我正试图在0x01500020中使用SAPI(该代码的一部分是从tpm2-tss测试中窃取的(为TPM 2.0定义/取消定义NV索引,就像在测试中一样,但由于未知原因而失败:
#include <tss2/tss2_sys.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#define TEST_NV_INDEX 0x01500020
#define MAX_PSWD_LEN 8
static TSS2_RC tcti_transmit(TSS2_TCTI_CONTEXT *tctiContext,
size_t size, uint8_t const *command) {
(void) tctiContext;
(void) size;
(void) command;
return TPM2_RC_SUCCESS;
}
static TSS2_RC tcti_receive(TSS2_TCTI_CONTEXT *tctiContext,
size_t *size, uint8_t *response, int32_t timeout) {
(void) tctiContext;
(void) size;
(void) response;
(void) timeout;
return TPM2_RC_SUCCESS;
}
static TSS2_ABI_VERSION g_ver = TSS2_ABI_VERSION_CURRENT;
static TSS2_TCTI_CONTEXT_COMMON_V1 g_tcti_ctx_v1;
int main(void) {
char passwd[] = { "password" };
UINT32 rc;
TSS2L_SYS_AUTH_RESPONSE sessionsDataOut;
TPM2B_NV_PUBLIC publicInfo;
TPM2B_AUTH nvAuth;
size_t ctx_size = Tss2_Sys_GetContextSize(0);
TSS2_SYS_CONTEXT *ctx = calloc(1, ctx_size);
TSS2_TCTI_CONTEXT *tcti_ctx = (TSS2_TCTI_CONTEXT *) &g_tcti_ctx_v1;
TSS2L_SYS_AUTH_COMMAND sessionsData = { .count = 1, .auths = {{
.sessionHandle = TPM2_RH_PW,
.sessionAttributes = 0,
.nonce = { .size = 0 },
.hmac = { .size = 0 }
}}};
nvAuth.size = strnlen(passwd, MAX_PSWD_LEN);
memcpy(&nvAuth.buffer[0], &passwd[0], nvAuth.size);
publicInfo.size = 0;
publicInfo.nvPublic.nvIndex = TEST_NV_INDEX;
publicInfo.nvPublic.nameAlg = TPM2_ALG_SHA256;
*(UINT32 *)&(publicInfo.nvPublic.attributes) = 0;
publicInfo.nvPublic.attributes |= TPMA_NV_AUTHREAD;
publicInfo.nvPublic.attributes |= TPMA_NV_AUTHWRITE;
publicInfo.nvPublic.attributes |= TPMA_NV_PLATFORMCREATE;
publicInfo.nvPublic.attributes |= TPMA_NV_ORDERLY;
publicInfo.nvPublic.authPolicy.size = 0;
publicInfo.nvPublic.dataSize = 32;
g_tcti_ctx_v1.version = 1;
g_tcti_ctx_v1.transmit = tcti_transmit;
g_tcti_ctx_v1.receive = tcti_receive;
if (ctx == NULL) {
fprintf(stderr, "Sys Context NULLn");
exit(1);
}
printf("Context's size = %ldn", ctx_size);
rc = Tss2_Sys_Initialize(ctx, ctx_size,
tcti_ctx, &g_ver);
if (rc != TPM2_RC_SUCCESS) {
fprintf(stderr, "Failed to Tss2_Sys_Initialize: rc = 0x%xn", rc);
exit(1);
}
rc = Tss2_Sys_NV_DefineSpace(ctx, TPM2_RH_PLATFORM,
&sessionsData, &nvAuth, &publicInfo, &sessionsDataOut);
if (rc != TPM2_RC_SUCCESS) {
fprintf(stderr, "Failed to Tss2_Sys_NV_DefineSpace: rc = 0x%xn", rc);
goto free_ctx;
}
rc = Tss2_Sys_NV_UndefineSpace(ctx, TPM2_RH_PLATFORM,
TEST_NV_INDEX, &sessionsData, 0);
if (rc != TPM2_RC_SUCCESS) {
fprintf(stderr, "Failed to Tss2_Sys_NV_UndefineSpace: rc = 0x%x", rc);
goto free_ctx;
}
Tss2_Sys_Finalize(ctx);
exit(0);
free_ctx:
Tss2_Sys_Finalize(ctx);
exit(1);
}
在编译并执行后,我得到了一个错误:
$ gcc -o nvdefine nvdefine.c -ltss2-sys && ./nvdefine
Failed to Tss2_Sys_NV_DefineSpace: rc = 0x80013
我试着使用TPM2_RH_PLATFORM和TPM2_RH_OWNER,但没有效果,我做错了什么?有人能帮忙吗?
我找到了解决问题的方法,那是因为TCTI上下文错误,我用以下代码替换了该代码:
#include <tss2/tss2_tctildr.h>
...
int main(void) {
...
