It seems we need

--- a/Samples/ARM32-FirmwareTPM/optee_ta/fTPM/lib/wolf/sub.mk
+++ b/Samples/ARM32-FirmwareTPM/optee_ta/fTPM/lib/wolf/sub.mk
@@ -56,3 +56,5 @@ srcs-y += wolf_symlink/wolfcrypt/src/tfm.c
 srcs-y += wolf_symlink/wolfcrypt/src/wolfmath.c
 srcs-y += wolf_symlink/wolfcrypt/src/des3.c
 srcs-y += wolf_symlink/wolfcrypt/src/random.c
+
+$(srcs-y): wolf_symlink

to fix sporadic build failures on larger build machines, see also https://groups.google.com/d/msgid/isar-users/424e2519-2dfa-5379-a16e-ca505e6135fe%40siemens.com.

This is more to help others as I can't open a PR before I figured out how to deal with https://opensource.microsoft.com/cla/ on the Siemens side (CLAs are complex to handle, and this process here is seems to be even more complex).

OpenSSL added support for SM2, 3 and 4 in the latest 1.1.1 release. Are there any plans to support these in the simulator?

Hello,

We are working on using this stack with the STM32L476.

Are there any information available on how it was tested? We have found some
VCOM Windows application only so far.

Is this example designed to work with the general purpose tooling (like the tpm2-tools on Linux)?
We have build and flashed the sample and have the /dev/ttyACM0 device in Linux, which we would
expect would work as a replacement for the /dev/tpm0 character device.

This works a little different, though, it seems. We have noticed that the STM32
example expects more data than what simply comes from the tpm2-tools (for example
the tpm2_startup command). There are additional headers added in the Windows VCOM
application as well.

Some of it is described here: http://lpntpm.lpnplant.io/issues/#protocol-analysis-early-conclusions
There are some more reports from our last work there, as well.

Generally, it would be great if we could get some more information on what we should expect
to work in this STM32 sample and how it can be used.

Thanks,

Consistent with community expecations and github guidance, the default branch of microsoft/ms-tpm-20-ref has been changed from master to main. This will not update a user's local environment. The following commands can be used to update your local environment to match:

git branch -m master main
git fetch origin
git branch -u origin/main main
git remote set-head origin -a

Reproduce:
msbuild TPMCmd\simulator.sln /p:Configuration=WolfRelease

Reason:
Inconsistency in function declaration of MathLibraryCompatibilityCheck().
In TpmToWolfMath_fp.h and TpmToWolfMath.c

void
 MathLibraryCompatibilityCheck(
     void
 );

But in SupportLibraryFunctionPrototypes_fp.h and Manufacture.c expects

BOOL
 MathLibraryCompatibilityCheck(
     void
 );

hi all,

reading the TpmProfile.h, I found that: NV_MEMORY_SIZE is defined to 16 Kilobytes, is there a particular reason for choosing this size (and not 12/20 KB for example)?
as I've read here:
https://trustedcomputinggroup.org/wp-content/uploads/PC-Client-Specific-Platform-TPM-Profile-for-TPM-2p0-v1p05p_r14_pub.pdf
they do mention the 3834 Bytes without taking into consideration storage of any other persistent object, data or code that requires or consumes non-volatile memory. an older spec mentioned: 6962 bytes.
(https://trustedcomputinggroup.org/wp-content/uploads/TCG_PC_Client_Platform_TPM_Profile_PTP_2.0_r1.03_v22.pdf)

Thank you!

I have integrated ftpm TA in OPENSTLINUX distro and I can see the TA in the image /lib/optee_armtz folder. I am interested in getting tpm_event_log for which MACRO (MEASURED_BOOT) should be enable. So I want to know in what way I can enable the macro in my yocto recipe. Below is the recipe I am using.

SUMMARY = "OPTEE fTPM Microsoft TA"
DESCRIPTION = "TCG reference implementation of the TPM 2.0 Specification."
HOMEPAGE = "https://github.com/microsoft/ms-tpm-20-ref/"

#COMPATIBLE_MACHINE ?= "invalid"
#COMPATIBLE_MACHINE:qemuarm64 = "qemuarm64"
#COMPATIBLE_MACHINE:qemuarm64-secureboot = "qemuarm64"
#COMPATIBLE_MACHINE:qemu-generic-arm64 = "qemu-generic-arm64"

#FIXME - doesn't currently work with clang
TOOLCHAIN = "gcc"

inherit deploy python3native

LICENSE = "MIT"
LIC_FILES_CHKSUM = "file://${S}/LICENSE;md5=5a3925ece0806073ae9ebbb08ff6f11e"

DEPENDS = "python3-pyelftools-native optee-os-stm32mp python3-cryptography-native "
DEPENDS += "python3-pycryptodomex-native"
FTPM_UUID="bc50d971-d4c9-42c4-82cb-343fb7f37896"

SRC_URI = "gitsm://github.com/Microsoft/ms-tpm-20-ref;branch=master;protocol=https
file://0001-add-enum-to-ta-flags.patch"

SRCREV = "d638536d0fe01acd5e39ffa1bd100b3da82d92c7"

S = "${WORKDIR}/git"

OPTEE_CLIENT_EXPORT = "${STAGING_DIR_HOST}${prefix}"
TEEC_EXPORT = "${STAGING_DIR_HOST}${prefix}"
TA_DEV_KIT_DIR = "${STAGING_INCDIR}/optee/export-user_ta"
#TA_DEV_KIT_DIR = "/home/eaton/edge-linux-yocto/build-openstlinuxweston-stm32mp1/tmp-glibc/work/stm32mp1-ostl-linux-gnueabi/st-image-userfs/1.0-r0/recipe-sysroot/usr/include/optee/export-user_ta"
EXTRA_OEMAKE += '
CFG_FTPM_USE_WOLF=y
CFG_TA_DEBUG=y
CFG_TEE_TA_LOG_LEVEL=4
TA_DEV_KIT_DIR=${TA_DEV_KIT_DIR}
TA_CROSS_COMPILE=${TARGET_PREFIX}
CFLAGS="${CFLAGS} --sysroot=${STAGING_DIR_HOST} -I${WORKDIR}/optee-os-stm32mp"
'

