tpm2-tss
tpm2-tss copied to clipboard
tpm2-software
can not use the function:esys_GetResourceObject
I want to use the esapi in my project.However when i invoke the esys_GetResourceObject,it report the error "undefined symbol: esys_GetResourceObject".I get the lib/dll by build the tpm2-tss.sln with LLVM(clang-cl) in VS2019,and I'm sure that the input of linker in my project contain all lib which I get.I don't know how to solve this error.I'd appreciate it if I could get your response.Thank you.
esys_GetResourceObject is not part of the ESAPI API. Objects are created by ESAPI functions (e.g. Esys_Create, Esys_TR_FromTPMPublic, ...) and can be used via the returned ESAPI handle.
Thanks for response.I try to create EK so I refer to esys-create-primary-hmac.int.c and the esys_GetResourceObject is used in this c file.Now I want to get the data of EK after creating it,what do I suppose to do?How do I get the handle?
yes actually the call of esys_GetResourceObject should not be part of an integration test. The handle is returned by Esys_CreatePrimary (ESYS_TR *objectHandle). And you can youse Esys_ReadPublic to get the public data of the EK.
I tried the method you suggested. Esys_CreatePrimary(esysContext, ESYS_TR_RH_ENDORSEMENT, session, ESYS_TR_NONE, ESYS_TR_NONE, &inSensitive, &inPublic, &outsideInfo, &creationPCR, &objectHandle, &outPublic, &creationData, &creationHash, &creationTicket); Esys_NV_ReadPublic(esysContext, objectHandle, session, ESYS_TR_NONE, ESYS_TR_NONE, &nvPublic, &nvName); I use the objectHandle to read public,but it report the error: WARNING:esys:api\Esys_NV_ReadPublic.c:309:Esys_NV_ReadPublic_Finish() Received TPM Error ERROR:esys:api\Esys_NV_ReadPublic.c:109:Esys_NV_ReadPublic() Esys Finish ErrorCode (0x00000084) It's like I can't get data from tpm.
Esys_NV_ReadPublic is the wrong function. You should use Esys_ReadPublic. Esys_NV_ReadPublic reads the public area and Name of an NV Index.
Esys_ReadPublic(esysContext, objectHandle, session, ESYS_TR_NONE, ESYS_TR_NONE, &nvPublic, &nvName, &qualifiedName); It still report the error: WARNING:esys:api\Esys_ReadPublic.c:320:Esys_ReadPublic_Finish() Received TPM Error ERROR:esys:api\Esys_ReadPublic.c:104:Esys_ReadPublic() Esys Finish ErrorCode (0x00000082) Maybe some parameters are wrong.I define the parameters as same as esys-create-primary-hmac. I call the Esys_Initialize(&esysContext, tctiContext, &abiVersion); to get a context and tctiContext is defined as NULL,abiVersion is defined as {1, 2, 1, 108}.
@SAO-kirito-asuna What is the session parameter value? You can set that to ESYS_TR_NONE. Also, what is objectHandle, is it an ESYS_TR and how did you obtain it?
The value of session is 1073746249.
ESYS_TR session = ESYS_TR_NONE; TPMT_SYM_DEF symmetric = { .algorithm = TPM2_ALG_NULL }; rval = Esys_StartAuthSession(esysContext, ESYS_TR_NONE, ESYS_TR_NONE, ESYS_TR_NONE, ESYS_TR_NONE, ESYS_TR_NONE, NULL, TPM2_SE_HMAC, &symmetric, TPM2_ALG_SHA256, &session);
If I set the value of session as ESYS_TR_NONE,it will report the error:
ERROR:esys:esys_iutil.c:1179:check_session_feasibility() Not enough sessions provided for the command. ERROR:esys:api\Esys_CreatePrimary.c:208:Esys_CreatePrimary_Async() Check session usage ErrorCode (0x0007000b) ERROR:esys:api\Esys_CreatePrimary.c:110:Esys_CreatePrimary() Error in async function ErrorCode (0x0007000b)
I get the objectHandle by using the call of Esys_CreatePrimary.The objectHandle is defined as ESYS_TR.
The call of Esys_ReadPublic succeed if I set the session as ESYS_TR_NONE.But the the value of nvName is different each time.
Could I get the Abstract of the EK public key by calling Esys_ReadPublic?
@SAO-kirito-asuna You get the results described in the Spec: Trusted Platform Module Library Part 3: Commands for the command TPM2_ReadPublic. So additionally to the public data you already got from Esys_CreatePrimary you will get the name which should not change if you use a physical TPM for different calls of create primary.
I find that the ESYS_CONTEXT is different each time.Is it why I get the the different value of nvName each time?
@SAO-kirito-asuna Could you please attach the esapi calls of your example and describe the device of your test (Physical TPM or Simulator).
I was mistaken.Now I print nvName->name and it's same each time.I use cout << (int)nvName->name[j]; to print the name,is it right?
@SAO-kirito-asuna you could e.g. print the name as follows:
for (int i = 0; i < nvName->size; i++) {
fprintf(stderr,"%02x", nvName->name[i]);
}
Thanks for your help.I call the Esys_Create to get the AIK and want to get the digest of the name of AIK.But I don't find any function to do that.How do I to get the digest?
@SAO-kirito-asuna You will get the needed handle by calling Esys_Load.
You can find examples in the integration tests (e.g. test/integration/ esys-create-session-auth.int.c).
The ManufacturerIdTxt of the tpm is INTC.There is no EK certificate in the tpm.How do I do to get the EK certificate?
Ff the tpm tools are installed you can get the certificate as described on: https://github.com/tpm2-software/tpm2-tools/blob/master/man/tpm2_getekcertificate.1.md If you use FAPI you can get it as follows:
tss2_provision
tss2_getcertificate -p /HE/EK -o ek-cert.pem
Or you can use the corresponding FAPI functions Fapi_Provision and Fapi_GetCertificate. The Intel certifcates are not stored in the TPM. They have to be downloaded based on an URL which is derived from the public data of the EK.
