Tss2_Sys_NV_DefineSpace失败，0x80013错误

Question

我试图使用SAPI (从tpm2-tss试验窃取的代码的一部分)在0x01500020测试中使用SAPI定义/取消TPM2.0的NV，但由于未知的原因，这失败了：

#include <tss2/tss2_sys.h>

#include <stdio.h>
#include <stdlib.h>
#include <string.h>

#define TEST_NV_INDEX 0x01500020
#define MAX_PSWD_LEN 8

static TSS2_RC tcti_transmit(TSS2_TCTI_CONTEXT *tctiContext,
    size_t size, uint8_t const *command) {
  (void) tctiContext;
  (void) size;
  (void) command;

  return TPM2_RC_SUCCESS;
}

static TSS2_RC tcti_receive(TSS2_TCTI_CONTEXT *tctiContext,
    size_t *size, uint8_t *response, int32_t timeout) {
  (void) tctiContext;
  (void) size;
  (void) response;
  (void) timeout;

  return TPM2_RC_SUCCESS;
}


static TSS2_ABI_VERSION g_ver = TSS2_ABI_VERSION_CURRENT;
static TSS2_TCTI_CONTEXT_COMMON_V1 g_tcti_ctx_v1;

int main(void) {
  char passwd[] = { "password" };
  UINT32 rc;
  TSS2L_SYS_AUTH_RESPONSE sessionsDataOut;
  TPM2B_NV_PUBLIC publicInfo;
  TPM2B_AUTH nvAuth;

  size_t ctx_size = Tss2_Sys_GetContextSize(0);
  TSS2_SYS_CONTEXT *ctx = calloc(1, ctx_size);
  TSS2_TCTI_CONTEXT *tcti_ctx = (TSS2_TCTI_CONTEXT *) &g_tcti_ctx_v1;
  TSS2L_SYS_AUTH_COMMAND sessionsData = { .count = 1, .auths = {{
    .sessionHandle = TPM2_RH_PW,
    .sessionAttributes = 0,
    .nonce = { .size = 0 },
    .hmac = { .size = 0 }
  }}};

  nvAuth.size = strnlen(passwd, MAX_PSWD_LEN);
  memcpy(&nvAuth.buffer[0], &passwd[0], nvAuth.size);

  publicInfo.size = 0;
  publicInfo.nvPublic.nvIndex = TEST_NV_INDEX;
  publicInfo.nvPublic.nameAlg = TPM2_ALG_SHA256;

  *(UINT32 *)&(publicInfo.nvPublic.attributes) = 0;

  publicInfo.nvPublic.attributes |= TPMA_NV_AUTHREAD;
  publicInfo.nvPublic.attributes |= TPMA_NV_AUTHWRITE;
  publicInfo.nvPublic.attributes |= TPMA_NV_PLATFORMCREATE;
  publicInfo.nvPublic.attributes |= TPMA_NV_ORDERLY;
  publicInfo.nvPublic.authPolicy.size = 0;
  publicInfo.nvPublic.dataSize = 32;

  g_tcti_ctx_v1.version = 1;
  g_tcti_ctx_v1.transmit = tcti_transmit;
  g_tcti_ctx_v1.receive = tcti_receive;

  if (ctx == NULL) {
    fprintf(stderr, "Sys Context NULL\n");
    exit(1);
  }

  printf("Context's size = %ld\n", ctx_size);

  rc = Tss2_Sys_Initialize(ctx, ctx_size,
      tcti_ctx, &g_ver);
  if (rc != TPM2_RC_SUCCESS) {
    fprintf(stderr, "Failed to Tss2_Sys_Initialize: rc = 0x%x\n", rc);
    exit(1);
  }

  rc = Tss2_Sys_NV_DefineSpace(ctx, TPM2_RH_PLATFORM,
      &sessionsData, &nvAuth, &publicInfo, &sessionsDataOut);
  if (rc != TPM2_RC_SUCCESS) {
    fprintf(stderr, "Failed to Tss2_Sys_NV_DefineSpace: rc = 0x%x\n", rc);
    goto free_ctx;
  }

  rc = Tss2_Sys_NV_UndefineSpace(ctx, TPM2_RH_PLATFORM,
      TEST_NV_INDEX, &sessionsData, 0);
  if (rc != TPM2_RC_SUCCESS) {
    fprintf(stderr, "Failed to Tss2_Sys_NV_UndefineSpace: rc = 0x%x", rc);
    goto free_ctx;
  }

  Tss2_Sys_Finalize(ctx);
  exit(0);

free_ctx:
  Tss2_Sys_Finalize(ctx);
  exit(1);
}

编译并执行之后，我得到了一个错误：

$ gcc -o nvdefine nvdefine.c -ltss2-sys && ./nvdefine
Failed to Tss2_Sys_NV_DefineSpace: rc = 0x80013

我试着使用TPM2_RH_PLATFORM和TPM2_RH_OWNER，但是这没有效果，我做错了什么？有人能帮忙吗？

Answer 1

我为我的问题找到了一个解决方案，因为TCTI上下文错误，我用以下代码替换了该代码：

#include <tss2/tss2_tctildr.h>
...

int main(void) {
  ...
  TPM2_RC rc;
  TSS2_TCTI_CONTEXT *tcti_ctx = NULL;
  ...