EXTRA_OEMAKE:append:aarch64:qemuall = "
CFG_ARM64_ta_arm64=y
"

python3-cryptography needs the legacy provider, so set OPENSSL_MODULES to the

right path until this is relocated automatically.

export OPENSSL_MODULES="${STAGING_LIBDIR_NATIVE}/ossl-modules"

PARALLEL_MAKE = ""

do_compile() {
# The internal ${CC} includes the correct -mcpu option
sed -i 's/-mcpu=$(TA_CPU)//' Samples/ARM32-FirmwareTPM/optee_ta/fTPM/sub.mk
# there's also a secure variable storage TA called authvars
cd ${S}/Samples/ARM32-FirmwareTPM/optee_ta
oe_runmake
}

do_install () {
mkdir -p ${D}/${nonarch_base_libdir}/optee_armtz
install -D -p -m 0644 ${S}/Samples/ARM32-FirmwareTPM/optee_ta/out/fTPM/${FTPM_UUID}.ta ${D}/${nonarch_base_libdir}/optee_armtz/
install -D -p -m 0644 ${S}/Samples/ARM32-FirmwareTPM/optee_ta/out/fTPM/${FTPM_UUID}.stripped.elf ${D}/${nonarch_base_libdir}/optee_armtz/
}

do_deploy () {
install -d ${DEPLOYDIR}/optee
install -D -p -m 0644 ${S}/Samples/ARM32-FirmwareTPM/optee_ta/out/fTPM/${FTPM_UUID}.stripped.elf ${DEPLOYDIR}/optee/
}

addtask deploy before do_build after do_install

FILES:${PN} += "
${nonarch_base_libdir}/optee_armtz/${FTPM_UUID}.ta
${nonarch_base_libdir}/optee_armtz/${FTPM_UUID}.stripped.elf
"

Imports machine specific configs from staging to build

PACKAGE_ARCH = "${MACHINE_ARCH}"
INSANE_SKIP:${PN} += "ldflags"

hi all,

My question is if fTPM needs a secure real time clock for it to be able to work?

Thank you!

My understanding is that (when started) the tpm-simulator does not have a manufacturer's endorsement key. This is a problem for me in that I can't simulate hardware devices (ex. Infineon TPM2) where the EK is present at nvindex 0x1c00002.

Are there any instructions on how to use openssl and tpm2-tools (tss) to prepare the tpm-simulator with a manufacture's endorsement key? The only thing I have found is at https://google.github.io/tpm-js/#pg_certificates.

There are important files that Microsoft projects should all have that are not present in this repository. A pull request has been opened to add the missing file(s). When the pr is merged this issue will be closed automatically.

Microsoft teams can learn more about this effort and share feedback within the open source guidance available internally.

Merge this pull request

$ ./configure
checking for gcc... gcc
checking whether the C compiler works... yes
checking for C compiler default output file name... a.out
checking for suffix of executables...
checking whether we are cross compiling... no
checking for suffix of object files... o
checking whether the compiler supports GNU C... yes
checking whether gcc accepts -g... yes
checking for gcc option to enable C11 features... none needed
checking whether gcc understands -c and -o together... yes
checking whether ln -s works... yes
checking for ranlib... ranlib
checking for a BSD-compatible install... /usr/bin/install -c
checking whether build environment is sane... yes
checking for a race-free mkdir -p... /usr/bin/mkdir -p
checking for gawk... gawk
checking whether make sets $(MAKE)... yes
checking whether make supports the include directive... yes (GNU style)
checking whether make supports nested variables... yes
checking dependency style of gcc... gcc3
checking for pkg-config... /usr/bin/pkg-config
checking pkg-config is at least version 0.9.0... yes
checking for libcrypto... yes
checking build system type... x86_64-pc-linux-gnu
checking host system type... x86_64-pc-linux-gnu
checking for a sed that does not truncate output... /usr/bin/sed
checking how to run the C preprocessor... gcc -E
checking for grep that handles long lines and -e... /usr/bin/grep
checking for egrep... /usr/bin/grep -E
checking whether gcc is Clang... no
checking whether pthreads work with "-pthread" and "-lpthread"... yes
checking for joinable pthread attribute... PTHREAD_CREATE_JOINABLE
checking whether more special flags are required for pthreads... no
checking for PTHREAD_PRIO_INHERIT... yes
checking whether C compiler accepts -std=gnu11... ./configure: line 5914: ${ax_cv_check_cflags_ _________Wall__Werror ______std_gnu11+y}: bad substitution

the autoreconf are obtained from sudo apt-get install

Mac OS X build
./bootstrap
./configure
make
./tpm2-simulator

Why I run test cases return

github.com/google/go-tpm-tools/simulator/internal

../../vendor/github.com/google/go-tpm-tools/simulator/internal/internal_cgo.go:44:11: fatal error: 'Platform.h' file not found
#include "Platform.h"
^~~~~~~~~~~~
1 error generated.

Hi, together with my organization we are planning to create a universal opensource TPM 2.0 hardware module. We would like to use the stm32 sample as a reference point but ran into some problems.
I've checked out a specific commit that adds samples for Nucleo (f8a1c48).
This method allowed me to ignore (for now) other errors that appear when building a project from the master branch.
I thought, that maybe I'm using the wrong toolchain version, so I switched back to GCC 4.8 and tried a different Atollic version as well as the new successor - STM32CubeIDE, but with no luck. The same error remains also for an old Windows Atollic version.
I wonder how the project was developed because I was unable to build it in any way. Fixing minor bugs involving missing includes and the small fixes in the preprocessor defines, I have come to a point that is hard for me to go through.
Curent issue seems to be related to the macro located in CryptEccData.c:86 file
# define ECC_ENTRY(val, x) (bigNum)&##val##_##x
that triggers this specific error message.

arm-none-eabi-gcc -c "/home/acwiek/git/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptEccMain.c" -mcpu=cortex-m4 -std=gnu11 -g3 '-D__weak=__attribute__((weak))' '-D__packed=__attribute__((__packed__))' -DUSE_HAL_DRIVER -DSTM32L476xx -DWOLFSSL_USER_SETTINGS -DUSE_WOLFCRYPT -c -I../Inc -I../Drivers/STM32L4xx_HAL_Driver/Inc -I../Drivers/STM32L4xx_HAL_Driver/Inc/Legacy -I../Middlewares/ST/STM32_USB_Device_Library/Core/Inc -I../Middlewares/ST/STM32_USB_Device_Library/Class/CDC/Inc -I../Drivers/CMSIS/Device/ST/STM32L4xx/Include -I../Drivers/CMSIS/Include -I../../Shared/TPMDevice/include -I../../Shared/Platform/Include -I../../Shared/Platform/Include/prototypes -I../../../../external/wolfssl -I../../../../TPMCmd/tpm/include -I../../../../TPMCmd/tpm/include/prototypes -I"/home/acwiek/git/ms-tpm-20-ref/Samples/Nucleo-TPM/Shared/Platform/include/prototypes" -I"/home/acwiek/git/ms-tpm-20-ref/Samples/Nucleo-TPM/Shared/Platform/include" -O0 -ffunction-sections -fdata-sections -Wall -fstack-usage -MMD -MP -MF"Middlewares/TPMCmd/crypt/CryptEccMain.d" -MT"Middlewares/TPMCmd/crypt/CryptEccMain.o" --specs=nano.specs -mfpu=fpv4-sp-d16 -mfloat-abi=hard -mthumb -o "Middlewares/TPMCmd/crypt/CryptEccMain.o"
/home/acwiek/git/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptEccData.c:86:39: error: pasting "&" and "NIST_P256" does not give a valid preprocessing token
   86 | # define ECC_ENTRY(val, x)    (bigNum)&##val##_##x
      |                                       ^

We have high hopes for this project and think it will enrich the open-source community, so we would appreciate any help from you.

Some C/C++ systems (like Bazel) can optimize C/C++ builds using the fact that most headers don't have content that changes based on how it is included in a file. They can then use precompiled headers or more advanced methods to speed up building.

However, libtpm makes frequent use of a pattern where the symbols defined before including a header significantly change it's content. This makes this optimization impossible for a good deal of the library making building slower than it needs to be.

Most of the uses can be easily eliminated. The only one that would be tricky is Global.h, which nicely avoids duplication between Global.h and Global.c.

PR #8 is currently blocked by the Microsoft CLA bot. This conflicts with data in #7. Would it be possible to get info on CLA requirements in your documentation for contributors / contributions (aka CONTRIBUTING.md). This will help contributors like myself in planning since I need approval from my employer before I contribute to projects and a CLA is like a 10x multiplier on the complexity of this process. Knowing this in advance will save us a lot of time.

Hello,
while reading the fTPM article I read about "Cooperative Checkpointing". I'm wondering if it's implemented in the code and where?
also, why not to use the "yielding SMCs" mentioned here: https://optee.readthedocs.io/en/latest/architecture/core.html#normal-world-invokes-op-tee-os-using-smc
for fTPM services? won't this solve the issue "Cooperative Checkpointing" is trying to solve (long time in secure world while interrupts are masked for normal world)?
on the effects of interrupts on "yielding SMCs": https://trustedfirmware-a.readthedocs.io/en/latest/components/exception-handling.html#effect-on-smc-calls

Thank you!

TPM2_LoadExternal explicitly checked the authPolicy size in 1.16 and this was dropped in 1.38. I have not been able to find an errata relating to it.
PublicAttributesValidation checks this, but is only called is the private area is loaded here.

Is this an intentional change?

No one updated the submodule reference to WolfSSL since 1b35000. That version 4.6.0 has some open CVEs, I didn't check if they would apply, but I did check if 5.6.3 works as well - and it seems so. Anyone willing to push that? I would, but there is a "Contribution Limitation Agreement" in place here, and that is a bit in imbalance to such simple changes (although I may have a second one, see https://groups.google.com/d/msgid/isar-users/424e2519-2dfa-5379-a16e-ca505e6135fe%40siemens.com).

While GpMacros.h defines TPM_FAIL_RETURN as correct type to be used for NO_LONGJMP implementation (like embedded), both TpmFail() and _plat__Fail() aren't using this macro and define NORETURN void causing compilation errors.

The commits merged in #8 add the configuration required to build the simulator on a Linux platform. The microsoft github project however needs to be configured to build it for pull requests etc. Enabling this is not something I can do with a PR though. The owner of the project must login to travis-ci.org (this can be done using your github credentials) and enable the configuration. If you feel this is something worth doing I'm happy to help however I can.

Hi ，I feel that the DFStart function has two lines of code implementation that may be wrong, the following shows the code

I think the destination parameter of the memcpy function should be dfState->buf, not dfState->iv[0], because the init variable stores inputLength and seedsize. If you copy it to dfState->iv[0], the initial value of dfState->iv[0] will be overwritten. According to the description in step 4 in section 10.3.2 in SP800-90A, the value should be stored in dfState->buf and used as the input parameter of the BCC calculation. In addition, memcpy contains 8 bytes.,so I think dfState->content should be equal to 8, not equal to 4 in the source code.is it a historical error or the current implementation is designed in this way?

In addition, part 4 of the TPM library specification implements only part of Block_Cipher_df (I think steps 10-15 are missing). I would like to ask why the complete DF function is not implemented according to section 10.3.2 (Block_Cipher_df) in SP800-90A.

We have OP-TEE and the fTPM TA set up on our development board. The fTPM works as long as there is no persistent storage present in the REE filesystem, so either if

1. only RPMB_EMU is used without REE FS or
2. the tee directory is deleted

The first time the fTPM is started it will create storage objects:

D/TA:  TA_CreateEntryPoint:151 Entry Point
D/TA:  _plat__NVEnable:381 _plat__NVEnable()
D/TA:  _plat__NvInitFromStorage:132 _plat__NvInitFromStorage()
I/TA: Created fTPM storage object, i: 0x0, s: 0x200, id: 0x54504d00, h:0x98ba0
I/TA: Created fTPM storage object, i: 0x1, s: 0x200, id: 0x54504d01, h:0x98ba0
I/TA: Created fTPM storage object, i: 0x2, s: 0x200, id: 0x54504d02, h:0x98ba0
I/TA: Created fTPM storage object, i: 0x3, s: 0x200, id: 0x54504d03, h:0x98ba0
I/TA: Created fTPM storage object, i: 0x4, s: 0x200, id: 0x54504d04, h:0x98ba0
I/TA: Created fTPM storage object, i: 0x5, s: 0x200, id: 0x54504d05, h:0x98ba0
I/TA: Created fTPM storage object, i: 0x6, s: 0x200, id: 0x54504d06, h:0x98ba0
I/TA: Created fTPM storage object, i: 0x7, s: 0x200, id: 0x54504d07, h:0x98ba0
I/TA: Created fTPM storage object, i: 0x8, s: 0x200, id: 0x54504d08, h:0x98ba0
I/TA: Created fTPM storage object, i: 0x9, s: 0x200, id: 0x54504d09, h:0x98ba0
I/TA: Created fTPM storage object, i: 0xa, s: 0x200, id: 0x54504d0a, h:0x98ba0
I/TA: Created fTPM storage object, i: 0xb, s: 0x200, id: 0x54504d0b, h:0x98ba0
I/TA: Created fTPM storage object, i: 0xc, s: 0x200, id: 0x54504d0c, h:0x98ba0
I/TA: Created fTPM storage object, i: 0xd, s: 0x200, id: 0x54504d0d, h:0x98ba0
I/TA: Created fTPM storage object, i: 0xe, s: 0x200, id: 0x54504d0e, h:0x98ba0
I/TA: Created fTPM storage object, i: 0xf, s: 0x200, id: 0x54504d0f, h:0x98ba0
I/TA: Created fTPM storage object, i: 0x10, s: 0x200, id: 0x54504d10, h:0x98ba0
I/TA: Created fTPM storage object, i: 0x11, s: 0x200, id: 0x54504d11, h:0x98ba0
I/TA: Created fTPM storage object, i: 0x12, s: 0x200, id: 0x54504d12, h:0x98ba0
I/TA: Created fTPM storage object, i: 0x13, s: 0x200, id: 0x54504d13, h:0x98ba0
I/TA: Created fTPM storage object, i: 0x14, s: 0x200, id: 0x54504d14, h:0x98ba0
I/TA: Created fTPM storage object, i: 0x15, s: 0x200, id: 0x54504d15, h:0x98ba0
I/TA: Created fTPM storage object, i: 0x16, s: 0x200, id: 0x54504d16, h:0x98ba0
I/TA: Created fTPM storage object, i: 0x17, s: 0x200, id: 0x54504d17, h:0x98ba0
I/TA: Created fTPM storage object, i: 0x18, s: 0x200, id: 0x54504d18, h:0x98ba0
I/TA: Created fTPM storage object, i: 0x19, s: 0x200, id: 0x54504d19, h:0x98ba0
I/TA: Created fTPM storage object, i: 0x1a, s: 0x200, id: 0x54504d1a, h:0x98ba0
I/TA: Created fTPM storage object, i: 0x1b, s: 0x200, id: 0x54504d1b, h:0x98ba0
I/TA: Created fTPM storage object, i: 0x1c, s: 0x200, id: 0x54504d1c, h:0x98ba0
I/TA: Created fTPM storage object, i: 0x1d, s: 0x200, id: 0x54504d1d, h:0x98ba0
I/TA: Created fTPM storage object, i: 0x1e, s: 0x200, id: 0x54504d1e, h:0x98ba0
I/TA: Created fTPM storage object, i: 0x1f, s: 0x200, id: 0x54504d1f, h:0x98ba0
I/TA: Created fTPM storage object, i: 0x20, s: 0x200, id: 0x54504d20, h:0x98ba0
D/TA:  TA_CreateEntryPoint:173 NVEnable Complete
D/TA:  TA_CreateEntryPoint:180 TPM_Manufacture
Size of OBJECT = 1204
Size of components in TPMT_SENSITIVE = 744
    TPMI_ALG_PUBLIC                 2
    TPM2B_AUTH                      50
    TPM2B_DIGEST                    50
    TPMU_SENSITIVE_COMPOSITE        642
MAX_CONTEXT_SIZE can be reduced to 1264 (1344)
D/TA:  _plat__NvWriteBack:292 bMap: 0xffffffff
D/TA:  _plat__NVEnable:381 _plat__NVEnable()
D/TA:  TA_CreateEntryPoint:192 Init Complete
D/TA:  TA_CreateEntryPoint:215 No TPM state present
D/TA:  _plat__NvWriteBack:292 bMap: 0x2
D/TA:  fTPM_Submit_Command:382 Success, RS: 0xa
D/TA:  fTPM_Submit_Command:382 Success, RS: 0x1b
D/TA:  fTPM_Submit_Command:382 Success, RS: 0x1e7
D/TA:  fTPM_Submit_Command:382 Success, RS: 0x25

tpm2-tools work as expected.
If the system is rebooted or reset from this state, the fTPM will reliably panic when trying to open the persistent storage objects:

