tpm2-tools icon indicating copy to clipboard operation
tpm2-tools copied to clipboard

Published 20 hours ago verified publisher icon tpm2-software

tss2_getrandom: ErrorCode (0x00060034) Create FAPI session

Open fansari opened this issue 1 year ago • 0 comments

I tried to run this example command

tss2_getrandom --numBytes=20 --data=-

but get these error messages:

ERROR:fapi:src/tss2-fapi/ifapi_keystore.c:515:rel_path_to_abs_path() ErrorCode (0x00060034) FAPI not provisioned for path: P_ECCP256SHA256/HS/SRK.
ERROR:fapi:src/tss2-fapi/ifapi_keystore.c:582:ifapi_keystore_load_async() ErrorCode (0x00060034) Object P_ECCP256SHA256/HS/SRK not found.
ERROR:fapi:src/tss2-fapi/fapi_util.c:847:ifapi_load_primary_async() ErrorCode (0x00060034) Could not open: P_ECCP256SHA256/HS/SRK
ERROR:fapi:src/tss2-fapi/fapi_util.c:1309:ifapi_get_sessions_async() ErrorCode (0x00060034) Load EK
ERROR:fapi:src/tss2-fapi/api/Fapi_GetRandom.c:167:Fapi_GetRandom_Async() ErrorCode (0x00060034) Create FAPI session
ERROR:fapi:src/tss2-fapi/api/Fapi_GetRandom.c:87:Fapi_GetRandom() ErrorCode (0x00060034) GetRandom
Fapi_GetRandom(0x60034) - fapi:Provisioning was not executed.

I also noticed these fapi errors on other occasions.

This is my /etc/tpm2-tss/fapi-config.json:

{
     "profile_name": "P_ECCP256SHA256",
     "profile_dir": "/etc/tpm2-tss/fapi-profiles/",
     "user_dir": "~/.local/share/tpm2-tss/user/keystore",
     "system_dir": "/var/lib/tpm2-tss/system/keystore",
     "tcti": "",
     "system_pcrs" : [],
     "log_dir" : "/run/tpm2-tss/eventlog/"
}

Tested with: OS: Fedora 36 Silverblue Version: tpm2-tools-5.2-2.fc36.x86_6 TPM2 chip: Infineon SLB9665

Is this related to #655? If yes - I have tried this:

export TSS2_LOG=fapi+NONE
tss2_getrandom --numBytes=20 --data=-

If I do this I get this:

Fapi_GetRandom(0x60034) - fapi:Provisioning was not executed.

but no other output.

Next try:

tss2_provision
Fapi_Provision(0x6000B) - fapi:A parameter has a bad value

I found some example to put

"system_pcrs" : [0, 1, 2, 3, 4, 5, 6, 7],

but this is just guessing for course and gives another error:

tss2_provision
ERROR:fapijson:src/tss2-fapi/tpm_json_deserialize.c:413:ifapi_json_TPMS_PCR_SELECTION_deserialize() Field "hash" not found.
ERROR:fapijson:src/tss2-fapi/tpm_json_deserialize.c:1978:ifapi_json_TPML_PCR_SELECTION_deserialize() Bad value for field "pcrSelections". ErrorCode (0x0006000b)
Fapi_Initialize(0x6000B) - fapi:A parameter has a bad value

fansari avatar Aug 13 '22 13:08 fansari