Bug 1126097 - tpm-tools nvram utilities not working
Summary: tpm-tools nvram utilities not working
Keywords:
Status: CLOSED DUPLICATE of bug 1384447
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: tpm-tools
Version: 7.0
Hardware: All
OS: Linux
urgent
urgent
Target Milestone: rc
: 7.4
Assignee: Jerry Snitselaar
QA Contact: BaseOS QE Security Team
URL:
Whiteboard:
Depends On: 952372
Blocks: 1203710 1299988 1353018 1384447
TreeView+ depends on / blocked
 
Reported: 2014-08-01 21:04 UTC by Stefan Berger
Modified: 2017-05-10 15:31 UTC (History)
11 users (show)

Fixed In Version: tpm-tools-1.3.9-1.el7
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2017-05-10 15:31:21 UTC


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
IBM Linux Technology Center 119710 None None None Never

Description Stefan Berger 2014-08-01 21:04:26 UTC
Description of problem:

tpm_nvread -i 0x10000001   is not returning any result
tpm_nvinfo                 returns wrong result


Version-Release number of selected component (if applicable):


tpm-tools-1.3.8-6.el7

How reproducible:


Steps to Reproduce:
1. tpm_nvinfo
2.
3.

Actual results:

(the result is TPM-dependent)

# tpm_nvinfo
NVRAM index   : 0x10000001 (268435457)
PCR read  selection:
PCR write selection:
Permissions   : 0x00000000 ()
bReadSTClear  : FALSE
bWriteSTClear : FALSE
bWriteDefine  : FALSE
Size          : 0 (0x0)

# tpm_info -i 0x10000001

Expected results:

# tpm_nvinfo 
NVRAM index   : 0x10000001 (268435457)
PCR read  selection:
 Localities   : ALL
PCR write selection:
 Localities   : ALL
Permissions   : 0x00001002 (WRITEALL|OWNERWRITE)
bReadSTClear  : TRUE
bWriteSTClear : FALSE
bWriteDefine  : FALSE
Size          : 20 (0x14)

# tpm_nvread -i 0x10000001
00000000  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00                  
00000010  00 00 00 00                        

Additional info:  [SOLUTION]

Remove the following part from the patch tpm-tools-1.3.7-build.patch to solve the problem. (maybe this part had been necessary a while ago to a mismatch between trousers and tpm-tools?  this part must not be patched anymore!)

REMOVE:

diff -urp tpm-tools-1.3.8.orig/lib/tpm_tspi.c tpm-tools-1.3.8/lib/tpm_tspi.c
--- tpm-tools-1.3.8.orig/lib/tpm_tspi.c 2011-08-17 08:20:35.000000000 -0400
+++ tpm-tools-1.3.8/lib/tpm_tspi.c      2012-06-21 13:07:29.654445942 -0400
@@ -702,14 +702,14 @@ TSS_RESULT
 unloadNVDataPublic(UINT64 *offset, BYTE *blob, UINT32 blob_len, TPM_NV_DATA_PUBLIC *v)
 {
        UINT64 off = *offset;
-       TSS_RESULT result;
-       result = Trspi_UnloadBlob_NV_DATA_PUBLIC(&off, blob, NULL);
+       TSS_RESULT result = TSS_SUCCESS;
+/*     result = Trspi_UnloadBlob_NV_DATA_PUBLIC(&off, blob, NULL);
        if (result == TSS_SUCCESS) {
                if (off > blob_len)
                        return TSS_E_BAD_PARAMETER;
                result = Trspi_UnloadBlob_NV_DATA_PUBLIC(offset, blob, v);
        }
-       tspiResult("Trspi_UnloadBlob_NV_DATA_PUBLIC", result);
+       tspiResult("Trspi_UnloadBlob_NV_DATA_PUBLIC", result); */
        return result;
 }

Comment 2 Stefan Berger 2014-08-01 21:13:32 UTC
Oh well, Bug 952372  says the same thing.

Comment 3 IBM Bug Proxy 2014-12-12 17:30:39 UTC
------- Comment From hannsj_uhl@de.ibm.com 2014-12-12 17:21 EDT-------
.

Comment 4 Hanns-Joachim Uhl 2014-12-12 17:39:16 UTC
Hello Red Hat,
because there is a proposed solution available I would like to ask you
whether this solution could be already made available with RHEL7.1 Snapshot 1 ..?
Please provide me your thoughts.
Thanks in advance for your support.