D/TA:  TA_CreateEntryPoint:151 Entry Point
D/TA:  _plat__NVEnable:381 _plat__NVEnable()
D/TA:  _plat__NvInitFromStorage:132 _plat__NvInitFromStorage()
I/TA: Read fTPM storage object, i: 0x0, s: 0x200, id: 0x54504d00, h:0x98ba0
I/TA: Read fTPM storage object, i: 0x0, s: 0x200, id: 0x54504d01, h:0x0
D/TA:  _plat__NvInitFromStorage:172 Failed to open fTPM storage object
E/TC:? 0
E/TC:? 0 TA panicked with code 0xffff0007
E/LD:  Status of TA bc50d971-d4c9-42c4-82cb-343fb7f37896
E/LD:   arch: aarch64
E/LD:  region  0: va 0x40005000 pa 0x9ea01000 size 0x002000 flags rw-s (ldelf)
E/LD:  region  1: va 0x40007000 pa 0x9ea03000 size 0x009000 flags r-xs (ldelf)
E/LD:  region  2: va 0x40010000 pa 0x9ea0c000 size 0x001000 flags rw-s (ldelf)
E/LD:  region  3: va 0x40011000 pa 0x9ea0d000 size 0x004000 flags rw-s (ldelf)
E/LD:  region  4: va 0x40015000 pa 0x9ea11000 size 0x001000 flags r--s
E/LD:  region  5: va 0x40016000 pa 0x9eb2c000 size 0x011000 flags rw-s (stack)
E/LD:  region  6: va 0x40077000 pa 0x00001000 size 0x07b000 flags r-xs [0]
E/LD:  region  7: va 0x400f2000 pa 0x0007c000 size 0x09f000 flags rw-s [0]
E/LD:   [0] bc50d971-d4c9-42c4-82cb-343fb7f37896 @ 0x40077000
E/LD:  Call stack:
E/LD:   0x400c8b24
E/LD:   0x4007a620
E/LD:   0x400c8984
E/TC:? 0 ldelf_dump_ftrace:336 ldelf stack is inaccessible!
E/TC:? 0 tee_ta_open_session:743 Failed. Return error 0xffff3024

The OP-TEE storage tests pass and example applications also work as expected.
We are using the latest version (e9fc7b8).

Any help is greatly appreciated.

I've been working up a few patches to enable use of this code on Linux. Currently I have done enough to get a functional daemon running with test cases from https://github.com/tpm2-software/tpm2-tss.git working as expected. I'm only able to do so when building for a 32bit host though. 64bit builds produce a binary just fine but it hangs when handling commands and I wanted to check to see if 64bit builds are intended to work at all before I spend time debugging this.

My intention is to submit this work as a PR once I've cleaned it up a bit and sorted out this issue with the 64bit builds.

Thanks.

Hi, I am unable to restore the TPM state when I restart a MS TPM instance, as the NVChip data file is always overwritten by the tpm_server command. This can be easily tested by persisting any data in the NVRAM and try access the handles after the restart. Am I missing something here?

EDIT: Regarding this issue, I see that the main body in TPMCmd/Simulator/src/TPMCmds.c always runs the TPM_Manufacture() function when you startup the tpm_server.

Does this mean that the platform is manufactured again at each start-up then? Does this imply that the states in NVChip are never restored ?

Hey all!

I'm building fTPM with OP-TEE on Qemu. Following the instructions, I got to build the solution but the driver didn't load. I got the following on my Normal World shell:

Starting tee-supplicant: OK
Starting network: OK
Starting network (udhcpc): OK
Starting tpm2-abrmd: device driver not loaded, skipping.

What am I missing?

p.s: I see no evidence of the TA being loaded in the secure world.

Thanks in advance!

It fails with an error "Unable to determine RADIX_BITS from compiler environment."

It is due to the architecture flags are not present correctly for gcc

It looks like lack of something like .clang-format specification or other formatter creates number of issues with trailing whitespaces, newlines, etc. Does it make sense to include .clang-format which would enforce formatting? Probably need some tuning to make changes to existing code minimal.

There are two copies of TPM.vcxproj.filters under TPMCmd/tpm that differ only by the case of the filename:

TPM.vcxproj.filters
Tpm.vcxproj.filters

This causes issues for people who have cloned the repo into a non-case-sensitive file system. Git will always say the file has been modified and will not let you switch branches. One of them needs to be removed.

In Implementation.h

line :
#define AES_MAX_KEY_SIZE ((AES_MAX_KEY_SIZE_BITS + 7) / 8)

should be:
#define AES_MAX_KEY_SIZE AES_MAX_KEY_SIZE_BITS

Otherwise it doesn't work with wolfcrypt. I tried to fix locally. and seems to work.

I discovered this issue experimentally working with policyNV in another repository. Filing this issue to create an issue number to reference from test code, which I will point at in a follow-on comment to this issue.

TPM 2.0 Spec, Rev1.59 Part 3, § 23.9.1 "PolicyNV" says:

The signed arithmetic operations are performed using twos-compliment.

As seen here in the implementation of this helper used by PolicyNV:

SignedCompareB returns the negative of the comparison of the two values if both are negative. This is how signed-magnitude arithmetic works, but not how twos-complement works.

An example in 16-bit twos-complement:

• -1 = 0xffff
• -2 = 0xfffe
• -1 > -2
• 0xffff > 0xfffe

SignedCompare(0xffff, 0xfffe) as-is will return 0 - UnsignedCompareB(0xffff, 0xfffe), which is -1, which is incorrect (indicating 0xffff < 0xfffe, which is not true in unsigned arithmetic or signed twos-complement arithmetic).

I think SignedCompareB(a, b) should simply return UnsignedCompareB(a, b) if the sign bits are the same.

The indentation in this block of code is misleading: https://github.com/Microsoft/ms-tpm-20-ref/blob/master/TPMCmd/Platform/src/NVMem.c#L208

The call to 'fclose' immediately follows a conditional and is indented in such a way as to lead the reader to believe it is within the scope of the conditional. The conditional however is immediately followed by a ';' on the same line which makes it a no-op and causes the call to 'fclose' to happen regardless of the result of the test. Removing this ';' will get you the intended behavior.

