-
Notifications
You must be signed in to change notification settings - Fork 33
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Error with tss_esapi
: Failed to instantiate TCTI
#531
Comments
weird |
are the credentials "correct" tho? |
They look OK to me:
session_store_driver:
Directory:
path: /home/fedora/fido-device-onboard-rs/aio-dir/stores/manufacturing_sessions
ownership_voucher_store_driver:
Directory:
path: /home/fedora/fido-device-onboard-rs/aio-dir/stores/owner_vouchers
public_key_store_driver:
Directory:
path: /home/fedora/fido-device-onboard-rs/aio-dir/stores/manufacturer_keys
bind: 0.0.0.0:8080
protocols:
plain_di: false
diun:
mfg_string_type: SerialNumber
key_type: SECP384R1
allowed_key_storage_types:
- Tpm
- FileSystem
key_path: /home/fedora/fido-device-onboard-rs/aio-dir/keys/diun_key.der
cert_path: /home/fedora/fido-device-onboard-rs/aio-dir/keys/diun_cert.pem
rendezvous_info:
- deviceport: 8082
ip_address: 192.168.122.180
ownerport: 8082
protocol: http
- deviceport: 8082
ip_address: fe80::97e2:1716:6aa8:88ba
ownerport: 8082
protocol: http
manufacturing:
manufacturer_cert_path: /home/fedora/fido-device-onboard-rs/aio-dir/keys/manufacturer_cert.pem
device_cert_ca_private_key: /home/fedora/fido-device-onboard-rs/aio-dir/keys/device_ca_key.der
device_cert_ca_chain: /home/fedora/fido-device-onboard-rs/aio-dir/keys/device_ca_cert.pem
owner_cert_path: /home/fedora/fido-device-onboard-rs/aio-dir/keys/owner_cert.pem
manufacturer_private_key: /home/fedora/fido-device-onboard-rs/aio-dir/keys/manufacturer_key.der |
If we isolate the lines of code that cause the error: let tcti_conf = tss_esapi::tcti_ldr::TctiNameConf::Tabrmd(Default::default());
let _tss_context =
tss_esapi::Context::new(tcti_conf).context("Error initializing the TPM context")?; we get:
when we have the following RPMs installed (same error on Fedora 37 and Fedora 38):
If I install
Fedora 37 versions:
Fedora 38 versions:
|
Opened an issue at the C source repo: tpm2-software/tpm2-tss#2663 |
CC @puiterwijk for awareness, I'm a bit lost with the TPM stuff and this might be an obvious issue to you 😅 |
Reported downstream, too - https://bugzilla.redhat.com/show_bug.cgi?id=2223779 |
We should be using the kernel RM (resource manager) not tpm2-abrmd for reference. |
We seem to be using abrmd instead of the kernel RM (https://github.com/fedora-iot/fido-device-onboard-rs/blob/aea44d3bb13900777d05f784ce93612f1ba1be78/manufacturing-client/src/main.rs#L591) as the fallback when no configuration file is provided, so we need to change that. |
From the main branch, running the
manufacturing-client
as root on Fedora 38:But,
device-credentials
are correctly generated.The text was updated successfully, but these errors were encountered: