Bug 1570890 - tpm2-tools: numeric error codes without any text explanation
Summary: tpm2-tools: numeric error codes without any text explanation
Keywords:
Status: CLOSED DEFERRED
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: tpm2-tools
Version: 7.5
Hardware: All
OS: Linux
unspecified
medium
Target Milestone: rc
: ---
Assignee: Jerry Snitselaar
QA Contact: Vilém Maršík
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-04-23 16:25 UTC by Vilém Maršík
Modified: 2019-10-22 06:58 UTC (History)
0 users

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2019-10-22 06:58:58 UTC
Target Upstream Version:


Attachments (Terms of Use)

Description Vilém Maršík 2018-04-23 16:25:50 UTC
Description of problem:
TPM2 responses are printed as numbers only, which is only understandable with 3rd party documentation at hand (could not find any file in "tpm2-tools" describing these error codes).

Version-Release number of selected component (if applicable):
tpm2-tools-3.0.1-1.el7.x86_64

How reproducible:
100%

Steps to Reproduce:
1. run a command that returns a TPM2 error

Actual results:
# tpm2_create -H 0x81010001 -g sha256 -G rsa
ERROR:
Create Object Failed ! ErrorCode: 0x18b
# tpm2_nvdefine -x 0x1500016 -a 0x40000001 -s 32 -t 0x2000A
ERROR: Failed to define NV area at index 0x1500016 (22020118).Error:0x9a2



Expected results:
TPM2 errors as both numbers and strings

Additional info:

Comment 2 Jerry Snitselaar 2018-04-23 16:59:46 UTC
What about /usr/bin/tpm2_rc_decode?

tpm2_rc_decode 0x9a2
error layer
  hex: 0x0
  identifier: TSS2_TPM_ERROR_LEVEL
  description: Error produced by the TPM
format 1 error code
  hex: 0x22
  identifier: TPM_RC_BAD_AUTH
  description: authorization failure without DA implications
session
  hex: 0x100
  identifier: TPM_RC_1
  description:  (null)

Comment 3 Vilém Maršík 2018-04-24 10:55:45 UTC
Yes, that is the information you are looking for, when seeing such an error code.

Not sure if the pure existence of this tool is enough, especially as it's never mentioned in the manual pages of the individual tpm2_* commands (just "RETURNS 0 on success or 1 on failure.", no "run tpm2_rc_decode if you see a numerical TPM error"). And most Linux tools format their error messages by something like strerror() or perror(), right? 

What do you think?


Note You need to log in before you can comment on or make changes to this bug.