运行tpm2_takeowership后，在Yocto上使用带有IoT边缘的TPM时出错

Question

配置IoT边缘以使用TPM，我收到错误:错误:没有这样的文件或目录(操作系统错误2)

我以前运行过tpm2_takeownership，所以这可能是一个促成因素。

操作系统: Yocto 2.3 (Linux reliagate-10-12 4.9.148-eurotech-ti #1 Tue May 21 12:52:42 UTC 2019 armv7l GNU/Linux)

如果我不使用IoT，运行良好。

我已经能够按照这里列出的tpm_device_provision指令进行操作：https://docs.microsoft.com/en-us/azure/iot-edge/how-to-auto-provision-simulated-device-linux，并获得以下输出(这意味着我可以成功地与TPM通信)。

root@reliagate-10-12:eMMC:~# ./tpm_device_provision
Gathering the registration information...

Registration Id:
2upzntec--REMOVED--drlxrtza

Endorsement Key:
AToAAQAL--REMOVED--9zGxyw==

Press any key to continue:

我对我的config.yaml做了以下更改

provisioning:
  source: "dps"
  global_endpoint: "https://global.azure-devices-provisioning.net"
  scope_id: "0ne00045676"
  attestation:
    method: "tpm"
    registration_id: "2upzntec--REMOVED--drlxrtza"

我已经对tpm进行了必要的权限更改：

root@reliagate-10-12:eMMC:~# ls -all /dev/tpm0
crw-rw----. 1 tss iotedge 10, 224 May 16 14:44 /dev/tpm0

我已授予iotedge.service中的设置

root@reliagate-10-12:eMMC:~# systemctl cat iotedge.service
[Unit]
Description=Azure IoT Edge daemon
After=network-online.target docker.service iotedge.socket     iotedge.mgmt.socket
Requires=iotedge.socket iotedge.mgmt.socket
Wants=network-online.target docker.service
Documentation=man:iotedged(8)

[Service]
ExecStart=/usr/bin/iotedged -c /etc/iotedge/config.yaml
KillMode=process
TimeoutStartSec=600
TimeoutStopSec=40
Restart=on-failure
User=iotedge
Group=iotedge

[Install]
WantedBy=multi-user.target
Also=iotedge.socket iotedge.mgmt.socket

# /etc/systemd/system/iotedge.service.d/override.conf
[Service]
Environment=IOTEDGE_USE_TPM_DEVICE=ON

我已经启用了tpmaccess规则：

root@reliagate-10-12:eMMC:~# cat /etc/udev/rules.d/tpmaccess.rules
#allow iotedge access to tpm0
KERNEL=="tpm0", SUBSYSTEM=="tpm", GROUP="iotedge", MODE="0660"