Comment 8 Martin Wilck 2016-02-04 15:46:59 UTC
AFAICS this problem persists in RHEL 7.2

Comment 9 Stefan Berger 2016-02-04 15:55:42 UTC
See above 'Target Release: 7.1 → 7.3'. What needs to be done is described above.

Comment 10 Martin Wilck 2016-02-08 11:10:16 UTC
Red Hat, 

it doesn't make sense to me to delay reverting the obviously broken patch Stefan quoted in the bug description for 3 minor releases.

If this is the meaning of a package not being "on the approved component list", I reckon it'd be wiser to simply discard the package from RHEL, or officially declare it as unsupported.

Martin

Comment 11 Hanns-Joachim Uhl 2016-05-13 12:32:09 UTC
Hello Red Hat / Avesh,
... is the fix for this bugzilla planned to be included in RHEL7.3 ...?
Please confirm or advise ...
Thanks in advance for your support.

Comment 12 Hanns-Joachim Uhl 2016-06-24 12:13:04 UTC
(In reply to Hanns-Joachim Uhl from comment #11)
> Hello Red Hat / Avesh,
> ... is the fix for this bugzilla planned to be included in RHEL7.3 ...?
> Please confirm or advise ...
> Thanks in advance for your support.
.
Hello Red Hat / Avesh, Joe,
... now that RHEL7.3 is closing is the fix for this bugzilla planned 
to be included in RHEL7.3 ...?
Please confirm or advise ...
Thanks in advance for your support.

Comment 13 Joseph Kachuck 2016-07-11 16:18:58 UTC
Hello,
At current this has not been accepted for RHEL 7.3 yet.

Thank You
Joe Kachuck

Comment 14 Hanns-Joachim Uhl 2017-04-04 06:57:34 UTC
Hello Red Hat / Jerry,
... will this bugzilla be fixed with the coming RHEL7.4 ...?
Please advise ...
Thanks in advance for your support.

Comment 15 Jerry Snitselaar 2017-04-04 07:36:11 UTC
Yes, that patch is dropped in the version I have built for 7.4

Comment 16 Przemyslaw Sztoch 2017-05-02 23:59:18 UTC
Dear RH Crew,
That sounds like a joke.
Please, repair tpm_nv*!

Comment 17 Jerry Snitselaar 2017-05-03 00:47:48 UTC
[root@localhost jsnitsel]# rpm -q tpm-tools
tpm-tools-1.3.8-6.el7.x86_64
[root@localhost jsnitsel]# tpm_nvinfo
NVRAM index   : 0x10000001 (268435457)
PCR read  selection:
PCR write selection:
Permissions   : 0x00000000 ()
bReadSTClear  : FALSE
bWriteSTClear : FALSE
bWriteDefine  : FALSE
Size          : 0 (0x0)

NVRAM index   : 0x1000f000 (268496896)
PCR read  selection:
PCR write selection:
Permissions   : 0x00000000 ()
bReadSTClear  : FALSE
bWriteSTClear : FALSE
bWriteDefine  : FALSE
Size          : 0 (0x0)

NVRAM index   : 0x50000003 (1342177283)
PCR read  selection:
PCR write selection:
Permissions   : 0x00000000 ()
bReadSTClear  : FALSE
bWriteSTClear : FALSE
bWriteDefine  : FALSE
Size          : 0 (0x0)

NVRAM index   : 0x50000001 (1342177281)
PCR read  selection:
PCR write selection:
Permissions   : 0x00000000 ()
bReadSTClear  : FALSE
bWriteSTClear : FALSE
bWriteDefine  : FALSE
Size          : 0 (0x0)
[root@localhost jsnitsel]# rpm -q tpm-tools
tpm-tools-1.3.9-1.el7.x86_64
[root@localhost jsnitsel]# tpm_nvinfo
NVRAM index   : 0x10000001 (268435457)
PCR read  selection:
 Localities   : ALL
PCR write selection:
 Localities   : ALL
Permissions   : 0x00001002 (WRITEALL|OWNERWRITE)
bReadSTClear  : FALSE
bWriteSTClear : FALSE
bWriteDefine  : FALSE
Size          : 20 (0x14)
...
[root@localhost jsnitsel]# tpm_nvread -i 0x10000001
00000000  06 06 06 06 06 06 06 06 06 06 06 06 06 06 06 06                  
00000010  06 06 06 06

Comment 18 IBM Bug Proxy 2017-05-03 15:11:14 UTC
------- Comment From stefanb@us.ibm.com 2017-05-03 11:04 EDT-------
I verified that the TPM tools version tpm-tools-1.3.9-1.el7.x86_64 is working correctly on my system:

[root@sbct-1 ~]# rpm -q -a | grep tpm-tools

[root@sbct-1 ~]# tpm_nvinfo

[root@sbct-1 ~]# tpm_nvdefine -i 1 -s 12 --pwda -p "AUTHREAD|AUTHWRITE" --pwdo
Enter owner password:
Enter NVRAM data password:
Confirm password:
Successfully created NVRAM area at index 0x1 (1).

