Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

TPM PKCS#11 Errors in Red Hat Enterprise Linux 8.6 #879

Open
blueaxions opened this issue Nov 5, 2024 · 0 comments
Open

TPM PKCS#11 Errors in Red Hat Enterprise Linux 8.6 #879

blueaxions opened this issue Nov 5, 2024 · 0 comments

Comments

@blueaxions
Copy link

Hello,
Running RHEL 8.6 on a Dell laptop with a STMicro TPM chip. I'm able to successfully initialize the TPM and create tokens and objects using the 'tpm2_ptool' command.
I have the following variables set:

TPM2TOOLS_TCTI=device:/dev/tpmrm0
TPM2_PKCS11_TCTI=device:/dev/tpmrm0

I have the following packages installed:

tpm2-abrmd.x86_64 2.3.3-2.el8 @dvd-BaseOS-rhel8dot6
tpm2-abrmd-selinux.noarch 2.3.1-1.el8 @dvd-BaseOS-rhel8dot6
tpm2-pkcs11.x86_64 1.6.0-1.el8 @@commandline
tpm2-pkcs11-tools.x86_64 1.6.0-1.el8 @@commandline
tpm2-tools.x86_64 4.1.1-5.el8 @anaconda
tpm2-tss.x86_64 2.3.2-4.el8 @anaconda
p11-kit.x86_64 0.23.22-1.el8 @anaconda
p11-kit-trust.x86_64 0.23.22-1.el8 @anaconda

Created the this file: /etc/pkcs11/modules/tpm2_pkcs11.module
-rw-r--r--. 1 root root 39 Nov 1 16:23 /etc/pkcs11/modules/tpm2_pkcs11.module

Which has:
module: libtpm2_pkcs11.so
critical: no

Also, the TPM2 PKCS11 library is in this location:

ls -al /usr/lib64/pkcs11/

total 644
drwxr-xr-x. 2 root root 144 Nov 1 10:01 .
dr-xr-xr-x. 62 root root 49152 Nov 1 13:41 ..
lrwxrwxrwx. 1 root root 23 Nov 22 2022 libtpm2_pkcs11.so -> libtpm2_pkcs11.so.0.0.0
lrwxrwxrwx. 1 root root 23 Nov 22 2022 libtpm2_pkcs11.so.0 -> libtpm2_pkcs11.so.0.0.0
-rwxr-xr-x. 1 root root 245304 Nov 22 2022 libtpm2_pkcs11.so.0.0.0
-rwxr-xr-x. 1 root root 247568 Jan 11 2021 p11-kit-trust.so

But none of the 'p11tool' or the 'p11-kit' commands work. For example, doing a p11-kit list-modules shows these errors:

]$ p11-kit list-modules
WARNING:esys:src/tss2-esys/api/Esys_TestParms.c:269:Esys_TestParms_Finish() Received TPM Error
ERROR:esys:src/tss2-esys/api/Esys_TestParms.c:95:Esys_TestParms() Esys Finish ErrorCode (0x000001c4)
WARNING:esys:src/tss2-esys/api/Esys_TestParms.c:269:Esys_TestParms_Finish() Received TPM Error
ERROR:esys:src/tss2-esys/api/Esys_TestParms.c:95:Esys_TestParms() Esys Finish ErrorCode (0x000001c4)
WARNING:esys:src/tss2-esys/api/Esys_TestParms.c:269:Esys_TestParms_Finish() Received TPM Error
ERROR:esys:src/tss2-esys/api/Esys_TestParms.c:95:Esys_TestParms() Esys Finish ErrorCode (0x000001e6)
WARNING:esys:src/tss2-esys/api/Esys_TestParms.c:269:Esys_TestParms_Finish() Received TPM Error
ERROR:esys:src/tss2-esys/api/Esys_TestParms.c:95:Esys_TestParms() Esys Finish ErrorCode (0x000001e6)
WARNING:esys:src/tss2-esys/api/Esys_TestParms.c:269:Esys_TestParms_Finish() Received TPM Error
ERROR:esys:src/tss2-esys/api/Esys_TestParms.c:95:Esys_TestParms() Esys Finish ErrorCode (0x000001e6)
p11-kit-trust: p11-kit-trust.so
library-description: PKCS#11 Kit Trust Module
library-manufacturer: PKCS#11 Kit
library-version: 0.23
token: System Trust
manufacturer: PKCS#11 Kit
model: p11-kit-trust
serial-number: 1
hardware-version: 0.23
flags:
write-protected
token-initialized
token: Default Trust
manufacturer: PKCS#11 Kit
model: p11-kit-trust
serial-number: 1
hardware-version: 0.23
flags:
write-protected
token-initialized
tpm2_pkcs11: libtpm2_pkcs11.so
library-description: TPM2.0 Cryptoki
library-manufacturer: tpm2-software.github.io
library-version: 0.0
token:
manufacturer: STMicro
model:
serial-number: 0000000000000000
hardware-version: 1.38
firmware-version: 74.8
flags:
rng
login-required

Or, running the p11tool shows these errors:

$ p11tool --list-all --provider /usr/lib64/pkcs11/libtpm2_pkcs11.so
WARNING:esys:src/tss2-esys/api/Esys_TestParms.c:269:Esys_TestParms_Finish() Received TPM Error
ERROR:esys:src/tss2-esys/api/Esys_TestParms.c:95:Esys_TestParms() Esys Finish ErrorCode (0x000001c4)
WARNING:esys:src/tss2-esys/api/Esys_TestParms.c:269:Esys_TestParms_Finish() Received TPM Error
ERROR:esys:src/tss2-esys/api/Esys_TestParms.c:95:Esys_TestParms() Esys Finish ErrorCode (0x000001c4)
WARNING:esys:src/tss2-esys/api/Esys_TestParms.c:269:Esys_TestParms_Finish() Received TPM Error
ERROR:esys:src/tss2-esys/api/Esys_TestParms.c:95:Esys_TestParms() Esys Finish ErrorCode (0x000001e6)
WARNING:esys:src/tss2-esys/api/Esys_TestParms.c:269:Esys_TestParms_Finish() Received TPM Error
ERROR:esys:src/tss2-esys/api/Esys_TestParms.c:95:Esys_TestParms() Esys Finish ErrorCode (0x000001e6)
WARNING:esys:src/tss2-esys/api/Esys_TestParms.c:269:Esys_TestParms_Finish() Received TPM Error
ERROR:esys:src/tss2-esys/api/Esys_TestParms.c:95:Esys_TestParms() Esys Finish ErrorCode (0x000001e6)
No matching objects found

Any help would be greatly appreciated!

TIA.

Best,
potequity
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@blueaxions