Discussion:
[TrouSerS-users] Issues with Taking Ownership
Eric Naud
2014-12-22 18:19:59 UTC
Permalink
Hello trouSerS-users,

I'm trying to test trousers/tpm-tool on an Intel NUC DC53427HYE and I
seems to be having trouble taking ownership of the device, I'm hoping
someone here can lend a hand.

First off, I have cleared the TPM via the BIOS. (to so so I had to
change a jumper to enter 'maintenance mode' where some additional bios
options become visible)

I'm using trousers 0.3.13, tpm-tools 1.3.8 on a Unix like system.

# tpm_version reports:
TPM 1.2 Version Info:
Chip Version: 1.2.13.12
Spec Level: 2
Errata Revision: 3
TPM Vendor ID: STM
Vendor Specific data: 50
TPM Version: 01010000
Manufacturer Info: 53544d20

When I run tpm_takeownership I receive an error indicating the command
(or device?) is disabled:

# tpm_takeownership
Enter owner password:
Confirm password:
Enter SRK password:
Confirm password:
LOG_DEBUG TSPI rpc/tcstp/rpc_ek.c:96 RPC_ReadPubek_TP: TCS Context:
0xa051cf4b
Tspi_TPM_TakeOwnership failed: 0x00000008 - layer=tpm, code=0008 (8),
The TPM target command has been disabled

This result is further substantiated by the takeOwnership test-suite:
Tspi_TPM_TakeOwnership01:
0 FAIL : Tspi_TPM_GetPubEndorsementKey returned (8)
TPM_E_DISABLED_CMD
Tspi_TPM_TakeOwnership01.c 0 FAIL : Tspi_TPM_GetPubEndorsementKey
returned (8) TPM_E_DISABLED_CMD

And again with Tspi_TPM_TakeOwnership03:
LOG_DEBUG TSPI rpc/tcstp/rpc_ek.c:96 RPC_ReadPubek_TP: TCS Context:
0xa051254d
0 FAIL : Tspi_TPM_TakeOwnership03 returned (8)
TPM_E_DISABLED_CMD

If I try to clear the TPM this happens:
# tpm_clear --force
Tspi_TPM_ClearOwner failed: 0x0000002d - layer=tpm, code=002d (45), Bad
physical presence value

It almost seems like the TPM is disabled even though the BIOS reports it
as enabled and present. Any ideas what's going on and how I can go about
taking ownership of this TPM?

Thanks,
Eric
Ken Goldman
2014-12-23 14:36:57 UTC
Permalink
At a high level, when you take ownership, the owner password is passed
to the TPM encrypted by the EK public key. The TPM then decrypts it
with the EK private key.

In order to do this, the TSS needs the EK public key, which it gets
using TPM_ReadPubek.

There is a flag that disables the TPM_ReadPubek for "privacy". I
suspect that the flag is clear. You can confirm this using a
GetCapability to dump the permanent flags.

If I'm correct, it's not that the TPM is disabled, but that the
TPM_ReadPubek command is disabled.

HOW the flag got cleared is another question, since it should have been
set when you cleared the owner. But let's see if my guess is correct first.

~~

Shameless plug: My SW TPM has a set of very low level utilities that
can help you debug without writing code. It also has a TPM emulator
with tracing, which makes debugging a TSS application much easier.

http://sourceforge.net/projects/ibmswtpm/
Post by Eric Naud
When I run tpm_takeownership I receive an error indicating the command
# tpm_takeownership
0xa051cf4b
Tspi_TPM_TakeOwnership failed: 0x00000008 - layer=tpm, code=0008 (8),
The TPM target command has been disabled
0 FAIL : Tspi_TPM_GetPubEndorsementKey returned (8)
TPM_E_DISABLED_CMD
Tspi_TPM_TakeOwnership01.c 0 FAIL : Tspi_TPM_GetPubEndorsementKey
returned (8) TPM_E_DISABLED_CMD
0xa051254d
0 FAIL : Tspi_TPM_TakeOwnership03 returned (8)
TPM_E_DISABLED_CMD
# tpm_clear --force
Tspi_TPM_ClearOwner failed: 0x0000002d - layer=tpm, code=002d (45), Bad
physical presence value
It almost seems like the TPM is disabled even though the BIOS reports it
as enabled and present. Any ideas what's going on and how I can go about
taking ownership of this TPM?
Eric Naud
2014-12-23 17:42:50 UTC
Permalink
Hi Ken,

Thanks for your reply.

I brought in tpm_getstatus.c from the latest version of the tpm tools,
it dumps the permanent flags. Problem is it asks for the owner password
which isn't set because I haven't taken ownership yet.

So I extracted the relevant getCapability() function call and made my
own utility, the output was:
Tspi_TPM_GetCapability failed: 0x00003116 - layer=tsp, code=0116 (278),
No secret information available for the address policy
error getting TPM_PERMANENT_FLAGS.

It seems that to read the permanent flags to determine if you can read
the public key, you need to be able to read the public key :)


Thanks though,
Eric
Post by Ken Goldman
At a high level, when you take ownership, the owner password is passed
to the TPM encrypted by the EK public key. The TPM then decrypts it
with the EK private key.
In order to do this, the TSS needs the EK public key, which it gets
using TPM_ReadPubek.
There is a flag that disables the TPM_ReadPubek for "privacy". I
suspect that the flag is clear. You can confirm this using a
GetCapability to dump the permanent flags.
If I'm correct, it's not that the TPM is disabled, but that the
TPM_ReadPubek command is disabled.
HOW the flag got cleared is another question, since it should have been
set when you cleared the owner. But let's see if my guess is correct first.
~~
Shameless plug: My SW TPM has a set of very low level utilities that
can help you debug without writing code. It also has a TPM emulator
with tracing, which makes debugging a TSS application much easier.
http://sourceforge.net/projects/ibmswtpm/
Post by Eric Naud
When I run tpm_takeownership I receive an error indicating the command
# tpm_takeownership
0xa051cf4b
Tspi_TPM_TakeOwnership failed: 0x00000008 - layer=tpm, code=0008 (8),
The TPM target command has been disabled
0 FAIL : Tspi_TPM_GetPubEndorsementKey returned (8)
TPM_E_DISABLED_CMD
Tspi_TPM_TakeOwnership01.c 0 FAIL : Tspi_TPM_GetPubEndorsementKey
returned (8) TPM_E_DISABLED_CMD
0xa051254d
0 FAIL : Tspi_TPM_TakeOwnership03 returned (8)
TPM_E_DISABLED_CMD
# tpm_clear --force
Tspi_TPM_ClearOwner failed: 0x0000002d - layer=tpm, code=002d (45), Bad
physical presence value
It almost seems like the TPM is disabled even though the BIOS reports it
as enabled and present. Any ideas what's going on and how I can go about
taking ownership of this TPM?
------------------------------------------------------------------------------
Dive into the World of Parallel Programming! The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net
_______________________________________________
TrouSerS-users mailing list
https://lists.sourceforge.net/lists/listinfo/trousers-users
Ken Goldman
2014-12-23 18:00:22 UTC
Permalink
Post by Eric Naud
Hi Ken,
Thanks for your reply.
I brought in tpm_getstatus.c from the latest version of the tpm tools,
it dumps the permanent flags. Problem is it asks for the owner password
which isn't set because I haven't taken ownership yet.
TPM_GetCapability is a "no auth" command. It doesn't require and does
not accept authorization.

Perhaps it's using TPM_GetCapabilityOwner, but that's unnecessary.

Using my tools, it would be:

./getcapability -cap 4 -scap 0108
Post by Eric Naud
So I extracted the relevant getCapability() function call and made my
Tspi_TPM_GetCapability failed: 0x00003116 - layer=tsp, code=0116 (278),
No secret information available for the address policy
error getting TPM_PERMANENT_FLAGS.
I am a TPM expert but not a TSS expert. Perhaps someone else here can
interpret that (IMHO, obscure) error message. I wonder what an address
policy is.
Post by Eric Naud
It seems that to read the permanent flags to determine if you can read
the public key, you need to be able to read the public key :)
No, you definitely do not. This seems like just a quirk in how someone
wrote the TSS utilities and maybe how you coded your version. My
version works without authorization.
Eric Naud
2015-01-15 18:51:37 UTC
Permalink
Thanks to everyone who provided input. I did manage to resolve the
problem and thought I'd close off this thread since it affects anyone
trying to use the Intel NUC DC53427HYE's TPM.

