# Steps to reproduce ## On fresh/Updated Jammy instance (no fips)
ubuntu@jammy-05-dsk-crypt:~$ sudo apt install -y tpm2-tools ubuntu@jammy-05-dsk-crypt:~$ sudo tpm2_nvdefine -s 64 0x1500016 nv-index: 0x1500016 ubuntu@jammy-05-dsk-crypt:~$ cat /dev/urandom | tr -dc 'a-zA-Z0-9' | head -c 64 > key.txt ubuntu@jammy-05-dsk-crypt:~$ sudo tpm2_nvwrite -i key.txt 0x1500016 ubuntu@jammy-05-dsk-crypt:~$ sudo tpm2_nvread 0x1500016 WARN: Reading full size of the NV index b5QQW7fjwGnMfR9b0ku9I61DYauzPVKVFoLlZLeXqjmYyrabxt3F2bdsmywXBKQg Works as expected ## On fresh Jammy/Updated instance (fips-updates) ubuntu@jammy-05-dsk-crypt:~$ uname -a Linux jammy-05-dsk-crypt 5.15.0-134-fips #145+fips1-Ubuntu SMP Wed Feb 19 23:49:42 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux ubuntu@jammy-05-dsk-crypt:~$ sudo apt install -y tpm2-tools ubuntu@jammy-05-dsk-crypt:~$ sudo tpm2_nvdefine -s 64 0x1500016 ERROR:esys_crypto:src/tss2-esys/esys_crypto_ossl.c:412:iesys_cryptossl_hmac_start() ErrorCode (0x00070001) DigestSignInit ERROR:esys_crypto:src/tss2-esys/esys_crypto.c:185:iesys_crypto_authHmac() Error ErrorCode (0x00070001) ERROR:esys:src/tss2-esys/esys_iutil.c:1244:iesys_compute_hmac() HMAC error ErrorCode (0x00070001) ERROR:esys:src/tss2-esys/esys_iutil.c:1354:iesys_gen_auths() Error while computing hmacs ErrorCode (0x00070001) ERROR:esys:src/tss2-esys/api/Esys_NV_DefineSpace.c:234:Esys_NV_DefineSpace_Async() Error in computation of auth values ErrorCode (0x00070001) ERROR:esys:src/tss2-esys/api/Esys_NV_DefineSpace.c:99:Esys_NV_DefineSpace() Error in async function ErrorCode (0x00070001) ERROR: Failed to define NV area at index 0x1500016 ERROR: Esys_NV_DefineSpace(0x70001) - esapi:Catch all for all errors not otherwise specified ERROR: Failed to create NV index 0x1500016. ERROR: Unable to run tpm2_nvdefine If the nv is defined before enabling fips-updates, reads and writes still fail with: ubuntu@jammy-05-dsk-crypt:~$ sudo tpm2_nvwrite -i key.txt 0x1500016 ERROR:esys_crypto:src/tss2-esys/esys_crypto_ossl.c:412:iesys_cryptossl_hmac_start() ErrorCode (0x00070001) DigestSignInit ERROR:esys_crypto:src/tss2-esys/esys_crypto.c:185:iesys_crypto_authHmac() Error ErrorCode (0x00070001) ERROR:esys:src/tss2-esys/esys_iutil.c:1244:iesys_compute_hmac() HMAC error ErrorCode (0x00070001) ERROR:esys:src/tss2-esys/esys_iutil.c:1354:iesys_gen_auths() Error while computing hmacs ErrorCode (0x00070001) ERROR:esys:src/tss2-esys/api/Esys_NV_Write.c:212:Esys_NV_Write_Async() Error in computation of auth values ErrorCode (0x00070001) ERROR:esys:src/tss2-esys/api/Esys_NV_Write.c:87:Esys_NV_Write() Error in async function ErrorCode (0x00070001) ERROR: Failed to write NV area at index 0x1500016 ERROR: Tss2_Sys_NV_Write(0x70001) - esapi:Catch all for all errors not otherwise specified ERROR: Unable to run tpm2_nvwrite ubuntu@jammy-05-dsk-crypt:~$ sudo tpm2_nvread 0x1500016 WARN: Reading full size of the NV index ERROR:esys_crypto:src/tss2-esys/esys_crypto_ossl.c:412:iesys_cryptossl_hmac_start() ErrorCode (0x00070001) DigestSignInit ERROR:esys_crypto:src/tss2-esys/esys_crypto.c:185:iesys_crypto_authHmac() Error ErrorCode (0x00070001) ERROR:esys:src/tss2-esys/esys_iutil.c:1244:iesys_compute_hmac() HMAC error ErrorCode (0x00070001) ERROR:esys:src/tss2-esys/esys_iutil.c:1354:iesys_gen_auths() Error while computing hmacs ErrorCode (0x00070001) ERROR:esys:src/tss2-esys/api/Esys_NV_Read.c:206:Esys_NV_Read_Async() Error in computation of auth values ErrorCode (0x00070001) ERROR:esys:src/tss2-esys/api/Esys_NV_Read.c:82:Esys_NV_Read() Error in async function ErrorCode (0x00070001) ERROR: Esys_NV_Read(0x70001) - esapi:Catch all for all errors not otherwise specified ERROR: Failed to read NVRAM area at index 0x1500016 ERROR: Unable to run tpm2_nvread -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2074270 Title: tpm2_tools error 0x70001 with fips-updates on 22.04 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/tpm2-tools/+bug/2074270/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
