Doesn't work on CM4 + I/O board and a slb9670 via the tpm_tis_spi driver.
Using this test: echo foo | clevis encrypt tpm2 '{}' | clevis decrypt
I receive:
ERROR:esys_crypto:src/tss2-esys/esys_crypto_ossl.c:327:iesys_cryptossl_hmac_start() ErrorCode (0x00070001) EVP_PKEY_new_mac_key
ERROR:esys_crypto:src/tss2-esys/esys_crypto.c:267:iesys_crypto_KDFaHmac() Error ErrorCode (0x00070001)
ERROR:esys_crypto:src/tss2-esys/esys_crypto.c:367:iesys_crypto_KDFa() Error ErrorCode (0x00070001)
ERROR:esys:src/tss2-esys/esys_iutil.c:731:iesys_encrypt_param() while computing KDFa ErrorCode (0x00070001)
ERROR:esys:src/tss2-esys/esys_iutil.c:1291:iesys_gen_auths() Error parameter encryption ErrorCode (0x00070001)
ERROR:esys:src/tss2-esys/api/Esys_CreatePrimary.c:244:Esys_CreatePrimary_Async() Error in computation of auth values ErrorCode (0x00070001)
ERROR:esys:src/tss2-esys/api/Esys_CreatePrimary.c:110:Esys_CreatePrimary() Error in async function ErrorCode (0x00070001)
Error executing command: TPM error: commands not being accepted because of a TPM failure. NOTE: This may be returned by TPM2_GetTestResult() as the testResultparameter
Opposed to this output if the TPM is not loaded at all:
ERROR:tcti:src/tss2-tcti/tcti-device.c:442:Tss2_Tcti_Device_Init() Failed to open specified TCTI device file /dev/tpm0: No such file or directory
ERROR:tcti:src/tss2-tcti/tctildr-dl.c:154:tcti_from_file() Could not initialize TCTI file: device
ERROR:tcti:src/tss2-tcti/tctildr.c:428:Tss2_TctiLdr_Initialize_Ex() Failed to instantiate TCTI
Error executing command: TPM error: response code not recognized
The expected output is simply foo
Bodhi is disabling automatic push to stable due to negative karma. The maintainer may push manually if they determine that the issue is not severe.
This update has been submitted for testing by pbrobinson.
This update's test gating status has been changed to 'ignored'.
This update's test gating status has been changed to 'waiting'.
pbrobinson edited this update.
This update's test gating status has been changed to 'ignored'.
This update has been pushed to testing.
No issues, tested on the fitlet2.
Doesn't work on CM4 + I/O board and a slb9670 via the tpm_tis_spi driver.
Using this test:
echo foo | clevis encrypt tpm2 '{}' | clevis decryptI receive:
Opposed to this output if the TPM is not loaded at all:
The expected output is simply
fooBodhi is disabling automatic push to stable due to negative karma. The maintainer may push manually if they determine that the issue is not severe.
This update can be pushed to stable now if the maintainer wishes
This update has been submitted for stable by pbrobinson.
This update has been pushed to stable.