[root@sbct-1 ~]# tpm_nvwrite -i 1 -d "Hello world" -p
Enter NVRAM access password:
Successfully wrote 11 bytes at offset 0 to NVRAM index 0x1 (1).

[root@sbct-1 ~]# tpm_nvread -i 1 -p
Enter NVRAM access password:
00000000  48 65 6c 6c 6f 20 77 6f 72 6c 64 ff              Hello world
[root@sbct-1 ~]# tpm_nvinfo

NVRAM index   : 0x00000001 (1)
Localities   : ALL
Localities   : ALL
Permissions   : 0x00040004 (AUTHREAD|AUTHWRITE)
Size          : 12 (0xc)

[root@sbct-1 ~]# tpm_nvrelease -i 1 -o
Enter owner password:
Successfully released NVRAM area at index 0x1 (1).

[root@sbct-1 ~]# tpm_nvinfo
Localities   : ALL
Localities   : ALL
Permissions   : 0x00001002 (WRITEALL|OWNERWRITE)
Size          : 20 (0x14)

Comment 19 Stefan Berger 2017-05-03 15:27:31 UTC
That entry above got completely mangled. Here's the correct one:

I verified that the TPM tools version tpm-tools-1.3.9-1.el7.x86_64 is working correctly on my system:

[root@sbct-1 ~]# rpm -q -a | grep tpm-tools
tpm-tools-1.3.9-1.el7.x86_64

[root@sbct-1 ~]# tpm_nvinfo
NVRAM index   : 0x10000001 (268435457)
PCR read  selection:
 Localities   : ALL
PCR write selection:
 Localities   : ALL
Permissions   : 0x00001002 (WRITEALL|OWNERWRITE)
bReadSTClear  : FALSE
bWriteSTClear : FALSE
bWriteDefine  : FALSE
Size          : 20 (0x14)

[root@sbct-1 ~]# tpm_nvdefine -i 1 -s 12 --pwda -p "AUTHREAD|AUTHWRITE" --pwdo
Enter owner password:
Enter NVRAM data password:
Confirm password:
Successfully created NVRAM area at index 0x1 (1).

[root@sbct-1 ~]# tpm_nvwrite -i 1 -d "Hello world" -p
Enter NVRAM access password:
Successfully wrote 11 bytes at offset 0 to NVRAM index 0x1 (1).

[root@sbct-1 ~]# tpm_nvread -i 1 -p
Enter NVRAM access password:
00000000  48 65 6c 6c 6f 20 77 6f 72 6c 64 ff              Hello world
[root@sbct-1 ~]# tpm_nvinfo
NVRAM index   : 0x10000001 (268435457)
PCR read  selection:
 Localities   : ALL
PCR write selection:
 Localities   : ALL
Permissions   : 0x00001002 (WRITEALL|OWNERWRITE)
bReadSTClear  : FALSE
bWriteSTClear : FALSE
bWriteDefine  : FALSE
Size          : 20 (0x14)

NVRAM index   : 0x00000001 (1)
PCR read  selection:
 Localities   : ALL
PCR write selection:
 Localities   : ALL
Permissions   : 0x00040004 (AUTHREAD|AUTHWRITE)
bReadSTClear  : FALSE
bWriteSTClear : FALSE
bWriteDefine  : FALSE
Size          : 12 (0xc)

[root@sbct-1 ~]# tpm_nvrelease -i 1 -o
Enter owner password:
Successfully released NVRAM area at index 0x1 (1).

[root@sbct-1 ~]# tpm_nvinfo
NVRAM index   : 0x10000001 (268435457)
PCR read  selection:
 Localities   : ALL
PCR write selection:
 Localities   : ALL
Permissions   : 0x00001002 (WRITEALL|OWNERWRITE)
bReadSTClear  : FALSE
bWriteSTClear : FALSE
bWriteDefine  : FALSE
Size          : 20 (0x14)

Comment 20 Jerry Snitselaar 2017-05-03 15:50:16 UTC
Thanks for the verification Stefan.

Comment 23 Jerry Snitselaar 2017-05-10 15:31:21 UTC

*** This bug has been marked as a duplicate of bug 1384447 ***


Note You need to log in before you can comment on or make changes to this bug.