  rc = Tss2_Sys_TctiLdr_Initialize(NULL, &tcti_ctx);
  ...
}

另一个时刻是，对于TPM2_RH_PLATFORM，我需要一个会话，所以我根据用TPM2_RH_OWNER替换了它：

...
int main(void) {
  ...
  publicInfo.nvPublic.attributes |= TPMA_NV_AUTHREAD;
  publicInfo.nvPublic.attributes |= TPMA_NV_AUTHWRITE;
  publicInfo.nvPublic.attributes |= TPMA_NV_OWNERWRITE;
  publicInfo.nvPublic.attributes |= TPMA_NV_OWNERREAD;
  publicInfo.nvPublic.attributes |= TPMA_NV_WRITE_STCLEAR;
  publicInfo.nvPublic.attributes |= TPMA_NV_READ_STCLEAR;
  ...

  rc = Tss2_Sys_NV_DefineSpace(ctx, TPM2_RH_OWNER,
      &sessionsData, &nvAuth, &publicInfo, &sessionsDataOut);
  ...
  
  rc = Tss2_Sys_NV_UndefineSpace(ctx, TPM2_RH_OWNER,
      TEST_NV_INDEX, &sessionsData, 0);
  ...
}

并使用TctiLdr进行编译。

$ gcc -o nvdefine nvdefine.c -ltss2-sys -ltss2-tctildr

整个代码清单如下：

#include <tss2/tss2_sys.h>
#include <tss2/tss2_tctildr.h>

#include <stdio.h>
#include <stdlib.h>
#include <string.h>

#define TEST_NV_INDEX 0x01500020


int main(void) {
  char passwd[] = { "password" };
  UINT32 rc;
  TSS2L_SYS_AUTH_RESPONSE sessionsDataOut;
  TPM2B_NV_PUBLIC publicInfo;
  TPM2B_AUTH nvAuth;

  size_t ctx_size = Tss2_Sys_GetContextSize(0);
  TSS2_SYS_CONTEXT *ctx = calloc(1, ctx_size);
  TSS2_TCTI_CONTEXT *tcti_ctx = NULL;
  TSS2_ABI_VERSION abiVersion = TSS2_ABI_VERSION_CURRENT;
  TSS2L_SYS_AUTH_COMMAND sessionsData = { .count = 1, .auths = {{
    .sessionHandle = TPM2_RH_PW,
    .sessionAttributes = 0,
    .nonce = { .size = 0 },
    .hmac = { .size = 0 }
  }}};

  nvAuth.size = strlen(passwd);
  memcpy(&nvAuth.buffer[0], &passwd[0], nvAuth.size);

  publicInfo.size = 0;
  publicInfo.nvPublic.nvIndex = TEST_NV_INDEX;
  publicInfo.nvPublic.nameAlg = TPM2_ALG_SHA256;

  *(UINT32 *)&(publicInfo.nvPublic.attributes) = 0;

  publicInfo.nvPublic.attributes |= TPMA_NV_AUTHREAD;
  publicInfo.nvPublic.attributes |= TPMA_NV_AUTHWRITE;
  publicInfo.nvPublic.attributes |= TPMA_NV_OWNERWRITE;
  publicInfo.nvPublic.attributes |= TPMA_NV_OWNERREAD;
  publicInfo.nvPublic.attributes |= TPMA_NV_WRITE_STCLEAR;
  publicInfo.nvPublic.attributes |= TPMA_NV_READ_STCLEAR;
  publicInfo.nvPublic.authPolicy.size = 0;
  publicInfo.nvPublic.dataSize = 32;

  if (!ctx) {
    fprintf(stderr, "Sys Context NULL\n");
    exit(1);
  }

  rc = Tss2_TctiLdr_Initialize(NULL, &tcti_ctx);
  if (rc != TPM2_RC_SUCCESS) {
    fprintf(stderr, "Failed to Tss2_TctiLdr_Initialize: 0x%x\n", rc);
    exit(1);
  }

  rc = Tss2_Sys_Initialize(ctx, ctx_size,
      tcti_ctx, &abiVersion);
  if (rc != TPM2_RC_SUCCESS) {
    fprintf(stderr, "Failed to Tss2_Sys_Initialize: rc = 0x%x\n", rc);
    exit(1);
  }

  rc = Tss2_Sys_NV_DefineSpace(ctx, TPM2_RH_OWNER,
      &sessionsData, &nvAuth, &publicInfo, &sessionsDataOut);
  if (rc != TPM2_RC_SUCCESS) {
    fprintf(stderr, "Failed to Tss2_Sys_NV_DefineSpace: rc = 0x%x\n", rc);
    goto free_ctx;
  }

  rc = Tss2_Sys_NV_UndefineSpace(ctx, TPM2_RH_OWNER,
      TEST_NV_INDEX, &sessionsData, 0);
  if (rc != TPM2_RC_SUCCESS) {
    fprintf(stderr, "Failed to Tss2_Sys_NV_UndefineSpace: rc = 0x%x", rc);
    goto free_ctx;
  }

  Tss2_Sys_Finalize(ctx);
  exit(0);

free_ctx:
  Tss2_Sys_Finalize(ctx);
  exit(1);
}

这行得通！