然而，当我运行-u the pager iotedge --no-pager --no-full时，我看到以下错误

Aug 20 20:38:22 reliagate 10-12 systemd1:已启动Azure IoT边缘守护程序。Aug 20 20:38:22 reliagate 10-12 iotedged3466: 2019-08-20T20:38:22Z INFO -使用配置文件: /etc/iotedge/config.yaml Aug 20 20:38:22 reliagate 10-12 iotedged3466: 2019-08-20T20:38:22Z INFO -启动Azure IoT边缘安全后台进程Aug 20 20:38:22 reliagate 10-12 iotedged3466: 2019-08-20T20:38:22Z INFO - Version - 1.0.7 Aug 20 20:38:22 reliagate 10-12 iotedged3466: 2019-08-20T20:38:22Z INFO - Using runtime network id azure-iot-edge Aug 20 20:38:22 reliagate 10-12 iotedged3466: 2019-08-20T20:38:22Z INFO -正在初始化模块运行时...Aug 20 20:38:22 reliagate 10-12 iotedged3466: 2019-08-20T20:38:22Z INFO -正在初始化模块运行时...Aug 20 20:38:22 reliagate 10-12 iotedged3466: 2019-08-20T20:38:22Z INFO -成功初始化模块运行时Aug 20 20:38:22 reliagate 10-12 iotedged3466: 2019-08-20T20:38:22Z INFO -已完成初始化模块运行时。Aug 20 20:38:22 reliagate 10-12 iotedged3466: 2019-08-20T20:38:22Z INFO -将/var/lib/iotedge配置为主目录。Aug 20 20:38:22 reliagate 10-12 iotedged3466: 2019-08-20T20:38:22Z INFO -正在配置证书...Aug 20 20:38:22 reliagate 10-12 iotedged3466: 2019-08-20T20:38:22Z信息-找不到透明网关证书，正在快速启动模式下运行...Aug 20 20:38:22 reliagate 10-12 iotedged3466: 2019-08-20T20:38:22Z INFO -已完成证书配置。Aug 20 20:38:22 reliagate 10-12 iotedged3466: 2019-08-20T20:38:22Z INFO -正在初始化hsm...Aug 20 20:38:22 reliagate 10-12 iotedged3466: 2019-08-20T20:38:22Z INFO -初始化完成Aug 20 20:38:22 reliagate 10-12 iotedged3466: 2019-08-20T20:38:22Z INFO -正在检测配置文件是否已更改...Aug 20 20:38:22 reliagate 10-12 iotedged3466: 2019-08-20T20:38:22Z INFO -未检测到配置文件更改。Aug 20 20:38:22 reliagate 10-12 iotedged3466: 2019-08-20T20:38:22Z信息-获取工作负载CA成功。Aug 20 20:38:22 reliagate 10-12 iotedged3466: 2019-08-20T20:38:22Z信息调配边缘设备...Aug 20 20:38:22 reliagate 10-12 iotedged3466: 2019-08-20T20:38:22Z INFO -通过iotedged3466启动配置边缘设备...Aug 20 20:38:22 reliagate 10-12 iotedged3466: 2019-08-20T20:38:22Z INFO -开始scope_id为0ne00045676的DPS注册，registration_id "2upzntec--REMOVED--drlxrtza“Aug 20 20:38:23 reliagate 10-12 iotedged3466: 2019-08-20T20:38:23Z WARN -无法配置设备Aug 20 20:38:23 reliagate 10-12 iotedged3466: 2019-08-20T20:38:23Z WARN -原因:无法获取registration_id质询密钥Aug 20 20:38:23 reliagate 10-12 TPM : 2019-08-20T20:38:23Z WARN -原因:密钥存储出错。Aug 20 20:38:23 reliagate 10-12 iotedged3466: 2019-08-20T20:38:23Z WARN -原因: HSM failure Aug 20 20:38:23 reliagate 10-12 iotedged3466: 2019-08-20T20:38:23Z WARN -原因: HSM API故障发生: 342 Aug 20:38:23 reliagate 10-12 iotedged3466: 2019-08-20T20:38:23Z错误！-守护程序无法成功启动:无法初始化DPS资源调配客户端8月20 20:38:23reliagate 10-12 iotedged3466: 2019-08-20T20:38:23Z错误！-原因:无法恢复以前的配置结果Aug 20 20:38:23 reliagate 10-12 iotedged3466: 2019-08-20T20:38:23Z ERR！-原因:没有这样的文件或目录(操作系统错误2) 8月20:38:23 reliagate 10-12 iotedged3466: 2019-08-20T20:38:23Z ERR！(/home/build/my_project/yocto/build/tmp/work/cortexa8hf-neon-poky-linux-gnueabi/libiothsm-std/1.0.7-r0/iotedge-1.0.7/edgelet/hsm-sys/azure-…EK Aug 20 20:38:23 reliagate 10-12 iotedged3466: 2019-08-20T20:38:23Z ERR！(/home/build/my_project/yocto/build/tmp/work/cortexa8hf-neon-poky-linux-gnueabi/libiothsm-std/1.0.7-r0/iotedge-1.0.7/edgelet/hsm-sys/azure-…EK策略会话Aug 20 20:38:23 reliagate 10-12 iotedged3466: 2019-08-20T20:38:23Z ERR！EK将密钥转到tpm Aug 20 20:38:23 reliagate 10-12 systemd1: iotedge.service: Main process exit，code=exited，status=1/FAILURE Aug 20 20:38:23 reliagate 10-12 systemd1: iotedge.service: Failed，返回结果'exit-code‘。Aug 20 20:38:23 reliagate 10-12 systemd1: iotedge.service: Service RestartSec=100ms已过期，计划重启。Aug 20 20:38:23 reliagate 10-12 systemd1: iotedge.service:计划重新启动作业，重新启动计数器在5。Aug 20 20:38:23 reliagate 10-12 systemd1:已停止systemd1 IoT边缘守护程序。

Answer 1

以下是一些想法：

1. 您是否正在运行最新的IoT Edge bits (1.0.8)？
2. 请仔细检查DPS中的范围和背书密钥。
3. 我们已经看到在IoT边缘在TPM准备就绪之前出现的初始化问题。您可能必须将systemd配置为使iotedged启动较慢。在这种情况下，iotedged依赖于TPM。
4. 是否正在运行TPM资源管理器？

谢谢，凯文

Answer 2

对另一些人来说，运行

tpm2_takeownership -c

解决了问题。