1854774 – [Lenovo 8.4 FEAT] tpm2-tools - Update with latest bug fixes

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1854774 - [Lenovo 8.4 FEAT] tpm2-tools - Update with latest bug fixes

Summary: [Lenovo 8.4 FEAT] tpm2-tools - Update with latest bug fixes

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 8
Classification:	Red Hat
Component:	tpm2-tools
Sub Component:
Version:	8.4
Hardware:	x86_64
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	alpha
Target Release:	8.4
Assignee:	Jerry Snitselaar
QA Contact:	Vilém Maršík
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1848158 1898189 1916350 1916352
TreeView+	depends on / blocked

Reported:	2020-07-08 08:37 UTC by Rick
Modified:	2023-08-08 02:51 UTC (History)
CC List:	8 users (show)
Fixed In Version:
Doc Type:	No Doc Update
Doc Text:
Clone Of:
Environment:
Last Closed:	2021-05-18 15:03:33 UTC
Type:	Bug
Target Upstream Version:
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2021:1663	0	None	None	None	2021-05-18 15:03:48 UTC

Description Rick 2020-07-08 08:37:48 UTC

1. Feature Overview
    a. Name of feature: tpm2-tools - Update to latest version
    b. Feature description: TPM userspace tool for TPM 2.0

2. Feature Details
    a. Architectures: 64-bit Intel EM64T/AMD64
    b. Bugzilla dependencies:
    c. Drivers or hardware dependencies, including a specific platform or CPU:
       TPM 2.0 chipset
    d. Library or other software dependencies:
    e. Upstream acceptance information, including Linus's kernel version in which the feature appears and the date on which this feature was accepted or is targeted for acceptance into Linus's kernel:
    f. External links: https://github.com/01org/tpm2-tools
    g. Severity (H,M,L): High
    h. Feature required by date (for example, the date on which hardware requiring this feature is planned for launch): RHEL8.4 alpha version

3. Business Justification
    a. Why is this feature needed?
       Align with the latest fixes
    b. What hardware or software does this enable?
       TPM2.0
    c. If hardware, is it on-board in a system (eg, LOM) or an add-on card?
       on-board or add-on
    d. Business impact?
       Lenovo server platform needs this.
    e. What market problems / audience does it address?

4. QE Test Plan

5. Primary contact at Red Hat, email, phone (chat)
    a. Monte Knutson
    b. mknutson
    c. office: 919-890-8413

6. Primary contact at Partner, email, phone (chat)
    a. Rick Hsu
    b. rhsu5
    c. office

Comment 2 Kelvin Shieh 2020-08-10 09:40:45 UTC

commit 34f7d1a18af94f47cef728c0630d0cb395c63a49

Comment 8 Vilém Maršík 2020-12-18 01:35:04 UTC

tpm2-tools-4.1.1-2.el8.x86_64 from 8.4 beta is working, but version 4.1.1 is from January, and according to the date when this bug was created, "latest version" should be at least 4.1.3 . Jerry, why there is no newer version?

-------

verification log tpm2-tools-4.1.1-2.el8.x86_64 on 8.4 beta:
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
::   TEST PROTOCOL
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

    Package       : crypto
    beakerlib RPM : beakerlib-1.20-1.el8bkr.noarch
    Test name     : /kernel/crypto/tpm/tpm2
    Test version  : 0.1
    Test started  : 2020-12-17 19:53:50 EST
    Test finished : 2020-12-17 19:53:53 EST (still running)
    Test duration : 3 seconds
    Distro        : Red Hat Enterprise Linux release 8.4 Beta (Ootpa)
    Hostname      : lenovo-sr650-02.lab.eng.rdu2.redhat.com
    Architecture  : x86_64
    CPUs          : 48 x Intel(R) Xeon(R) Silver 4116 CPU @ 2.10GHz
    RAM size      : 63750 MB
    HDD size      : 1450.78 GB

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
::   Test description
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

Runs different tpm2-tools tests against a TPM2 HW.


::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
::   Setup
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

:: [ 19:53:50 ] :: [   PASS   ] :: Command 'udevadm trigger --action=change' (Expected 0, got 0)
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
::   Duration: 1s
::   Assertions: 1 good, 0 bad
::   RESULT: PASS (Setup)


::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
::   Presence
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

:: [ 19:53:51 ] :: [   PASS   ] :: Command 'tpm2_pcrread -T tabrmd' (Expected 0, got 0)
:: [ 19:53:51 ] :: [   PASS   ] :: 24 PCRS (Assert: "48" should be >= "24")
:: [ 19:53:51 ] :: [   PASS   ] :: File /dev/tpm0 should exist
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
::   Duration: 0s
::   Assertions: 3 good, 0 bad
::   RESULT: PASS (Presence)


::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
::   Functionality
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

:: [ 19:53:52 ] :: [   PASS   ] :: Command 'tpm2_nvreadpublic -T tabrmd' (Expected 0, got 0)
:: [ 19:53:53 ] :: [   PASS   ] :: random number generator (Expected 0, got 0)
:: [ 19:53:53 ] :: [   PASS   ] :: random number count (Assert: '20' should equal '20')
:: [ 19:53:53 ] :: [   PASS   ] :: hashing (Expected 0, got 0)
:: [ 19:53:53 ] :: [   PASS   ] :: extending PCR (Expected 0, got 0)
:: [ 19:53:53 ] :: [   PASS   ] :: PCR value changed (Assert: "  4 : 0x427D20205861AE625CCE93220C6D6555024CD838" should not equal "  4 : 0xE40E2528B60DEA94CD4D74814D27C85DE47F2626")
:: [ 19:53:53 ] :: [   PASS   ] :: tpm2_rc_decode 0x9a2 -> authorization failure (Assert: '1' should equal '1')
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
::   Duration: 2s
::   Assertions: 7 good, 0 bad
::   RESULT: PASS (Functionality)


::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
::   Data RW
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
::   Duration: 0s
::   Assertions: 0 good, 0 bad
::   RESULT: PASS (Data RW)


::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
::   Cleanup
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
::   Duration: 0s
::   Assertions: 0 good, 0 bad
::   RESULT: PASS (Cleanup)


::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
::   /kernel/crypto/tpm/tpm2
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

:: [ 19:53:53 ] :: [   LOG    ] :: JOURNAL XML: /var/tmp/beakerlib-DLNcQPt/journal.xml
:: [ 19:53:53 ] :: [   LOG    ] :: JOURNAL TXT: /var/tmp/beakerlib-DLNcQPt/journal.txt
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
::   Duration: 3s
::   Phases: 5 good, 0 bad
::   OVERALL RESULT: PASS (/kernel/crypto/tpm/tpm2)

# rpm -q tpm2-tools tpm2-tss tpm2-abrmd
tpm2-tools-4.1.1-2.el8.x86_64
tpm2-tss-2.3.2-3.el8.x86_64
tpm2-abrmd-2.3.3-2.el8.x86_64

Comment 9 Jerry Snitselaar 2020-12-18 02:35:09 UTC

This was just backporting of bugfixes since we did a major rebase last release.

0001-Fix-ESYS_TR-hierarchy-transition.patch
0001-Refactor-fix_esys_hierarchies.patch
0001-tpm2_alg_util.c-fix-a-bug-where-the-string-rsa3072-w.patch
0001-tpm2_create.c-Fix-an-issue-where-userwithauth-attr-c.patch
0001-tpm2_hierarchycontrol-Fixed-bug-where-hierarchycontr.patch
0001-tpm2_nvdefine.c-Fixed-error-reporting-message.patch
0001-tpm2_policyor-Silent-failure-bug-fix-for-invalid-uns.patch

Same with tpm2-tss bug.

Comment 10 Vilém Maršík 2020-12-18 14:45:49 UTC

(In reply to Jerry Snitselaar from comment #9)
> This was just backporting of bugfixes since we did a major rebase last
> release.
I see, but the bugs ask for updating to latest upstream version, which didn't happen. From this point of view, the bug has not been fixed. What do we do? Opening another bug for upstream sync, or at least renaming this bug, from "update to latest version" to something like "backport patches" ?

Comment 11 Jerry Snitselaar 2020-12-18 17:56:48 UTC

Every minor release the bug is filed asking for the latest upstream. When asked specifically what is wanted, the response is any relevant fixes. I'll change the bug subjects.

Comment 14 Vilém Maršík 2021-01-30 00:50:12 UTC

Thanks, considering verified.

Comment 16 errata-xmlrpc 2021-05-18 15:03:33 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (tpm2-tools bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2021:1663

Note You need to log in before you can comment on or make changes to this bug.