Issue with TPM2 Encrypt/Decrypt Functionality and TSS API Integration

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Dear TPM 2.0 Mailing List Community,

I am currently facing an issue while attempting to utilize the TPM2
Encrypt/Decrypt functionality in conjunction with the TSS API
integration.

I have followed the steps outlined in the TPM2 Encrypt/Decrypt man
page (https://tpm2-tools.readthedocs.io/en/latest/man/tpm2_encryptdecrypt.1/)
to create primary and key contexts successfully. However, when I
attempt to use the encrypt/decrypt functionality, I encounter the
following errors:

# tpm2_encryptdecrypt -c key.ctx -o secret.enc secret.dat
WARN: Using a weak IV, try specifying an IV
WARNING:esys:src/tss2-esys/api/Esys_EncryptDecrypt2.c:322:Esys_EncryptDecrypt2_Finish()
Received TPM Error
ERROR:esys:src/tss2-esys/api/Esys_EncryptDecrypt2.c:107:Esys_EncryptDecrypt2()
Esys Finish ErrorCode (0x000b0143)
WARNING:esys:src/tss2-esys/api/Esys_EncryptDecrypt.c:328:Esys_EncryptDecrypt_Finish()
Received TPM Error
ERROR:esys:src/tss2-esys/api/Esys_EncryptDecrypt.c:110:Esys_EncryptDecrypt()
Esys Finish ErrorCode (0x000002c9)
ERROR: Esys_EncryptDecrypt(0x2C9) - tpm:parameter(2):mode of operation
not supported
ERROR: Unable to run tpm2_encryptdecrypt

Further investigation led me to the discovery that the TPM I am using
does not support the TPM2_CC_Encryptdecrypt2 command, as confirmed by
the output of

# tpm2_getcap commands | grep -i Encryptdecrypt
TPM2_CC_EncryptDecrypt:

In an attempt to resolve this issue, I decided to explore utilizing
the TSS API instead. However, I encountered a new error when
attempting to create a primary context using the tsscreateprimary
command:

# tsscreateprimary -hi p -st -opu primary.pub
TSS_Socket_Open: Error on connect to localhost:2321
TSS_Socket_Open: client connect: error 111 Connection refused
createprimary: failed, rc 000b0008
TSS_RC_NO_CONNECTION - Failure connecting to lower layer

For additional context, my system configuration is as follows:

Kernel version: 6.6.8-g19a0c7318c79
Installed packages: tpm2-tools, tpm2-abrmd, tss2
Discrete TPM in use: ATTPM20P by Microchip

I would greatly appreciate any insights, suggestions, or guidance on
how to address this issue. Additionally, if there are alternative
approaches or best practices for achieving the desired TPM
functionality in my environment, I would be eager to learn about them.

Thank you in advance for your time and assistance.

Samuel Lee
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Linux Kernel]     [Linux Kernel Hardening]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux SCSI]

  Powered by Linux