Apologies for not sending a patch but I'm still barred from doing so on account of the CCLA.

Based on my interpretation of this code block:

An interposer sitting on the bus between the CPU and the TPM could extract the decrypted salt value from the TPM decryption. Assuming the authValue is empty or known, an interposer on the bus could decrypt any encrypted traffic during an encrypted session, as the symmetric encryption key is derived from the KDFa of the sessionKey.

The table-driven marshalling code is not type-safe: it accepts void * pointers for the data to be marshalled, which is extremely error-prone. This can be solved by using static inline functions instead of #define macros. These functions will be inlined by the compiler and therefore have no run-time overhead.

I cannot fix this as the code generator is not publically available.

The TPM sources used by all the samples, and especially the simulator in TPMCmd, have these telltale lines:

/*(Auto-generated)
 *  Created by TpmStructures; Version 4.4 Mar 26, 2019
 *  Date: Mar  6, 2020  Time: 01:50:09PM
 */

Is the source for this TpmStructures script/binary available? I presume based on this discussion that the generator parses the TPM 2.0 specification itself to generate code.

Equivalent work is in TSS.MSR/TssCodeGen, but that doesn't seem to generate C source code (like is seen in this repository), but rather equivalent structures in higher-level languages.

TpmScripts seems likely, but the repository is empty; there are references to it in this repository's gitignore, too.

Hello,

actually main problem is we interfaced slb 9670(tpm-2.0) with 16 bit msp430 controller which does not support linux kernel or any OS.

now our task is to store a 100 byes of data in NV memory, without any authorisation technique, as simple as possible.

please guide me in that way.

slb 9670 is interfaced with msp430 controller through SPI protocol.

I able to read device id , version id of slb9670 , so spi communication is working fine with our controller .

what is packet format to be send with our data , i am not able to understand the TCG documents .

theoretically iam able to understand we have to do nvdefinespace , nvwrite ,nvread .. internaly what is the format i have to be send not able to understand

can you please guide me , or share any code snippet .

sorry if i trouble you or any irrelevant questions.

Regards,
Manoj,
mail : [email protected]
+91-9063249308

I try to enable ALG_SHA512, but I got compile error.

error: use of undeclared identifier 'tpmHashStateImport_SHA512'

Could you see if this definition is correct? Thanks.

Even after disabling deprecation errors the build still fails in the bignum code.

From your README:

If you do not disable SM{2,3,4} algorithms support either while building OpenSSL or in the simulator (see the Linux section below), the build may fail because of missing SM{2,3,4}.h headers, which is the result of an apparent bug/misconfiguration in the OpenSSL build tree/scrips. In this case you may also need to copy over the SM{2,3,4}.h headers from OpenSSL’s include/crypt folder.

I am a maintainer of OpenSSL and stumbled across this text while investigating an issue for one of our users.

The sm2/sm3/sm4 header files are considered internal to OpenSSL and are deliberately not installed (i.e. it is not a bug or misconfiguration as stated in the text above). Applications should not be using them directly. They may be modified at any time by any patch release of OpenSSL and internal structure sizes and members could be changed, as well as function signatures etc.

Applications wishing to use SM2/SM3/SM4 support should be using the "EVP" APIs instead of the functions declared in these internal headers.

If the TPM 2.0 reference implementation is relying on these header files remaining stable then it is liable to break at any point with a future release of OpenSSL.

I've just noticed that the PRs I've created have an automated check performed: "license/cla — All CLA requirements met." There's a link in this text to https://msght/ but attempts to follow this link result in an error: ERR_CONNECTION_REFUSED.

Can you provide details on what the CLA is?

Compiling on windows failed, because i haven't found a compatible libcrypto. Can you please point me to a version that is known to work?

Also compiling on Ubuntu 19.10 failed:

gcc -std=gnu11 -Werror -Wall -Wformat-security -fstack-protector-all -fPIC -Wno-error=empty-body -Wno-error=expansion-to-defined -Wno-error=parentheses -Wno-error=pointer-to-int-cast -Wno-error=missing-braces -Wno-error=unused-result -I ./Platform/include -I ./Platform/include/prototypes -I ./tpm/include -I ./tpm/include/prototypes -I ./Simulator/include -I ./Simulator/include/prototypes  -pthread -g -O2   -o Simulator/src/tpm2-simulator Simulator/src/tpm2_simulator-TPMCmdp.o Simulator/src/tpm2_simulator-TPMCmds.o Simulator/src/tpm2_simulator-TcpServer.o  Platform/src/libplatform.a tpm/src/libtpm.a Platform/src/libplatform.a -lcrypto   
/usr/bin/ld: tpm/src/libtpm.a(libtpm_a-CryptSym.o): in function `CryptSymmetricEncrypt':
/home/marek/git/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptSym.c:190: undefined reference to `SM4_set_key'
/usr/bin/ld: /home/marek/git/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptSym.c:190: undefined reference to `SM4_encrypt'
/usr/bin/ld: tpm/src/libtpm.a(libtpm_a-CryptSym.o): in function `CryptSymmetricDecrypt':
/home/marek/git/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptSym.c:363: undefined reference to `SM4_set_key'
/usr/bin/ld: /home/marek/git/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptSym.c:363: undefined reference to `SM4_encrypt'
/usr/bin/ld: /home/marek/git/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptSym.c:358: undefined reference to `SM4_set_key'
/usr/bin/ld: /home/marek/git/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptSym.c:358: undefined reference to `SM4_decrypt'
/usr/bin/ld: tpm/src/libtpm.a(libtpm_a-CryptHash.o):/home/marek/git/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptHash.c:62: undefined reference to `sm3_init'
/usr/bin/ld: tpm/src/libtpm.a(libtpm_a-CryptHash.o):(.data.rel.ro+0x8): undefined reference to `sm3_update'
/usr/bin/ld: tpm/src/libtpm.a(libtpm_a-CryptHash.o):(.data.rel.ro+0x10): undefined reference to `sm3_final'
/usr/bin/ld: tpm/src/libtpm.a(libtpm_a-CryptCmac.o): in function `CryptCmacData':
/home/marek/git/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptCmac.c:104: undefined reference to `SM4_set_key'
/usr/bin/ld: /home/marek/git/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptCmac.c:104: undefined reference to `SM4_encrypt'
/usr/bin/ld: tpm/src/libtpm.a(libtpm_a-CryptCmac.o): in function `CryptCmacEnd':
/home/marek/git/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptCmac.c:144: undefined reference to `SM4_set_key'
/usr/bin/ld: /home/marek/git/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptCmac.c:144: undefined reference to `SM4_encrypt'
collect2: error: ld returned 1 exit status
make: *** [Makefile:2174: Simulator/src/tpm2-simulator] Fehler 1

