Bug 1570890

Summary: tpm2-tools: numeric error codes without any text explanation
Product: Red Hat Enterprise Linux 7 Reporter: Vilém Maršík <vmarsik>
Component: tpm2-toolsAssignee: Jerry Snitselaar <jsnitsel>
Status: CLOSED DEFERRED QA Contact: Vilém Maršík <vmarsik>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 7.5   
Target Milestone: rc   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-10-22 06:58:58 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Vilém Maršík 2018-04-23 16:25:50 UTC 
Description of problem:
TPM2 responses are printed as numbers only, which is only understandable with 3rd party documentation at hand (could not find any file in "tpm2-tools" describing these error codes).

Version-Release number of selected component (if applicable):
tpm2-tools-3.0.1-1.el7.x86_64

How reproducible:
100%

Steps to Reproduce:
1. run a command that returns a TPM2 error

Actual results:
# tpm2_create -H 0x81010001 -g sha256 -G rsa
ERROR:
Create Object Failed ! ErrorCode: 0x18b
# tpm2_nvdefine -x 0x1500016 -a 0x40000001 -s 32 -t 0x2000A
ERROR: Failed to define NV area at index 0x1500016 (22020118).Error:0x9a2



Expected results:
TPM2 errors as both numbers and strings

Additional info:
Comment 2 Jerry Snitselaar 2018-04-23 16:59:46 UTC 
What about /usr/bin/tpm2_rc_decode?

tpm2_rc_decode 0x9a2
error layer
  hex: 0x0
  identifier: TSS2_TPM_ERROR_LEVEL
  description: Error produced by the TPM
format 1 error code
  hex: 0x22
  identifier: TPM_RC_BAD_AUTH
  description: authorization failure without DA implications
session
  hex: 0x100
  identifier: TPM_RC_1
  description:  (null)
Comment 3 Vilém Maršík 2018-04-24 10:55:45 UTC 
Yes, that is the information you are looking for, when seeing such an error code.

Not sure if the pure existence of this tool is enough, especially as it's never mentioned in the manual pages of the individual tpm2_* commands (just "RETURNS 0 on success or 1 on failure.", no "run tpm2_rc_decode if you see a numerical TPM error"). And most Linux tools format their error messages by something like strerror() or perror(), right? 

What do you think?