Discussion:
Can't take ownership, unknown error
(too old to reply)
Florian Hars
2013-01-07 09:53:57 UTC
Permalink
I an trying to take ownership of an infineon SLB9635 TPM, with
trousers 0.3.10 and tpm_tools 1.3.8, but I always get an unknown error:

# tpm_takeownership -l debug -y -z
Tspi_Context_Create success
Tspi_Context_Connect success
Tspi_Context_GetTpmObject success
Tspi_GetPolicyObject success
Tspi_Policy_SetSecret success
Tspi_Context_CreateObject success
Tspi_GetPolicyObject success
Tspi_Policy_SetSecret success
Tspi_TPM_TakeOwnership failed: 0x00003128 - layer=tsp, code=0128
(296), Unknown
Tspi_Context_CloseObject success
Tspi_Context_FreeMemory success
Tspi_Context_Close success

# tpm_version
TPM 1.2 Version Info:
Chip Version: 1.2.3.16
Spec Level: 2
Errata Revision: 2
TPM Vendor ID: IFX
Vendor Specific data: 0310000a 00
TPM Version: 01010000
Manufacturer Info: 49465800

I get the same error if I try to get the public EK:

# tpm_getpubek
Tspi_TPM_GetPubEndorsementKey failed: 0x00003128 - layer=tsp,
code=0128 (296), Unknown

# lsmod | grep tpm
tpm_tis 19211 1
tpm 27336 1 tpm_tis
tpm_bios 18939 1 tpm

# uname -a
Linux host 3.7.1-4-desktop #1 SMP PREEMPT Mon Dec 17 20:23:18 UTC 2012
(5e9fe70) x86_64 x86_64 x86_64 GNU/Linux

# dmesg | grep tpm
[ 26.360848] tpm_tis 00:0f: 1.2 TPM (device-id 0xB, rev-id 16)

Once I got an I/O error instead, but I cannot reproduce that:

Tspi_TPM_TakeOwnership failed: 0x00001087 - layer=tddl, code=0087
(135), I/O error

Has anyone seen this before?


- Florian.
--
Dr. Florian Hars ***@pre-sense.de
Tel. +49 - 40 - 244 2407 - 30
Fax +49 - 40 - 244 2407 - 24
PRESENSE Technologies GmbH Sachsenstr. 5, D-20097 HH
USt-IdNr.: DE263765024
Geschäftsführer/Managing Directors AG Hamburg, HRB 107844
Till Dörges Jürgen Sander Axel Theilmann
august huber
2013-01-07 15:10:31 UTC
Permalink
Your TPM has come out of the box without an endorsement key;
tpm_createek will generate one for you.
Post by Florian Hars
I an trying to take ownership of an infineon SLB9635 TPM, with
# tpm_takeownership -l debug -y -z
Tspi_Context_Create success
Tspi_Context_Connect success
Tspi_Context_GetTpmObject success
Tspi_GetPolicyObject success
Tspi_Policy_SetSecret success
Tspi_Context_CreateObject success
Tspi_GetPolicyObject success
Tspi_Policy_SetSecret success
Tspi_TPM_TakeOwnership failed: 0x00003128 - layer=tsp, code=0128
(296), Unknown
Tspi_Context_CloseObject success
Tspi_Context_FreeMemory success
Tspi_Context_Close success
# tpm_version
Chip Version: 1.2.3.16
Spec Level: 2
Errata Revision: 2
TPM Vendor ID: IFX
Vendor Specific data: 0310000a 00
TPM Version: 01010000
Manufacturer Info: 49465800
# tpm_getpubek
Tspi_TPM_GetPubEndorsementKey failed: 0x00003128 - layer=tsp,
code=0128 (296), Unknown
# lsmod | grep tpm
tpm_tis 19211 1
tpm 27336 1 tpm_tis
tpm_bios 18939 1 tpm
# uname -a
Linux host 3.7.1-4-desktop #1 SMP PREEMPT Mon Dec 17 20:23:18 UTC 2012
(5e9fe70) x86_64 x86_64 x86_64 GNU/Linux
# dmesg | grep tpm
[ 26.360848] tpm_tis 00:0f: 1.2 TPM (device-id 0xB, rev-id 16)
Tspi_TPM_TakeOwnership failed: 0x00001087 - layer=tddl, code=0087
(135), I/O error
Has anyone seen this before?
- Florian.
--
Tel. +49 - 40 - 244 2407 - 30
Fax +49 - 40 - 244 2407 - 24
PRESENSE Technologies GmbH Sachsenstr. 5, D-20097 HH
USt-IdNr.: DE263765024
Geschäftsführer/Managing Directors AG Hamburg, HRB 107844
Till Dörges Jürgen Sander Axel Theilmann
------------------------------------------------------------------------------
Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS,
MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current
with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft
http://p.sf.net/sfu/learnmore_122412
_______________________________________________
TrouSerS-users mailing list
https://lists.sourceforge.net/lists/listinfo/trousers-users
--
august huber
security engineer
google.com
pgp:0x8ec541e4b6a0f519
Florian Hars
2013-01-07 15:34:34 UTC
Permalink
Post by august huber
Your TPM has come out of the box without an endorsement key;
tpm_createek will generate one for you.
That doesn't work either:

~ # tpm_createek
Tspi_TPM_CreateEndorsementKey failed: 0x00000008 - layer=tpm,
code=0008 (8), The TPM target command has been disabled

And as far as I can tell, there is no way to enable that (the BIOS
offers "Enable Take Ownership", "Disable Take Ownership", and "TPM
Clear").

And the man-page for tpm_createek says that it is only necessary if
getpubek fails with "code=0023 (35), No EK" but that is not what
happens:

# tpm_getpubek
Tspi_TPM_GetPubEndorsementKey failed: 0x00003128 - layer=tsp,
code=0128 (296), Unknown

- Florian.
--
Dr. Florian Hars ***@pre-sense.de
Tel. +49 - 40 - 244 2407 - 30
Fax +49 - 40 - 244 2407 - 24
PRESENSE Technologies GmbH Sachsenstr. 5, D-20097 HH
USt-IdNr.: DE263765024
Geschäftsführer/Managing Directors AG Hamburg, HRB 107844
Till Dörges Jürgen Sander Axel Theilmann
Florian Hars
2013-01-08 10:24:48 UTC
Permalink
Try TPM Clear Reboot Turn on TPM Reboot
tpm_getver
~ # tpm_getver
-bash: tpm_getver: command not found

tpm_version is still
TPM 1.2 Version Info:
Chip Version: 1.2.3.16
Spec Level: 2
Errata Revision: 2
TPM Vendor ID: IFX
Vendor Specific data: 0310000a 00
TPM Version: 01010000
Manufacturer Info: 49465800

Does this help anyone to diagnose something:

# tpm_selftest
TPM Test Results: bfbff5bf ff8f


- Florian.
--
Dr. Florian Hars ***@pre-sense.de
Tel. +49 - 40 - 244 2407 - 30
Fax +49 - 40 - 244 2407 - 24
PRESENSE Technologies GmbH Sachsenstr. 5, D-20097 HH
USt-IdNr.: DE263765024
Geschäftsführer/Managing Directors AG Hamburg, HRB 107844
Till Dörges Jürgen Sander Axel Theilmann
Loading...