dasharo-issues icon indicating copy to clipboard operation
dasharo-issues copied to clipboard

Published 20 hours ago verified publisher icon Dasharo

TPM commands test failures

Open filipleple opened this issue 1 year ago • 3 comments

Component

Dasharo firmware

Device

Protectli VP2420

Dasharo version

v1.2.0

Dasharo Tools Suite version

No response

Brief summary

Multiple TPM2 Commands tests fail

How reproducible

No response

How to reproduce

Run the TPM2 Commands test

Expected behavior

The test should pass

Actual behavior

Multiple test cases fail:

  • TPMCMD005.001 CREATEPRIMARY Function Verification
  • TPMCMD006.001 NVDEFINE and NVUNDEFINE Functions Verification
  • TPMCMD007.001 CREATE Function
  • TPMCMD007.002 CREATELOADED Function
  • TPMCMD008.001 Signing the file
  • TPMCMD011.001 Performing HMAC operation on the file

Screenshots

Full test log:

https://cloud.3mdeb.com/index.php/s/mGAnQC7J5A9K3FH

Additional context

==============================================================================
Tpm2-Commands
==============================================================================

Checking if tpm2-tools is installed...

Package tpm2-tools is installed
TPMCMD001.001 Check if both SHA1 and SHA256 PCRs are enabled (Ubun... | PASS |
------------------------------------------------------------------------------
TPMCMD002.001 PCRREAD Function Verification (Ubuntu 22.04) :: This... | PASS |
------------------------------------------------------------------------------
TPMCMD003.001 PCREXTEND And PCRRESET Functions (Ubuntu 22.04) :: T... | PASS |
------------------------------------------------------------------------------
TPMCMD003.002 PCREXTEND And PCRRESET Functions - locality protecti... | PASS |
------------------------------------------------------------------------------
TPMCMD004.001 PCREVENT Function (Ubuntu 22.04) :: This test aims t... | PASS |
------------------------------------------------------------------------------
TPMCMD005.001 CREATEPRIMARY Function Verification (Ubuntu 22.04) :... | FAIL |
'WARNING:esys:src/tss2-esys/api/Esys_CreatePrimary.c:400:Esys_CreatePrimary_Finish() Received TPM Error
ERROR:esys:src/tss2-esys/api/Esys_CreatePrimary.c:135:Esys_CreatePrimary() Esys Finish ErrorCode (0x000009a2)
ERROR: Esys_CreatePrimary(0x9A2) - tpm:session(1):authorization failure without DA implications
ERROR: Unable to run tpm2_createprimary' does not contain 'value: sha256'
------------------------------------------------------------------------------
TPMCMD006.001 NVDEFINE and NVUNDEFINE Functions Verification (Ubun... | FAIL |
'WARNING:esys:src/tss2-esys/api/Esys_NV_ReadPublic.c:309:Esys_NV_ReadPublic_Finish() Received TPM Error
ERROR:esys:src/tss2-esys/esys_tr.c:209:Esys_TR_FromTPMPublic_Finish() Error NV_ReadPublic ErrorCode (0x0000018b)
ERROR:esys:src/tss2-esys/esys_tr.c:320:Esys_TR_FromTPMPublic() Error TR FromTPMPublic ErrorCode (0x0000018b)
ERROR: Esys_TR_FromTPMPublic(0x18B) - tpm:handle(1):the handle is not correct for the use
ERROR: Unable to run tpm2_nvread=' does not contain 'nvtest'
------------------------------------------------------------------------------
TPMCMD007.001 CREATE Function (Ubuntu 22.04) :: This test aims to ... | FAIL |
'ERROR: Incorrect handle value, got: "primary.ctx", expected expected [o|p|e|n|l] or a handle number
ERROR: Cannot make sense of object context "primary.ctx"
ERROR: Unable to run tpm2_create' does not contain 'value: sha256'
------------------------------------------------------------------------------
TPMCMD007.002 CREATELOADED Function (Ubuntu 22.04) :: This test ai... | FAIL |
'ERROR: Incorrect handle value, got: "primary.ctx", expected expected [o|p|e|n|l] or a handle number
ERROR: Cannot make sense of object context "primary.ctx"
ERROR: Unable to run tpm2_create' does not contain 'value: sha256'
------------------------------------------------------------------------------
TPMCMD008.001 Signing the file (Ubuntu 22.04) :: Check whether the... | FAIL |
'WARNING:esys:src/tss2-esys/api/Esys_CreatePrimary.c:400:Esys_CreatePrimary_Finish() Received TPM Error
ERROR:esys:src/tss2-esys/api/Esys_CreatePrimary.c:135:Esys_CreatePrimary() Esys Finish ErrorCode (0x000009a2)
ERROR: Esys_CreatePrimary(0x9A2) - tpm:session(1):authorization failure without DA implications
ERROR: Unable to run tpm2_createprimary' contains one or more of 'WARN' or 'ERROR'
------------------------------------------------------------------------------
TPMCMD009.001 Encryption and Decryption of the file (Ubuntu 22.04)... | SKIP |
TPM doesn't supports TPM2_EncryptDecrypt nor TPM2_EncryptDecrypt2
------------------------------------------------------------------------------
TPMCMD010.001 Hashing the file (Ubuntu 22.04) :: Check whether the... | PASS |
------------------------------------------------------------------------------
TPMCMD011.001 Performing HMAC operation on the file (Ubuntu 22.04)... | FAIL |
'WARNING:esys:src/tss2-esys/api/Esys_CreatePrimary.c:400:Esys_CreatePrimary_Finish() Received TPM Error
ERROR:esys:src/tss2-esys/api/Esys_CreatePrimary.c:135:Esys_CreatePrimary() Esys Finish ErrorCode (0x000009a2)
ERROR: Esys_CreatePrimary(0x9A2) - tpm:session(1):authorization failure without DA implications
ERROR: Unable to run tpm2_createprimary' contains one or more of 'WARN' or 'ERROR'
------------------------------------------------------------------------------
Tpm2-Commands                                                         | FAIL |
13 tests, 6 passed, 6 failed, 1 skipped
==============================================================================

Solutions you've tried

No response

filipleple avatar Apr 11 '24 16:04 filipleple

@krystian-hebel Here we have some more failures than in: https://github.com/Dasharo/open-source-firmware-validation/issues/217

Do you think it is also related to the TPM module?

It is this one here: https://eu.protectli.com/product/tpm02/

@pkubaj The same module should be in use on VP6000 series. What are your results here?

macpijan avatar Apr 12 '24 10:04 macpijan

@filipleple Can you summarize this after retesting and fixes (https://github.com/Dasharo/open-source-firmware-validation/pull/266) ? Do we still have that many failures, or maybe just this one https://github.com/Dasharo/open-source-firmware-validation/issues/217 ?

macpijan avatar May 10 '24 13:05 macpijan

@macpijan after the fixes this issue seems to be resolved:

==============================================================================
Tpm2-Commands
==============================================================================

Checking if tpm2-tools is installed...

Package tpm2-tools is installed
TPMCMD001.001 Check if both SHA1 and SHA256 PCRs are enabled (Ubun... | PASS |
------------------------------------------------------------------------------
TPMCMD002.001 PCRREAD Function Verification (Ubuntu 22.04) :: This... | PASS |
------------------------------------------------------------------------------
TPMCMD003.001 PCREXTEND And PCRRESET Functions (Ubuntu 22.04) :: T... | PASS |
------------------------------------------------------------------------------
TPMCMD003.002 PCREXTEND And PCRRESET Functions - locality protecti... | PASS |
------------------------------------------------------------------------------
TPMCMD004.001 PCREVENT Function (Ubuntu 22.04) :: This test aims t... | PASS |
------------------------------------------------------------------------------
TPMCMD005.001 CREATEPRIMARY Function Verification (Ubuntu 22.04) :... | PASS |
------------------------------------------------------------------------------
TPMCMD006.001 NVDEFINE and NVUNDEFINE Functions Verification (Ubun... | PASS |
------------------------------------------------------------------------------
TPMCMD007.001 CREATE Function (Ubuntu 22.04) :: This test aims to ... | PASS |
------------------------------------------------------------------------------
TPMCMD007.002 CREATELOADED Function (Ubuntu 22.04) :: This test ai... | PASS |
------------------------------------------------------------------------------
TPMCMD008.001 Signing the file (Ubuntu 22.04) :: Check whether the... | PASS |
------------------------------------------------------------------------------
TPMCMD009.001 Encryption and Decryption of the file (Ubuntu 22.04)... | SKIP |
TPM doesn't supports TPM2_EncryptDecrypt nor TPM2_EncryptDecrypt2
------------------------------------------------------------------------------
TPMCMD010.001 Hashing the file (Ubuntu 22.04) :: Check whether the... | PASS |
------------------------------------------------------------------------------
TPMCMD011.001 Performing HMAC operation on the file (Ubuntu 22.04)... | PASS |
------------------------------------------------------------------------------
Tpm2-Commands                                                         | PASS |
13 tests, 12 passed, 0 failed, 1 skipped
==============================================================================

filipleple avatar May 10 '24 15:05 filipleple