Bug 952372

Summary: tpm-tools-1.3.7-build.patch comments out necessary functionality
Product: [Fedora] Fedora Reporter: Daniel De Graaf <dgdegra>
Component: tpm-toolsAssignee: Michal Schmidt <mschmidt>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 20CC: andreas, ejratl, hannsj_uhl, mschmidt, rob, sgrubb
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: tpm-tools-1.3.8-6.fc20 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-08-15 02:54:01 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1084052    
Bug Blocks: 1126097    

Description Daniel De Graaf 2013-04-15 19:39:47 UTC 
Description of problem:

The tpm_nvinfo, tpm_nvread, and tpm_nvwrite commands are not capable of using NVRAM areas because they always determine the size of the NVRAM area is zero. This bug is also present in Fedora 18.

How reproducible:

Run the tpm_nvdefine command to create an NVRAM area with nonzero size, then query it with tpm_nvinfo; notice the size returned is zero.

Additional info:

This is the patch blob that is in error:

diff -urp tpm-tools-1.3.8.orig/lib/tpm_tspi.c tpm-tools-1.3.8/lib/tpm_tspi.c
--- tpm-tools-1.3.8.orig/lib/tpm_tspi.c 2011-08-17 08:20:35.000000000 -0400
+++ tpm-tools-1.3.8/lib/tpm_tspi.c  2012-06-21 13:07:29.654445942 -0400
@@ -702,14 +702,14 @@ TSS_RESULT
 unloadNVDataPublic(UINT64 *offset, BYTE *blob, UINT32 blob_len, TPM_NV_DATA_PUBLIC *v)
 {
    UINT64 off = *offset;
-   TSS_RESULT result;
-   result = Trspi_UnloadBlob_NV_DATA_PUBLIC(&off, blob, NULL);
+   TSS_RESULT result = TSS_SUCCESS;
+/* result = Trspi_UnloadBlob_NV_DATA_PUBLIC(&off, blob, NULL);
    if (result == TSS_SUCCESS) {
        if (off > blob_len)
            return TSS_E_BAD_PARAMETER;
        result = Trspi_UnloadBlob_NV_DATA_PUBLIC(offset, blob, v);
    }
-   tspiResult("Trspi_UnloadBlob_NV_DATA_PUBLIC", result);
+   tspiResult("Trspi_UnloadBlob_NV_DATA_PUBLIC", result); */
    return result;
 }

The structure being unpacked is defined in tss/tpm.h, and the Trspi_UnloadBlob_NV_DATA_PUBLIC is implemented in trousers-0.3.10/src/trspi/trousers.c so there should not be any reason to retain this code removal.
Comment 1 Andreas Thienemann 2014-01-15 03:18:45 UTC 
still an issue in f20. tpm is unusable with the package as is.
Comment 2 Michal Schmidt 2014-04-03 13:57:06 UTC 
I dropped tpm-tools-1.3.7-build.patch in Fedora git. I am unable to get a successful Koji build due to a problem with the opencryptoki package.
Comment 3 Rob Sanders 2014-06-26 15:32:49 UTC 
I just stumbled upon this bug and it took 6h of my time :S


$ tpm_nvinfo --version
tpm_nvinfo version: 1.3.8

$ tpm_nvinfo 
NVRAM index   : 0x00000004 (4)
PCR read  selection:
PCR write selection:
Permissions   : 0x00000000 ()
bReadSTClear  : FALSE
bWriteSTClear : FALSE
bWriteDefine  : FALSE
Size          : 0 (0x0)

NVRAM index   : 0x00000006 (6)
PCR read  selection:
PCR write selection:
Permissions   : 0x00000000 ()
bReadSTClear  : FALSE
bWriteSTClear : FALSE
bWriteDefine  : FALSE
Size          : 0 (0x0)

NVRAM index   : 0x00000005 (5)
PCR read  selection:
PCR write selection:
Permissions   : 0x00000000 ()
bReadSTClear  : FALSE
bWriteSTClear : FALSE
bWriteDefine  : FALSE
Size          : 0 (0x0)


I manually compiled tpm-tools from sourceforge (without any patches) and it's working as expected:

$ ./tpm_nvinfo 
NVRAM index   : 0x00000004 (4)
PCR read  selection:
 Localities   : ALL
PCR write selection:
 Localities   : ALL
Permissions   : 0x00040004 (AUTHREAD|AUTHWRITE)
bReadSTClear  : FALSE
bWriteSTClear : FALSE
bWriteDefine  : FALSE
Size          : 32 (0x20)

NVRAM index   : 0x00000006 (6)
PCR read  selection:
 Localities   : ALL
PCR write selection:
 Localities   : ALL
Permissions   : 0x00040004 (AUTHREAD|AUTHWRITE)
bReadSTClear  : FALSE
bWriteSTClear : FALSE
bWriteDefine  : FALSE
Size          : 32 (0x20)

NVRAM index   : 0x00000005 (5)
PCR read  selection:
 Localities   : ALL
PCR write selection:
 Localities   : ALL
Permissions   : 0x00040004 (AUTHREAD|AUTHWRITE)
bReadSTClear  : FALSE
bWriteSTClear : FALSE
bWriteDefine  : FALSE
Size          : 32 (0x20)
Comment 4 Fedora Update System 2014-07-30 17:02:08 UTC 
tpm-tools-1.3.8-6.fc20 has been submitted as an update for Fedora 20.
https://admin.fedoraproject.org/updates/tpm-tools-1.3.8-6.fc20
Comment 5 Fedora Update System 2014-08-01 06:05:24 UTC 
Package tpm-tools-1.3.8-6.fc20:
* should fix your issue,
* was pushed to the Fedora 20 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing tpm-tools-1.3.8-6.fc20'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2014-9079/tpm-tools-1.3.8-6.fc20
then log in and leave karma (feedback).
Comment 6 Fedora Update System 2014-08-15 02:54:01 UTC 
tpm-tools-1.3.8-6.fc20 has been pushed to the Fedora 20 stable repository.  If problems still persist, please make note of it in this bug report.