Description of problem: All configurations configured in serviceinfo-api-server are not configured in edge device. Here's the fdo-client-linuxapp service log: [admin@vm-1 ~]$ journalctl -u fdo-client-linuxapp Jul 06 00:13:01 vm-1 systemd[1]: Starting FDO client... Jul 06 00:13:01 vm-1 fdo-client-linuxapp[1251]: 2023-07-06T04:13:01.950Z INFO fdo_client_linuxapp > No usable device credential located, skipping Device Onboarding Jul 06 00:13:01 vm-1 systemd[1]: fdo-client-linuxapp.service: Deactivated successfully. Jul 06 00:13:01 vm-1 systemd[1]: Finished FDO client. -- Boot 3c48426e47a24fbbb644422526ab54b4 -- Jul 06 00:15:03 vm-1 systemd[1]: Starting FDO client... Jul 06 00:15:03 vm-1 fdo-client-linuxapp[1122]: 2023-07-06T04:15:03.943Z INFO fdo_client_linuxapp > No usable device credential located, skipping Device Onboarding Jul 06 00:15:03 vm-1 mv[1136]: /usr/bin/mv: cannot stat '/boot/device-credentials': No such file or directory Jul 06 00:15:03 vm-1 systemd[1]: fdo-client-linuxapp.service: Deactivated successfully. Jul 06 00:15:03 vm-1 systemd[1]: Finished FDO client. File device-credentials can be found in /etc folder, but can't be found in /boot folder. [admin@vm-1 log]$ ll /boot total 20 lrwxrwxrwx. 1 root root 1 Jul 6 00:04 boot -> . drwx------. 3 root root 16384 Dec 31 1969 efi -rw-r--r--. 1 root root 45 Jul 6 00:12 fdo-client-env Everything worked on CentOS-Stream-9-20230626.0 repo, but failed on CentOS-Stream-9-20230704.1 repo. Version-Release number of selected component (if applicable): From Edge device: fdo-client-0.4.7-3.el9.x86_64 fdo-owner-cli-0.4.7-3.el9.x86_64 From aio server host: fdo-rendezvous-server-0.4.7-3.el9.x86_64 fdo-owner-onboarding-server-0.4.7-3.el9.x86_64 fdo-owner-cli-0.4.7-3.el9.x86_64 fdo-manufacturing-server-0.4.7-3.el9.x86_64 fdo-init-0.4.7-3.el9.x86_64 fdo-client-0.4.7-3.el9.x86_64 fdo-admin-cli-0.4.7-3.el9.x86_64 How reproducible: Steps to Reproduce: 1. Deploy a CS9 instance on GCP 2. git cone https://github.com/virt-s1/rhel-edge.git 3. cd rhel-edge 4. ./ostree-simplified-installer.sh Actual results: FDO onboarding configurations are not configured in Edge device. Expected results: FDO onboarding configuration should be configured. Additional info:
This is the error that we are getting in the manufacturing-client in the initrms: 2023-07-11T11:45:37.372Z INFO fdo_manufacturing_client > No usable device credential located, performing Device Onboarding 2023-07-11T11:45:37.402Z INFO fdo_manufacturing_client > Performing DIUN ERROR:tcti:src/tss2-tcti/tctildr.c:430:Tss2_TctiLdr_Initialize_Ex() Failed to instantiate TCTI 2023-07-11T11:45:37.418Z ERROR tss_esapi::tcti_ldr > Error when creating a TCTI context: response code not recognized
2023-07-11T11:45:37.372Z INFO fdo_manufacturing_client > No usable device credential located, performing Device Onboarding INFO fdo_manufacturing_client > Attempting manufacturing, url: http://192.168.122.199:8080, plain DI: false, DIUN public key verification: Insecure 2023-07-11T11:45:37.402Z INFO fdo_manufacturing_client > Performing DIUN ERROR:tcti:src/tss2-tcti/tctildr.c:430:Tss2_TctiLdr_Initialize_Ex() Failed to instantiate TCTI 2023-07-11T11:45:37.418Z ERROR tss_esapi::tcti_ldr > Error when creating a TCTI context: response code not recognized |-> that happens when we configure the manufacturing server with allowed_key_storage_types: - Tpm - FileSystem If we configure it with just 'FileSystem', the above error does not happen but we end up with a: INFO fdo_manufacturing_client > No usable device credential located, performing Device Onboarding INFO fdo_manufacturing_client > Attempting manufacturing, url: http://192.168.122.199:8080, plain DI: false, DIUN public key verification: Insecure INFO fdo_manufacturing_client > Performing DIUN systemd[1]: manufacturing-client.service: Main process exited, code=killed, status=15/TERM systemd[1]: manufacturing-client.service: Failed with result 'signal' systemd[1]: Stopped Manufacturing client DIUN
PR with fix added: https://github.com/fedora-iot/fido-device-onboard-rs/pull/536