On Wed, 2020-10-14 at 18:17 -0400, Ken Goldman wrote:
> On 10/14/2020 6:04 PM, Mimi Zohar wrote:
> > Hi Ken,
> >
> > On Mon, 2020-10-12 at 19:44 -0400, Ken Goldman wrote:
> >> The default value raw is appropriate for 'swtpm'. tpm_server
> >> uses the Microsoft packet encapsulation, so the env variable
> >> must have the value mssim.
> >>
> >> Signed-off-by: Ken Goldman <kgoldman@xxxxxxxxxx>
> >
> > Thank you for noticing this regression.
> >
> >> ---
> >> tests/boot_aggregate.test | 3 +++
> >> 1 file changed, 3 insertions(+)
> >>
> >> diff --git a/tests/boot_aggregate.test b/tests/boot_aggregate.test
> >> index 1c7b1f2..b109a32 100755
> >> --- a/tests/boot_aggregate.test
> >> +++ b/tests/boot_aggregate.test
> >> @@ -35,6 +35,7 @@ else
> >> export TPM_COMMAND_PORT=2321
> >> export TPM_PLATFORM_PORT=2322
> >> export TPM_SERVER_NAME="localhost"
> >> + # swtpm uses the raw, unencapsulated packet format
> >> export TPM_SERVER_TYPE="raw"
> >
> > Instead of adding a comment here, how about only exporting
> > TPM_SERVER_TYPE for "swtpm".
>
> That certainly works. I thought the idea was, "Make the
> smallest change that fixes the problem." Moving that
> line under swtpm is a reasonable alternative.
In this case, moving the line and adding the comment is the smallest
change. To indicate this is a bug fix, you would add "Fixes:
f831508297cd ("Install the swtpm package, if available") in addition to
your Signed-off-by tag.
>
> I'd leave the comment. I suspect many people
> don't know about the Microsoft TPM packet format,
> so the line would otherwise be confusing.
>
> >
> >>
> >> fi
> >> @@ -73,6 +74,8 @@ swtpm_start() {
> >> SWTPM_PPID=$!
> >> fi
> >> elif [ -n "${swtpm}" ]; then
> >> + # tpm_server uses the Microsoft simulator encapsulated packet format
> >> + export TPM_SERVER_TYPE="mssim"
> >
> > Exporting TPM_SERVER_TYPE like this is causing openssl/tumbleweed to
> > fail.
> >
>
> That's odd. Are you saying that openssl uses the env variable
> TPM_SERVER_TYPE? What in openssl fails? What's the error
> message.
"make check" is showing:
TPM_RC_INITIALIZE - TPM not initialized by TPM2_Startup or already
initialized
3: pcrread: failed, rc 00000100
TPM_RC_INITIALIZE - TPM not initialized by TPM2_Startup or already
initialized
4: pcrread: failed, rc 00000100
TPM_RC_INITIALIZE - TPM not initialized by TPM2_Startup or already
initialized
5: pcrread: failed, rc 00000100
TPM_RC_INITIALIZE - TPM not initialized by TPM2_Startup or already
initialized
6: pcrread: failed, rc 00000100
TPM_RC_INITIALIZE - TPM not initialized by TPM2_Startup or already
initialized
7: pcrread: failed, rc 00000100
TPM_RC_INITIALIZE - TPM not initialized by TPM2_Startup or already
initialized
8: pcrread: failed, rc 00000100
TPM_RC_INITIALIZE - TPM not initialized by TPM2_Startup or already
initialized
9: pcrread: failed, rc 00000100
TPM_RC_INITIALIZE - TPM not initialized by TPM2_Startup or already
initialized
INFO: Calculating the boot_aggregate (PCRs 0 - 9) for multiple banks
Failed to read any TPM PCRs
errno: No such file or directory (2)
SKIP: evmctl ima_boot_aggregate:
thanks,
Mimi