It's all about the BIOS. In order to properly clear and take ownership
of the TPM you must use BIOS version 32.

There seems to be regressions in later version of the BIOS (up to v38 at
least). I tested v34, v37 and v38 (the latest version available today),
none permitted me to use the TPM in a functional manner. Only v32
worked.
Post by Ken Goldman
Post by Eric Naud
Hi Ken,
Thanks for your reply.
I brought in tpm_getstatus.c from the latest version of the tpm tools,
it dumps the permanent flags. Problem is it asks for the owner password
which isn't set because I haven't taken ownership yet.
TPM_GetCapability is a "no auth" command. It doesn't require and does
not accept authorization.
Perhaps it's using TPM_GetCapabilityOwner, but that's unnecessary.
./getcapability -cap 4 -scap 0108
Post by Eric Naud
So I extracted the relevant getCapability() function call and made my
Tspi_TPM_GetCapability failed: 0x00003116 - layer=tsp, code=0116 (278),
No secret information available for the address policy
error getting TPM_PERMANENT_FLAGS.
I am a TPM expert but not a TSS expert. Perhaps someone else here can
interpret that (IMHO, obscure) error message. I wonder what an address
policy is.
Post by Eric Naud
It seems that to read the permanent flags to determine if you can read
the public key, you need to be able to read the public key :)
No, you definitely do not. This seems like just a quirk in how someone
wrote the TSS utilities and maybe how you coded your version. My
version works without authorization.
------------------------------------------------------------------------------
Dive into the World of Parallel Programming! The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net
_______________________________________________
TrouSerS-users mailing list
https://lists.sourceforge.net/lists/listinfo/trousers-users
Ken Goldman
2014-12-26 16:15:18 UTC
Permalink
I got on email off-list (the writer is worried about spam) with similar
hardware and a similar error.

He ran my getcap utility and found, as I suspected, that readpubek is
FALSE. This flag should be true after an owner clear and false after
take ownership. In effect (the way I read the spec), it is a flag that
says whether there is an owner.

I can think of two possibilities:

1 - The owner clear was not run or failed. There is still an owner.

2 - take ownership is being run twice, and it's failing the second time.

I suggest installing my low level utilities to help debug. I want to
know the state of the readpubek flag before take ownership (to confirm
that this is the problem) and then after owner clear (to see if the
owner clear is working.)
Post by Eric Naud
Hello trouSerS-users,
I'm trying to test trousers/tpm-tool on an Intel NUC DC53427HYE and I
seems to be having trouble taking ownership of the device, I'm hoping
someone here can lend a hand.
First off, I have cleared the TPM via the BIOS. (to so so I had to
change a jumper to enter 'maintenance mode' where some additional bios
options become visible)
I'm using trousers 0.3.13, tpm-tools 1.3.8 on a Unix like system.
Chip Version: 1.2.13.12
Spec Level: 2
Errata Revision: 3
TPM Vendor ID: STM
Vendor Specific data: 50
TPM Version: 01010000
Manufacturer Info: 53544d20
When I run tpm_takeownership I receive an error indicating the command
# tpm_takeownership
0xa051cf4b
Tspi_TPM_TakeOwnership failed: 0x00000008 - layer=tpm, code=0008 (8),
The TPM target command has been disabled
0 FAIL : Tspi_TPM_GetPubEndorsementKey returned (8)
TPM_E_DISABLED_CMD
Tspi_TPM_TakeOwnership01.c 0 FAIL : Tspi_TPM_GetPubEndorsementKey
returned (8) TPM_E_DISABLED_CMD
0xa051254d
0 FAIL : Tspi_TPM_TakeOwnership03 returned (8)
TPM_E_DISABLED_CMD
# tpm_clear --force
Tspi_TPM_ClearOwner failed: 0x0000002d - layer=tpm, code=002d (45), Bad
physical presence value
It almost seems like the TPM is disabled even though the BIOS reports it
as enabled and present. Any ideas what's going on and how I can go about
taking ownership of this TPM?
august " OR 1=1; > , % $ } ] ) > huber
2014-12-27 01:39:24 UTC
Permalink
Chances are your device simply lacks an endorsement key and needs to
have one generated, try a run of tpm_createek before attempting to
take ownership.

