Discussion:
[TrouSerS-users] Takeownership
Thomas, Ronnie L.
2016-06-20 13:35:56 UTC
Permalink
Does anyone know what the below error indicates when executing tpm_takeownership?

Tspi_TPM_TakeOwnership failed: 0x00003128 - layer=tsp, code=0128 (296), Unknown

Any insight would be appreciated.

Regards,

Ronnie Thomas
Senior Software Development Engineer-TPM/Microchip Technology, Inc.
1150 E. Cheyenne Mountain Blvd, Colorado Springs, CO 80906
Tel:(+1)(719)-540-1604/Fax:(+1)(719)-540-1759<tel:(+1)(719)(540-1604)/Fax:(+1)540-1759>
***@atmel.com/<mailto:***@atmel.com/> http://www.atmel.com/
Phil Lacroute
2016-06-20 17:38:46 UTC
Permalink
// MessageId: TSS_E_EK_CHECKSUM
//
// MessageText:
//
// TSP is instructed to verify the EK checksum and it does not verify.
//
#define TSS_E_EK_CHECKSUM (UINT32)(TSS_E_BASE + 0x128L)
Post by Thomas, Ronnie L.
Does anyone know what the below error indicates when executing tpm_takeownership?
Tspi_TPM_TakeOwnership failed: 0x00003128 - layer=tsp, code=0128 (296), Unknown
Any insight would be appreciated.
Regards,
Ronnie Thomas
Senior Software Development Engineer-TPM/Microchip Technology, Inc.
1150 E. Cheyenne Mountain Blvd, Colorado Springs, CO 80906
Tel:(+1)(719)-540-1604/Fax:(+1)(719)-540-1759 <tel:(+1)(719)(540-1604)/Fax:(+1)540-1759>
------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity planning
reports. http://sdm.link/zohomanageengine_______________________________________________ <http://sdm.link/zohomanageengine_______________________________________________>
TrouSerS-users mailing list
https://lists.sourceforge.net/lists/listinfo/trousers-users <https://lists.sourceforge.net/lists/listinfo/trousers-users>
Thomas, Ronnie L.
2016-06-20 19:20:57 UTC
Permalink
Thanks.
Not sure where to go from here. The checksum should be ok for the EK.

Ronnie Thomas
Senior Software Development Engineer-TPM/Microchip Technology, Inc.
1150 E. Cheyenne Mountain Blvd, Colorado Springs, CO 80906
Tel:(+1)(719)-540-1604/Fax:(+1)(719)-540-1759<tel:(+1)(719)(540-1604)/Fax:(+1)540-1759>
***@atmel.com/<mailto:***@atmel.com/> http://www.atmel.com/

From: Phil Lacroute [mailto:***@skyportsystems.com]
Sent: Monday, June 20, 2016 11:39 AM
To: Thomas, Ronnie L. <***@atmel.com>
Cc: trousers-***@lists.sourceforge.net
Subject: Re: [TrouSerS-users] Takeownership

// MessageId: TSS_E_EK_CHECKSUM
//
// MessageText:
//
// TSP is instructed to verify the EK checksum and it does not verify.
//
#define TSS_E_EK_CHECKSUM (UINT32)(TSS_E_BASE + 0x128L)


On Jun 20, 2016, at 6:35 AM, Thomas, Ronnie L. <***@atmel.com<mailto:***@atmel.com>> wrote:

Does anyone know what the below error indicates when executing tpm_takeownership?

Tspi_TPM_TakeOwnership failed: 0x00003128 - layer=tsp, code=0128 (296), Unknown

Any insight would be appreciated.

Regards,

Ronnie Thomas
Senior Software Development Engineer-TPM/Microchip Technology, Inc.
1150 E. Cheyenne Mountain Blvd, Colorado Springs, CO 80906
Tel:(+1)(719)-540-1604/Fax:(+1)(719)-540-1759<tel:(+1)(719)(540-1604)/Fax:(+1)540-1759>
***@atmel.com/<mailto:***@atmel.com/> http://www.atmel.com/



------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity planning
reports. http://sdm.link/zohomanageengine_______________________________________________
TrouSerS-users mailing list
TrouSerS-***@lists.sourceforge.net<mailto:TrouSerS-***@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/trousers-users
Tadd Seiff
2016-06-20 20:05:43 UTC
Permalink
Hey Ronnie,

I don't know what this means exactly, but in the code where I think this
error is getting thrown, there is special handling for ATMEL chips.:

In tspi_ek.c:
/* check validation of the entire pubkey structure */
if (memcmp(digest.digest, checkSum.digest, TPM_SHA1_160_HASH_LEN)) {
/* validation failed, unload the pubEK in order to hash
* just the pubKey portion of the pubEK. This is done on
* Atmel chips specifically.
*/
offset = 0;
__tspi_memset(&pubKey, 0, sizeof(TCPA_PUBKEY));
if ((result = Trspi_UnloadBlob_PUBKEY(&offset, pubEK, &pubKey)))
goto done;

result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1);
result |= Trspi_HashUpdate(&hashCtx, pubKey.pubKey.keyLength,
pubKey.pubKey.key);
result |= Trspi_HashUpdate(&hashCtx, TPM_SHA1_160_HASH_LEN,
antiReplay.nonce);
if ((result |= Trspi_HashFinal(&hashCtx, digest.digest)))
goto done;

if (memcmp(digest.digest, checkSum.digest, TCPA_SHA1_160_HASH_LEN)) {
result = TSPERR(TSS_E_EK_CHECKSUM);
goto done;
}
}

It looks like the trousers developers knew ATMEL would fail the first pass
validation, and they try something else, and maybe your chip isn't playing
nice there either. I'm just speculating that you are running an ATMEL.

Hope this helps:
-Tadd
Post by Thomas, Ronnie L.
Thanks.
Not sure where to go from here. The checksum should be ok for the EK.
*Ronnie Thomas*
*Senior Software Development Engineer-TPM/Microchip Technology, Inc.*
*1150 E. Cheyenne Mountain Blvd, Colorado Springs, CO 80906*
Tel:(+1)(719)-540-1604/Fax:(+1)(719)-540-1759
<(+1)(719)(540-1604)/Fax:(+1)540-1759>
*Sent:* Monday, June 20, 2016 11:39 AM
*Subject:* Re: [TrouSerS-users] Takeownership
// MessageId: TSS_E_EK_CHECKSUM
//
//
// TSP is instructed to verify the EK checksum and it does not verify.
//
#define TSS_E_EK_CHECKSUM (UINT32)(TSS_E_BASE + 0x128L)
Does anyone know what the below error indicates when executing
tpm_takeownership?
Tspi_TPM_TakeOwnership failed: 0x00003128 - layer=tsp, code=0128 (296), Unknown
Any insight would be appreciated.
Regards,
*Ronnie Thomas*
*Senior Software Development Engineer-TPM/Microchip Technology, Inc.*
*1150 E. Cheyenne Mountain Blvd, Colorado Springs, CO 80906*
Tel:(+1)(719)-540-1604/Fax:(+1)(719)-540-1759
<(+1)(719)(540-1604)/Fax:(+1)540-1759>
------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity planning
reports.
http://sdm.link/zohomanageengine_______________________________________________
TrouSerS-users mailing list
https://lists.sourceforge.net/lists/listinfo/trousers-users
------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity planning
reports. http://sdm.link/zohomanageengine
_______________________________________________
TrouSerS-users mailing list
https://lists.sourceforge.net/lists/listinfo/trousers-users
Thomas, Ronnie L.
2016-06-20 20:07:45 UTC
Permalink
Thanks for finding that out for me!

Ronnie Thomas
Senior Software Development Engineer-TPM/Microchip Technology, Inc.
1150 E. Cheyenne Mountain Blvd, Colorado Springs, CO 80906
Tel:(+1)(719)-540-1604/Fax:(+1)(719)-540-1759<tel:(+1)(719)(540-1604)/Fax:(+1)540-1759>
***@atmel.com/<mailto:***@atmel.com/> http://www.atmel.com/

From: Tadd Seiff [mailto:***@gmail.com]
Sent: Monday, June 20, 2016 2:06 PM
To: Thomas, Ronnie L. <***@atmel.com>; Phil Lacroute <***@skyportsystems.com>
Cc: trousers-***@lists.sourceforge.net
Subject: Re: [TrouSerS-users] Takeownership

