tpm2-tools
tpm2-tools copied to clipboard
tpm2-software
ifapi_io_check_create_dir() ErrorCode (0x0006000a)
Hi,
I'm tying to get random data from the tpm with the fapi: Fapi_Initialize( &context, NULL); returns me ERROR:fapi:src/tss2-fapi/ifapi_io.c:292:ifapi_io_check_create_dir() ErrorCode (0x0006000a) Directory /usr/local/var/run/tpm2-tss/eventlog/ is not writeable. ERROR:fapi:src/tss2-fapi/ifapi_eventlog.c:44:ifapi_eventlog_initialize() ErrorCode (0x0006000a) Directory check/creation failed for /usr/local/var/run/tpm2-tss/eventlog/ ERROR:fapi:src/tss2-fapi/api/Fapi_Initialize.c:191:Fapi_Initialize_Finish() Initializing evenlog module ErrorCode (0x0006000a) WARNING:fapi:src/tss2-fapi/api/Fapi_Finalize.c:42:Fapi_Finalize() Attempting to free NULL context 24abfd98ed42e871
then tried it with the esys functionality: works as expected: d0205bd8b55d4539
I tried to call the executable with sudo --> ERROR:fapi:src/tss2-fapi/ifapi_keystore.c:512:rel_path_to_abs_path() ErrorCode (0x00060020) Key P_RSA2048SHA256/HS/SRK not found. ERROR:fapi:src/tss2-fapi/ifapi_keystore.c:556:ifapi_keystore_load_async() ErrorCode (0x00060020) Object P_RSA2048SHA256/HS/SRK not found. ERROR:fapi:src/tss2-fapi/fapi_util.c:727:ifapi_load_primary_async() ErrorCode (0x00060020) Could not open: P_RSA2048SHA256/HS/SRK ERROR:fapi:src/tss2-fapi/fapi_util.c:1160:ifapi_get_sessions_async() ErrorCode (0x00060020) Load EK ERROR:fapi:src/tss2-fapi/api/Fapi_GetRandom.c:160:Fapi_GetRandom_Async() ErrorCode (0x00060020) Create FAPI session ERROR:fapi:src/tss2-fapi/api/Fapi_GetRandom.c:84:Fapi_GetRandom() ErrorCode (0x00060020) GetRandom
So $PREFIX/var/run/tpm2-tss/eventlog/ must be writable. make install should actually take care of that for group tss (that you then need to be a user of)
Also you need to call tss2_provision before any other tss2_* command. Latest (tpm2-tss) master should also contain some better error messages for this.
TSS2_RC rc = Fapi_Initialize(&context, NULL);
if (rc != TSS2_RC_SUCCESS) { fprintf(stderr, "Fapi_Initialize: %s\n", Tss2_RC_Decode(rc)); exit(1); }
/*
- This is typically done once via the tpm2-tools tool: tss2_provision
- So this may fail, because it's already been provisioned. SO just log a warning
- and plod ahead.... */
rc = Fapi_Provision(context, NULL, NULL, NULL); if (rc != TSS2_RC_SUCCESS) { fprintf(stderr, "WARN: Fapi_Provision: %s\n", Tss2_RC_Decode(rc)); }
uint8_t *bytes = NULL; rc = Fapi_GetRandom(context, 8, &bytes); if (rc != TSS2_RC_SUCCESS) { fprintf(stderr, "Fapi_GetRandom: %s\n", Tss2_RC_Decode(rc)); exit(1); }
this is a part of the actual sourcecode - i did suo make install and added the tss into the group as it is mentioned in the install file
I meet the related question: I successfully use the tss2_provision and tss2_createkey. But when I tried to use the key to sign the hash value. it informs me that can't find the key:
ERROR:fapi:src/tss2-fapi/ifapi_keystore.c:533:rel_path_to_abs_path() ErrorCode (0x00060020) Key P_RSA2048SHA256/HS/SRK/aster1SignKey not found.
ERROR:fapi:src/tss2-fapi/ifapi_keystore.c:581:ifapi_keystore_load_async() ErrorCode (0x00060020) Object P_RSA2048SHA256/HS/SRK/aster1SignKey not found.
ERROR:fapi:src/tss2-fapi/fapi_util.c:1763:ifapi_load_key_finish() ErrorCode (0x00060020) Could not open: P_RSA2048SHA256/HS/SRK/aster1SignKey
ERROR:fapi:src/tss2-fapi/fapi_util.c:1660:ifapi_load_keys_finish() Load keys ErrorCode (0x00060020)
ERROR:fapi:src/tss2-fapi/fapi_util.c:2674:ifapi_load_key() ErrorCode (0x00060020) Load key.
ERROR:fapi:src/tss2-fapi/api/Fapi_Sign.c:288:Fapi_Sign_Finish() Fapi load key. ErrorCode (0x00060020)
ERROR:fapi:src/tss2-fapi/api/Fapi_Sign.c:130:Fapi_Sign() ErrorCode (0x00060020) Key_Sign
Fapi_Sign(0x60020) - fapi:The key was not found
Besides, I check the permission, the files under var can be written by tss group, and my group is tss. So I have a question, where is the dir P_RSA2048SHA256/HS, is it in var/lib/tpm2-tss/system?
With tss2_getinfo -o -| more the FAPI configuration will be displayed. The system and the user directory can be determined.
The default directory for keys created by tss2_createkey is the user directory. The default directory for the SRK is the system directory. So after tss2_creatkey the directories P_RSA2048SHA256/HS/SRK/aster1SignKey should be created in the user directory defined in the FAPI configuration.
