tpm2-tss: tpmtest failed TPM error: 0x9a2
i have ubuntu 16.04 with TPM 2.0 (IFX SLB9665), have the latest version of TPM2.0-TSS, the resourcemgr daemon is running.
I run test/tpmtest/tpmtest, the first tests are OK, then I can run more specific tests:
Q - QUIT THE PROGRAM
D - PRINT DESCRIPTION ON ALL CASES
0 - RUN ALL TEST CASES
1 - GET/SET DECRYPT PARAM TESTS
2 - STARTUP TESTS
3 - CREATE, CREATE PRIMARY, and LOAD TESTS
5 - UNSEAL TEST
6 - TPM Version TESTS
7 - SELFTEST TESTS
8 - GET TEST RESULT TESTS
9 - DICTIONARY ATTACK LOCK RESET TEST
13 - GET_CAPABILITY TESTS
14 - PCR_EXTEND, PCR_EVENT, PCR_ALLOCATE, and PCR_READ TESTS
15 - HASH TESTS
16 - POLICY TESTS
20 - GET_RANDOM TESTS
21 - SHUTDOWN TESTS
24 - QUOTE CONTROL TESTS
25 - PCR ALLOCATE TEST
26 - RM TESTS
32 - EC Ephemeral TESTS
33 - SYMMETRIC ENCRYPT/DECRYPT TESTS
34 - ASYMMETRIC ENCRYPT/DECRYPT TESTS
35 - VERIFY SIGNATURE WITH EXTERNAL KEY TEST
36 - VERIFY SIGNATURE WITH CREATED KEY TEST
37 - NV EXTENSION TEST
38 - PCR EXTENDED TEST
39 - CLOCK/TIME TEST
Not all these tests are OK:
RUN ALL TEST CASES:
UNSEAL TEST :
passing case: FAILED! Resource Mgr Error: 0xc1000
POLICY TESTS:
Q - QUIT THIS TEST GROUP
D - PRINT DESCRIPTION ON ALL CASES IN THIS GROUP
0 - RUN ALL TEST CASES
Please select an action:0
RUN ALL TEST CASES:
POLICY TESTS:
Policy Test: PASSWORD
passing case: PASSED!
passing case: PASSED!
passing case: PASSED!
passing case: PASSED!
passing case: PASSED!
passing case: PASSED!
passing case: FAILED! TPM Error: 0x9a2
TpmCmdServer died (TPM CMD), rval: 0x00000000, socket: 0xf.
OtherCmdServer died (Other CMD), socket: 0xe.
QUOTE CONTROL TESTS:
Q - QUIT THIS TEST GROUP
D - PRINT DESCRIPTION ON ALL CASES IN THIS GROUP
0 - RUN ALL TEST CASES
Please select an action:0
RUN ALL TEST CASES:
QUOTE CONTROL TESTS:
passing case: FAILED! TPM Error: 0x184
PCR ALLOCATE TEST:
Q - QUIT THIS TEST GROUP
D - PRINT DESCRIPTION ON ALL CASES IN THIS GROUP
0 - RUN ALL TEST CASES
Please select an action:0
RUN ALL TEST CASES:
PCR ALLOCATE TEST :
passing case: FAILED! TPM Error: 0x9a2
RUN ALL TEST CASES:
RM TESTS:
Initializing Test RM Resource Manager Interface
socket created: 0x5
socket created: 0x6
Accept socket: 0xe
Resource Manager Other CMD Server accepted client
Client connected to server on port: 2324
Accept socket: 0xf
Resource Manager TPM CMD Server accepted client
Client connected to server on port: 2323
failing case: FAILED! Ret code s/b: c2800, but was: c1000
TpmCmdServer died (TPM CMD), rval: 0x00000000, socket: 0x11.
OtherCmdServer died (Other CMD), socket: 0x10.
EC Ephemeral TESTS:
Q - QUIT THIS TEST GROUP
D - PRINT DESCRIPTION ON ALL CASES IN THIS GROUP
0 - RUN ALL TEST CASES
Please select an action:0
RUN ALL TEST CASES:
EC Ephemeral TESTS:
failing case: FAILED! Ret code s/b: 8000b, but was: 143
RUN ALL TEST CASES:
SYMMETRIC ENCRYPT/DECRYPT & HASH TESTS:
passing case: PASSED!
New key successfully created (RSA 2048). Handle: 0x80000009
passing case: PASSED!
passing case: PASSED!
passing case: FAILED! TPM Error: 0x2c2
TpmCmdServer died (TPM CMD), rval: 0x00000000, socket: 0x11.
OtherCmdServer died (Other CMD), socket: 0x10.
RUN ALL TEST CASES:
ASYMMETRIC ENCRYPT/DECRYPT & HASH TESTS:
passing case: FAILED! TPM Error: 0x9a2
RUN ALL TEST CASES:
VERIFICATION on PUBLIC LOADED KEY TESTS:
passing case: FAILED! TPM Error: 0x9a2
RUN ALL TEST CASES:
VERIFICATION on CREATED KEY TESTS:
passing case: FAILED! TPM Error: 0x9a2
RUN ALL TEST CASES:
NV EXTENSION TESTS:
passing case: PASSED!
The count of defined NV Index: 4
NV Index: 1800001
NV Index: 1800003
NV Index: 1c00002
NV Index: 1c0000a
passing case: PASSED!
passing case: PASSED!
Name of loaded key: 00 04 aa 6f 4a 8b 97 3a f7 3f d7 b4 e4 a4 fa 56
6c 96 79 b9 5d c8
passing case: PASSED!
Loaded key handle: 80000007
passing case: FAILED! TPM Error: 0x9a2
RUN ALL TEST CASES:
CLOCK/TIME TEST:
passing case: PASSED!
Current Time:110927392, Current Clock Info:678016494
passing case: FAILED! TPM Error: 0x9a2
I often have the 0x9a2 error, as well as 0x2c2, 0x184, 0x921. Furthermore, if I run tpmclient:
STARTUP TESTS:
passing case: PASSED!
passing case: FAILED! TPM Error: 0x100
TpmCmdServer died (TPM CMD), rval: 0x00000000, socket: 0x6.
OtherCmdServer died (Other CMD), socket: 0x7.
So obviously, these errors have consequences on tpm2.0-tools(when I run tpm2_takeownership -cI have this 0x9a2 error.
About this issue
- Original URL
- State: closed
- Created 8 years ago
- Comments: 20 (3 by maintainers)
Some basic information: error code 0x9a2 means “TPM ERROR: SESSION #1, TPM_RC_BAD_AUTH: authroization failure without DA implications”. So if you met any 0x9a2 error, usually it is due to that the platform auth is not NULL or owner auth is not NULL. tpmtest assume that the platform auth & owner auth are NULL before start running.
When you run with simulator, usually all the hierarchy auths are NULL. But when you run with physical TPM in production platforms, usually the bios will set a random value for platform auth, so all the tests requiring NULL platform auth can’t be run with physical TPM in most platforms. I was trying to skip/hide those tests when aware of the Non-NULL platform auth.
As to Non-NULL owner auth, it is usually set by you when execute some standalone tools such as tpm2_takeownership etc. You need to clear the tpm.
There are some ways to clear the TPM:
I wish what I wrote above can help resolve some doubts.