Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1847983

Summary: commands 'tpm2_pcrlist' and 'tpm2_nvlist' missing from tpm2-tools package
Product: Red Hat Enterprise Linux 8 Reporter: Jiri Dluhos <jdluhos>
Component: tpm2-toolsAssignee: Jerry Snitselaar <jsnitsel>
Status: CLOSED CURRENTRELEASE QA Contact: Vilém Maršík <vmarsik>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 8.3CC: bhu, core-kernel-mgr, rvr, vmarsik
Target Milestone: rcFlags: pm-rhel: mirror+
Target Release: 8.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2021-07-27 14:35:32 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1842946, 1898189    

Description Jiri Dluhos 2020-06-17 13:45:15 UTC 
Description of problem:
(Found by hardware tier1 automatic test suite for RHEL-8.3.0-20200609.1.)
Commands tpm2_pcrlist and tpm2_nvlist, used by the kernel/tpm test, are not available after installing tpm2-tools package, causing the test to fail.

Version-Release number of selected component (if applicable):


How reproducible:
always

Steps to Reproduce:
1. Install tpm2-tools package.
2. 
3.

Actual results:
Among the many commands it installs, tpm2_pcrlist and tpm2_nvlist are missing.

Expected results:
Either these commands should be installed, or, if they are obsolete, the test needs to be updated.

Additional info:
Comment 1 Jerry Snitselaar 2020-06-17 14:24:52 UTC 
Can you point me to the test? It will need to be updated. tpm2_pcrlist is now tpm2_pcrread, and tpm2_nvlist was renamed tpm2_nvreadpublic. This was due to a necessary package update for RHELPLAN-37821.
Comment 2 Jerry Snitselaar 2020-06-17 15:09:12 UTC 
An initial look at it, looks like this should solve it:

diff --git a/crypto/tpm/tpm2-tools/runtest.sh b/crypto/tpm/tpm2-tools/runtest.sh
index 0a9eb2db146f..70e1435f216f 100755
--- a/crypto/tpm/tpm2-tools/runtest.sh
+++ b/crypto/tpm/tpm2-tools/runtest.sh
@@ -44,21 +44,21 @@ rlJournalStart
        rlPhaseEnd

        rlPhaseStart FAIL "Presence"
-               rlRun "tpm2_pcrlist"
-               COUNT=`tpm2_pcrlist | grep '^ \+[0-9]\+ \+: ' | wc -l`
+               rlRun "tpm2_pcrread -T tabrmd"
+               COUNT=`tpm2_pcrread -T tabrmd | grep '^ \+[0-9]\+ \+: ' | wc -l`
                rlAssertGreaterOrEqual "24 PCRS" "$COUNT" 24
                rlAssertExists "/dev/tpm0"
        rlPhaseEnd

        rlPhaseStart FAIL "Functionality"
-               rlRun "tpm2_nvlist"
+               rlRun "tpm2_nvreadpublic -T tabrmd"
                DATA=`mktemp`
-               rlRun "tpm2_getrandom -o $DATA 20" 0 "random number generator"
+               rlRun "tpm2_getrandom -T tabrmd -o $DATA 20" 0 "random number generator"
                COUNT=`wc -c "$DATA" | cut -d\  -f1`
                rlAssertEquals "random number count" "$COUNT" 20
                HASHED=`mktemp -u`
                TICKET=`mktemp -u`
-               rlRun "tpm2_hash -H n -g 0x0004 -o $HASHED -t $TICKET $DATA" 0 "hashing"
+               rlRun "tpm2_hash -T tabrmd -C n -g 0x0004 -o $HASHED -t $TICKET $DATA" 0 "hashing"
                rm -f $DATA $HASHED $TICKET

                # need to define persistent objects first
@@ -66,13 +66,13 @@ rlJournalStart
                #COUNT=`tpm2_listpersistent | grep key-alg | wc -l`
                #rlAssertGreater "persistent objects defined" "$COUNT" 0

-               ORIGINAL=`tpm2_pcrlist | grep ' 4  :' | head -n 1`
-               rlRun "tpm2_pcrextend 4:sha1=f1d2d2f924e986ac86fdf7b36c94bcdf32beec15" 0 "extending PCR"
-               MODIFIED=`tpm2_pcrlist | grep ' 4  :' | head -n 1`
+               ORIGINAL=`tpm2_pcrread -T tabrmd | grep ' 4  :' | head -n 1`
+               rlRun "tpm2_pcrextend -T tabrmd 4:sha1=f1d2d2f924e986ac86fdf7b36c94bcdf32beec15" 0 "extending PCR"
+               MODIFIED=`tpm2_pcrread -T tabrmd | grep ' 4  :' | head -n 1`
                rlAssertNotEquals "PCR value changed" "$ORIGINAL" "$MODIFIED"

-               COUNT=`tpm2_rc_decode 0x9a2 | grep BAD_AUTH | wc -l`
-               rlAssertEquals "tpm2_rc_decode 0x9a2 -> BAD_AUTH" "$COUNT" 1
+               COUNT=`tpm2_rc_decode 0x9a2 | grep "authorization failure" | wc -l`
+               rlAssertEquals "tpm2_rc_decode 0x9a2 -> authorization failure" "$COUNT" 1
        rlPhaseEnd

        rlPhaseStart FAIL "Data RW"
Comment 3 Jiri Dluhos 2020-06-17 20:22:17 UTC 
Thanks a lot! I will try! :-)
Comment 4 Jiri Dluhos 2020-07-02 12:14:39 UTC 
Note: it seems that the tpm2_hash command is also slightly wrong in the test as it complains that the "-H" switch has no meaning...
Comment 5 Jerry Snitselaar 2020-07-02 15:55:47 UTC 
Hi Jiri,

In the patch in comment #2 I changed the tpm2_hash line, replacing -H with -C:

-               rlRun "tpm2_hash -H n -g 0x0004 -o $HASHED -t $TICKET $DATA" 0 "hashing"
+               rlRun "tpm2_hash -T tabrmd -C n -g 0x0004 -o $HASHED -t $TICKET $DATA" 0 "hashing"

Can you double check that the above line doesn't work? Thanks
Comment 6 Jerry Snitselaar 2020-08-07 01:59:55 UTC 
Jiri, did the above work for you? I'm not sure if I can submit patches against the QE repo or not. Vilem do you have a patch queued up for this already? IIRC you hit the issue as well.
Comment 7 Vilém Maršík 2020-08-11 10:00:26 UTC 
Hi Jerry,
I used your patch, with a few modifications. It was already too good to be ignored :-) Just need to do a proper RHEL detection, and then push & pull requests on the 3rd version of our Git workflow, to make the code public. How fast do you need it?
Comment 8 Jerry Snitselaar 2020-08-11 20:11:01 UTC 
As long as things are good for you all I'm in no rush and we can just close this when your patch lands.
Comment 9 Jiri Dluhos 2020-08-19 18:07:05 UTC 
Patch applied to the main test suite; will mark this VERIFIED as soon as the testing run finishes. Thanks to everyone! (also for your patience...)
Comment 10 Jerry Snitselaar 2020-08-19 18:12:02 UTC 
Hi Jiri, just to clarify you have applied the version Vilem has? He modified it some more from the sounds of it.
Comment 11 Jiri Dluhos 2020-08-19 18:30:57 UTC 
excellent question :-) it seems I have duplicated some work - will compare the results with vilem and update if necessary.
Comment 12 Jiri Dluhos 2020-09-15 11:58:58 UTC 
Almost forgot to mark this VERIFIED - the new commands work. :-)

Thanks everyone involved!