Hey Ronnie,

I don't know what this means exactly, but in the code where I think this error is getting thrown, there is special handling for ATMEL chips.:

In tspi_ek.c:
/* check validation of the entire pubkey structure */
if (memcmp(digest.digest, checkSum.digest, TPM_SHA1_160_HASH_LEN)) {
/* validation failed, unload the pubEK in order to hash
* just the pubKey portion of the pubEK. This is done on
* Atmel chips specifically.
*/
offset = 0;
__tspi_memset(&pubKey, 0, sizeof(TCPA_PUBKEY));
if ((result = Trspi_UnloadBlob_PUBKEY(&offset, pubEK, &pubKey)))
goto done;

result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1);
result |= Trspi_HashUpdate(&hashCtx, pubKey.pubKey.keyLength,
pubKey.pubKey.key);
result |= Trspi_HashUpdate(&hashCtx, TPM_SHA1_160_HASH_LEN,
antiReplay.nonce);
if ((result |= Trspi_HashFinal(&hashCtx, digest.digest)))
goto done;

if (memcmp(digest.digest, checkSum.digest, TCPA_SHA1_160_HASH_LEN)) {
result = TSPERR(TSS_E_EK_CHECKSUM);
goto done;
}
}

It looks like the trousers developers knew ATMEL would fail the first pass validation, and they try something else, and maybe your chip isn't playing nice there either. I'm just speculating that you are running an ATMEL.

Hope this helps:
-Tadd



On Mon, Jun 20, 2016 at 12:21 PM Thomas, Ronnie L. <***@atmel.com<mailto:***@atmel.com>> wrote:
Thanks.
Not sure where to go from here. The checksum should be ok for the EK.

Ronnie Thomas
Senior Software Development Engineer-TPM/Microchip Technology, Inc.
1150 E. Cheyenne Mountain Blvd, Colorado Springs, CO 80906
Tel:(+1)(719)-540-1604/Fax:(+1)(719)-540-1759<tel:(+1)(719)(540-1604)/Fax:(+1)540-1759>
***@atmel.com/<mailto:***@atmel.com/> http://www.atmel.com/

From: Phil Lacroute [mailto:***@skyportsystems.com<mailto:***@skyportsystems.com>]
Sent: Monday, June 20, 2016 11:39 AM
To: Thomas, Ronnie L. <***@atmel.com<mailto:***@atmel.com>>
Cc: trousers-***@lists.sourceforge.net<mailto:trousers-***@lists.sourceforge.net>
Subject: Re: [TrouSerS-users] Takeownership

// MessageId: TSS_E_EK_CHECKSUM
//
// MessageText:
//
// TSP is instructed to verify the EK checksum and it does not verify.
//
#define TSS_E_EK_CHECKSUM (UINT32)(TSS_E_BASE + 0x128L)

On Jun 20, 2016, at 6:35 AM, Thomas, Ronnie L. <***@atmel.com<mailto:***@atmel.com>> wrote:

Does anyone know what the below error indicates when executing tpm_takeownership?

Tspi_TPM_TakeOwnership failed: 0x00003128 - layer=tsp, code=0128 (296), Unknown

Any insight would be appreciated.

Regards,

Ronnie Thomas
Senior Software Development Engineer-TPM/Microchip Technology, Inc.
1150 E. Cheyenne Mountain Blvd, Colorado Springs, CO 80906
Tel:(+1)(719)-540-1604/Fax:(+1)(719)-540-1759<tel:(+1)(719)(540-1604)/Fax:(+1)540-1759>
***@atmel.com/<mailto:***@atmel.com/> http://www.atmel.com/



------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity planning
reports. http://sdm.link/zohomanageengine_______________________________________________
TrouSerS-users mailing list
TrouSerS-***@lists.sourceforge.net<mailto:TrouSerS-***@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/trousers-users

------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity planning
reports. http://sdm.link/zohomanageengine_______________________________________________
TrouSerS-users mailing list
TrouSerS-***@lists.sourceforge.net<mailto:TrouSerS-***@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/trousers-users

Loading...