On 10/14/2020 6:28 PM, Mimi Zohar wrote:
>>>>
>>>> fi
>>>> @@ -73,6 +74,8 @@ swtpm_start() {
>>>> SWTPM_PPID=$!
>>>> fi
>>>> elif [ -n "${swtpm}" ]; then
>>>> + # tpm_server uses the Microsoft simulator encapsulated packet format
>>>> + export TPM_SERVER_TYPE="mssim"
>>> Exporting TPM_SERVER_TYPE like this is causing openssl/tumbleweed to
>>> fail.
>>>
>> That's odd. Are you saying that openssl uses the env variable
>> TPM_SERVER_TYPE? What in openssl fails? What's the error
>> message.
> "make check" is showing:
>
>
> TPM_RC_INITIALIZE - TPM not initialized by TPM2_Startup or already
> initialized
> 3: pcrread: failed, rc 00000100
> TPM_RC_INITIALIZE - TPM not initialized by TPM2_Startup or already
> initialized
> 4: pcrread: failed, rc 00000100
> TPM_RC_INITIALIZE - TPM not initialized by TPM2_Startup or already
> initialized
> 5: pcrread: failed, rc 00000100
> TPM_RC_INITIALIZE - TPM not initialized by TPM2_Startup or already
> initialized
> 6: pcrread: failed, rc 00000100
> TPM_RC_INITIALIZE - TPM not initialized by TPM2_Startup or already
> initialized
> 7: pcrread: failed, rc 00000100
> TPM_RC_INITIALIZE - TPM not initialized by TPM2_Startup or already
> initialized
> 8: pcrread: failed, rc 00000100
> TPM_RC_INITIALIZE - TPM not initialized by TPM2_Startup or already
> initialized
> 9: pcrread: failed, rc 00000100
> TPM_RC_INITIALIZE - TPM not initialized by TPM2_Startup or already
> initialized
> INFO: Calculating the boot_aggregate (PCRs 0 - 9) for multiple banks
> Failed to read any TPM PCRs
> errno: No such file or directory (2)
> SKIP: evmctl ima_boot_aggregate:
Are you sure that this failure is within openssl? It doesn't look
that way to me.
Were there perhaps more of those errors? I suspect that because
the messages are labeled 3-9, but PCR 0-9 are read.
I don't know the test code. My guess is:
- If there were 10 errors, the startup command is missing,
causing each PCR read to fail.
- If there were 9 errors, startup is being sent before each PCR read,
but only one is permitted.