You can also check the pubek at the tpmdd layer via:
cat /sys/class/misc/tpm0/device/pubek
Post by Ken Goldman
I got on email off-list (the writer is worried about spam) with similar
hardware and a similar error.
He ran my getcap utility and found, as I suspected, that readpubek is
FALSE. This flag should be true after an owner clear and false after
take ownership. In effect (the way I read the spec), it is a flag that
says whether there is an owner.
1 - The owner clear was not run or failed. There is still an owner.
2 - take ownership is being run twice, and it's failing the second time.
I suggest installing my low level utilities to help debug. I want to
know the state of the readpubek flag before take ownership (to confirm
that this is the problem) and then after owner clear (to see if the
owner clear is working.)
Post by Eric Naud
Hello trouSerS-users,
I'm trying to test trousers/tpm-tool on an Intel NUC DC53427HYE and I
seems to be having trouble taking ownership of the device, I'm hoping
someone here can lend a hand.
First off, I have cleared the TPM via the BIOS. (to so so I had to
change a jumper to enter 'maintenance mode' where some additional bios
options become visible)
I'm using trousers 0.3.13, tpm-tools 1.3.8 on a Unix like system.
Chip Version: 1.2.13.12
Spec Level: 2
Errata Revision: 3
TPM Vendor ID: STM
Vendor Specific data: 50
TPM Version: 01010000
Manufacturer Info: 53544d20
When I run tpm_takeownership I receive an error indicating the command
# tpm_takeownership
0xa051cf4b
Tspi_TPM_TakeOwnership failed: 0x00000008 - layer=tpm, code=0008 (8),
The TPM target command has been disabled
0 FAIL : Tspi_TPM_GetPubEndorsementKey returned (8)
TPM_E_DISABLED_CMD
Tspi_TPM_TakeOwnership01.c 0 FAIL : Tspi_TPM_GetPubEndorsementKey
returned (8) TPM_E_DISABLED_CMD
0xa051254d
0 FAIL : Tspi_TPM_TakeOwnership03 returned (8)
TPM_E_DISABLED_CMD
# tpm_clear --force
Tspi_TPM_ClearOwner failed: 0x0000002d - layer=tpm, code=002d (45), Bad
physical presence value
It almost seems like the TPM is disabled even though the BIOS reports it
as enabled and present. Any ideas what's going on and how I can go about
taking ownership of this TPM?
------------------------------------------------------------------------------
Dive into the World of Parallel Programming! The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net
_______________________________________________
TrouSerS-users mailing list
https://lists.sourceforge.net/lists/listinfo/trousers-users
Ken Goldman
2014-12-29 14:46:14 UTC
Permalink
Post by august " OR 1=1; > , % $ } ] ) > huber
Chances are your device simply lacks an endorsement key and needs to
have one generated, try a run of tpm_createek before attempting to
take ownership.
That's not likely.

A - Recent ST TPM's come with an EK and EK certificate.

B - The TPM_ReadPubek would return TPM_NO_ENDORSEMENT in that case, not
TPM_DISABLED_CMD.

From the spec:
2. If no EK is present the TPM MUST return TPM_NO_ENDORSEMENT

One could use a getcapability to enumerate NV indexes to verify this.
Post by august " OR 1=1; > , % $ } ] ) > huber
cat /sys/class/misc/tpm0/device/pubek
The device driver doesn't have any back door into the TPM. If reading
the EK is disabled in the TPM, the driver won't be able to read it either.

~~

My best guess so far is that the "clear owner" process did not succeed.
and so TPM_ReadPubek is failing this test:

The TPM_ReadPubek command SHALL
1. If TPM_PERMANENT_FLAGS -> readPubek is FALSE return TPM_DISABLED_CMD
Loading...