users] Takeownership

// MessageId: TSS_E_EK_CHECKSUM
//
// MessageText:
//
// TSP is instructed to verify the EK checksum and it does not verify.
//
#define TSS_E_EK_CHECKSUM             (UINT32)(TSS_E_BASE + 0x128L)

On Jun 20, 2016, at 6:35 AM, Thomas, Ronnie L. 
<[email protected]<mailto:[email protected]>> wrote:

Does anyone know what the below error indicates when executing 
tpm_takeownership?

Tspi_TPM_TakeOwnership failed: 0x00003128 - layer=tsp, code=0128 (296), Unknown

Any insight would be appreciated.

Regards,

Ronnie Thomas
Senior Software Development Engineer-TPM/Microchip Technology, Inc.
1150 E. Cheyenne Mountain Blvd, Colorado Springs, CO 80906
Tel:(+1)(719)-540-1604/Fax:(+1)(719)-540-1759<tel:(+1)(719)(540-1604)/Fax:(+1)540-1759>
[email protected]/<mailto:[email protected]/> http://www.atmel.com/

------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity planning
reports. 
http://sdm.link/zohomanageengine_______________________________________________
TrouSerS-users mailing list
[email protected]<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/trousers-users

------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity planning
reports. 
http://sdm.link/zohomanageengine_______________________________________________
TrouSerS-users mailing list
[email protected]<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/trousers-users

------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are 
consuming the most bandwidth. Provides multi-vendor support for NetFlow, 
J-Flow, sFlow and other flows. Make informed decisions using capacity planning
reports. http://sdm.link/zohomanageengine

_______________________________________________
TrouSerS-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/trousers-users

Re: [TrouSerS-users] Takeownership

Reply via email to