Cloning with Git for Windows generates a warning about the case of filenames. As a result, there is only one simulator.vcxproj on Windows, but two on Linux, and it's not obvious that the clone results are actually correct.

git clone https://github.com/microsoft/ms-tpm-20-ref.git
Cloning into 'ms-tpm-20-ref'...
remote: Enumerating objects: 32, done.
remote: Counting objects: 100% (32/32), done.
remote: Compressing objects: 100% (22/22), done.
remote: Total 4465 (delta 9), reused 17 (delta 9), pack-reused 4433R
Receiving objects: 100% (4465/4465), 6.36 MiB | 25.32 MiB/s, done.
Resolving deltas: 100% (3422/3422), done.
Checking out files: 100% (771/771), done.
warning: the following paths have collided (e.g. case-sensitive paths
on a case-insensitive filesystem) and only one from the same
colliding group is in the working tree:

'TPMCmd/Simulator/simulator.vcxproj'
'TPMCmd/simulator/simulator.vcxproj'

When building with GCC 10, compilation fails with the following (fatal, due to -Werror) warning:

tpm/src/subsystem/NvDynamic.c: In function ‘NvNextByType’:
tpm/src/subsystem/NvDynamic.c:148:17: error: ‘nvHandle’ may be used uninitialized in this function [-Werror=maybe-uninitialized]
  148 |         *handle = nvHandle;
      |         ~~~~~~~~^~~~~~~~~~
cc1: all warnings being treated as errors

This might be a false positive and is probably easily fixed by initialising nvHandle in l. 138, but I am not sure what a safe initial value for doing so would be.

Many questions can be answered by the TPM 2.0 specifications, which can be found here:

https://trustedcomputinggroup.org/resource/tpm-library-specification/

If you couldn't tell from #8 and #22 I'm a big fan of continuous integration. Figured we can give windows the same treatment given to Linux by using AppVeyor. I've some experience here on account of the tpm2-software project and our support of both Linux and Windows for our TSS2. We use appveyor for our CI on windows and have had pretty good results.

latest source build is failing in linux:

TPMCmd]# make
gcc -DPACKAGE_NAME=\"ms-tpm-20-ref\" -DPACKAGE_TARNAME=\"ms-tpm-20-ref\" -DPACKAGE_VERSION=\"0.1\" -DPACKAGE_STRING=\"ms-tpm-20-ref\ 0.1\" -DPACKAGE_BUGREPORT=\"https://github.com/microsoft/ms-tpm-20-ref/issues\" -DPACKAGE_URL=\"https://github.com/microsoft/ms-tpm-20-ref\" -DPACKAGE=\"ms-tpm-20-ref\" -DVERSION=\"0.1\" -DHAVE_PTHREAD_PRIO_INHERIT=1 -DHAVE_PTHREAD=1 -DHASH_LIB=Ossl -DSYM_LIB=Ossl -DMATH_LIB=Ossl -I.    -std=gnu11 -Werror -Wall -Wformat-security -fstack-protector-all -fPIC -Wno-error=empty-body -Wno-error=expansion-to-defined -Wno-error=parentheses -Wno-error=pointer-to-int-cast -Wno-error=missing-braces -Wno-error=unused-result -I ./Platform/include -I ./Platform/include/prototypes -I ./tpm/include -I ./tpm/include/prototypes -I ./Simulator/include -I ./Simulator/include/prototypes  -pthread -g -O2 -MT Simulator/src/tpm2_simulator-TPMCmdp.o -MD -MP -MF Simulator/src/.deps/tpm2_simulator-TPMCmdp.Tpo -c -o Simulator/src/tpm2_simulator-TPMCmdp.o `test -f 'Simulator/src/TPMCmdp.c' || echo './'`Simulator/src/TPMCmdp.c
mv -f Simulator/src/.deps/tpm2_simulator-TPMCmdp.Tpo Simulator/src/.deps/tpm2_simulator-TPMCmdp.Po
gcc -DPACKAGE_NAME=\"ms-tpm-20-ref\" -DPACKAGE_TARNAME=\"ms-tpm-20-ref\" -DPACKAGE_VERSION=\"0.1\" -DPACKAGE_STRING=\"ms-tpm-20-ref\ 0.1\" -DPACKAGE_BUGREPORT=\"https://github.com/microsoft/ms-tpm-20-ref/issues\" -DPACKAGE_URL=\"https://github.com/microsoft/ms-tpm-20-ref\" -DPACKAGE=\"ms-tpm-20-ref\" -DVERSION=\"0.1\" -DHAVE_PTHREAD_PRIO_INHERIT=1 -DHAVE_PTHREAD=1 -DHASH_LIB=Ossl -DSYM_LIB=Ossl -DMATH_LIB=Ossl -I.    -std=gnu11 -Werror -Wall -Wformat-security -fstack-protector-all -fPIC -Wno-error=empty-body -Wno-error=expansion-to-defined -Wno-error=parentheses -Wno-error=pointer-to-int-cast -Wno-error=missing-braces -Wno-error=unused-result -I ./Platform/include -I ./Platform/include/prototypes -I ./tpm/include -I ./tpm/include/prototypes -I ./Simulator/include -I ./Simulator/include/prototypes  -pthread -g -O2 -MT Simulator/src/tpm2_simulator-TPMCmds.o -MD -MP -MF Simulator/src/.deps/tpm2_simulator-TPMCmds.Tpo -c -o Simulator/src/tpm2_simulator-TPMCmds.o `test -f 'Simulator/src/TPMCmds.c' || echo './'`Simulator/src/TPMCmds.c
mv -f Simulator/src/.deps/tpm2_simulator-TPMCmds.Tpo Simulator/src/.deps/tpm2_simulator-TPMCmds.Po
gcc -DPACKAGE_NAME=\"ms-tpm-20-ref\" -DPACKAGE_TARNAME=\"ms-tpm-20-ref\" -DPACKAGE_VERSION=\"0.1\" -DPACKAGE_STRING=\"ms-tpm-20-ref\ 0.1\" -DPACKAGE_BUGREPORT=\"https://github.com/microsoft/ms-tpm-20-ref/issues\" -DPACKAGE_URL=\"https://github.com/microsoft/ms-tpm-20-ref\" -DPACKAGE=\"ms-tpm-20-ref\" -DVERSION=\"0.1\" -DHAVE_PTHREAD_PRIO_INHERIT=1 -DHAVE_PTHREAD=1 -DHASH_LIB=Ossl -DSYM_LIB=Ossl -DMATH_LIB=Ossl -I.    -std=gnu11 -Werror -Wall -Wformat-security -fstack-protector-all -fPIC -Wno-error=empty-body -Wno-error=expansion-to-defined -Wno-error=parentheses -Wno-error=pointer-to-int-cast -Wno-error=missing-braces -Wno-error=unused-result -I ./Platform/include -I ./Platform/include/prototypes -I ./tpm/include -I ./tpm/include/prototypes -I ./Simulator/include -I ./Simulator/include/prototypes  -pthread -g -O2 -MT Simulator/src/tpm2_simulator-TcpServer.o -MD -MP -MF Simulator/src/.deps/tpm2_simulator-TcpServer.Tpo -c -o Simulator/src/tpm2_simulator-TcpServer.o `test -f 'Simulator/src/TcpServer.c' || echo './'`Simulator/src/TcpServer.c
Simulator/src/TcpServer.c:565:6: error: conflicting types for ‘ReadVarBytes’
 bool ReadVarBytes(SOCKET s, char* buffer, uint32_t* BytesReceived, uint32_t MaxLen)
      ^~~~~~~~~~~~
In file included from Simulator/src/TcpServer.c:75:
./Simulator/include/prototypes/Simulator_fp.h:96:6: note: previous declaration of ‘ReadVarBytes’ was here
 bool ReadVarBytes(SOCKET s, char* buffer, uint32_t* BytesReceived, int MaxLen);
      ^~~~~~~~~~~~
make: *** [Makefile:5497: Simulator/src/tpm2_simulator-TcpServer.o] Error 1

Fix this in your source. I have fixed myself this locally, built and generated tpm2-simulator by running
make install-exec

when running this executable,

root@host:/usr/local/bin# ./tpm2-simulator
LIBRARY_COMPATIBILITY_CHECK is ON
TPM command server listening on port 2321
Platform server listening on port 2322

My question here is, as it is Linux machine and running this simulator on linux, will this simulator create /dev/tpm0 and /dev/tpmrm0 files to run and work with tpm2 commands??

I don't see these files created. How is this simulator working and how to confirm this??

in one terminal I have run this executable and opened another terminal and ran, tpm2_pcrread command which has to show pcr data,

tpm2_pcrread
ERROR:tcti:src/tss2-tcti/tcti-device.c:439:Tss2_Tcti_Device_Init() Failed to open device file /dev/tpmrm0: No such file or directory
WARNING:tcti:src/tss2-tcti/tctildr.c:62:tcti_from_init() TCTI init for function 0x7fabcab22fb0 failed with a000a
WARNING:tcti:src/tss2-tcti/tctildr.c:92:tcti_from_info() Could not initialize TCTI named: tcti-device
ERROR:tcti:src/tss2-tcti/tctildr-dl.c:150:tcti_from_file() Could not initialize TCTI file: libtss2-tcti-device.so.0
ERROR:tcti:src/tss2-tcti/tcti-device.c:439:Tss2_Tcti_Device_Init() Failed to open device file /dev/tpm0: No such file or directory
WARNING:tcti:src/tss2-tcti/tctildr.c:62:tcti_from_init() TCTI init for function 0x7fabcab22fb0 failed with a000a
WARNING:tcti:src/tss2-tcti/tctildr.c:92:tcti_from_info() Could not initialize TCTI named: tcti-device
ERROR:tcti:src/tss2-tcti/tctildr-dl.c:150:tcti_from_file() Could not initialize TCTI file: libtss2-tcti-device.so.0
WARNING:esys:src/tss2-esys/api/Esys_GetCapability.c:303:Esys_GetCapability_Finish() Received TPM Error
ERROR:esys:src/tss2-esys/api/Esys_GetCapability.c:107:Esys_GetCapability() Esys Finish ErrorCode (0x00000100)
ERROR: Esys_GetCapability(0x100) - tpm:error(2.0): TPM not initialized by TPM2_Startup or already initialized
ERROR: Unable to run tpm2_pcrread

it fails because there is no /dev/tpm0 file. But in server log,

root@ubuntu-20-04-cnskc-testing:/usr/local/bin# ./tpm2-simulator
LIBRARY_COMPATIBILITY_CHECK is ON
TPM command server listening on port 2321
Platform server listening on port 2322


**Client accepted
Client accepted**
Platform server listening on port 2322
TPM command server listening on port 2321

Getting messages like, Client accepted.