TPM2_RC rc;
TSS2_TCTI_CONTEXT *tcti_ctx = NULL;
...
rc = Tss2_Sys_TctiLdr_Initialize(NULL, &tcti_ctx);
...
}
另一个时刻是,对于TPM2_RH_PLATFORM,我需要一个会话,所以我根据NV公共属性:将其替换为TPM2_RH_OWNER
...
int main(void) {
...
publicInfo.nvPublic.attributes |= TPMA_NV_AUTHREAD;
publicInfo.nvPublic.attributes |= TPMA_NV_AUTHWRITE;
publicInfo.nvPublic.attributes |= TPMA_NV_OWNERWRITE;
publicInfo.nvPublic.attributes |= TPMA_NV_OWNERREAD;
publicInfo.nvPublic.attributes |= TPMA_NV_WRITE_STCLEAR;
publicInfo.nvPublic.attributes |= TPMA_NV_READ_STCLEAR;
...
rc = Tss2_Sys_NV_DefineSpace(ctx, TPM2_RH_OWNER,
&sessionsData, &nvAuth, &publicInfo, &sessionsDataOut);
...
rc = Tss2_Sys_NV_UndefineSpace(ctx, TPM2_RH_OWNER,
TEST_NV_INDEX, &sessionsData, 0);
...
}
并用TctiLdr:编译
$ gcc -o nvdefine nvdefine.c -ltss2-sys -ltss2-tctildr
整个代码列表:
#include <tss2/tss2_sys.h>
#include <tss2/tss2_tctildr.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#define TEST_NV_INDEX 0x01500020
int main(void) {
char passwd[] = { "password" };
UINT32 rc;
TSS2L_SYS_AUTH_RESPONSE sessionsDataOut;
TPM2B_NV_PUBLIC publicInfo;
TPM2B_AUTH nvAuth;
size_t ctx_size = Tss2_Sys_GetContextSize(0);
TSS2_SYS_CONTEXT *ctx = calloc(1, ctx_size);
TSS2_TCTI_CONTEXT *tcti_ctx = NULL;
TSS2_ABI_VERSION abiVersion = TSS2_ABI_VERSION_CURRENT;
TSS2L_SYS_AUTH_COMMAND sessionsData = { .count = 1, .auths = {{
.sessionHandle = TPM2_RH_PW,
.sessionAttributes = 0,
.nonce = { .size = 0 },
.hmac = { .size = 0 }
}}};
nvAuth.size = strlen(passwd);
memcpy(&nvAuth.buffer[0], &passwd[0], nvAuth.size);
publicInfo.size = 0;
publicInfo.nvPublic.nvIndex = TEST_NV_INDEX;
publicInfo.nvPublic.nameAlg = TPM2_ALG_SHA256;
*(UINT32 *)&(publicInfo.nvPublic.attributes) = 0;
publicInfo.nvPublic.attributes |= TPMA_NV_AUTHREAD;
publicInfo.nvPublic.attributes |= TPMA_NV_AUTHWRITE;
publicInfo.nvPublic.attributes |= TPMA_NV_OWNERWRITE;
publicInfo.nvPublic.attributes |= TPMA_NV_OWNERREAD;
publicInfo.nvPublic.attributes |= TPMA_NV_WRITE_STCLEAR;
publicInfo.nvPublic.attributes |= TPMA_NV_READ_STCLEAR;
publicInfo.nvPublic.authPolicy.size = 0;
publicInfo.nvPublic.dataSize = 32;
if (!ctx) {
fprintf(stderr, "Sys Context NULLn");
exit(1);
}
rc = Tss2_TctiLdr_Initialize(NULL, &tcti_ctx);
if (rc != TPM2_RC_SUCCESS) {
fprintf(stderr, "Failed to Tss2_TctiLdr_Initialize: 0x%xn", rc);
exit(1);
}
rc = Tss2_Sys_Initialize(ctx, ctx_size,
tcti_ctx, &abiVersion);
if (rc != TPM2_RC_SUCCESS) {
fprintf(stderr, "Failed to Tss2_Sys_Initialize: rc = 0x%xn", rc);
exit(1);
}
rc = Tss2_Sys_NV_DefineSpace(ctx, TPM2_RH_OWNER,
&sessionsData, &nvAuth, &publicInfo, &sessionsDataOut);
if (rc != TPM2_RC_SUCCESS) {
fprintf(stderr, "Failed to Tss2_Sys_NV_DefineSpace: rc = 0x%xn", rc);
goto free_ctx;
}
rc = Tss2_Sys_NV_UndefineSpace(ctx, TPM2_RH_OWNER,
TEST_NV_INDEX, &sessionsData, 0);
if (rc != TPM2_RC_SUCCESS) {
fprintf(stderr, "Failed to Tss2_Sys_NV_UndefineSpace: rc = 0x%x", rc);
goto free_ctx;
}
Tss2_Sys_Finalize(ctx);
exit(0);
free_ctx:
Tss2_Sys_Finalize(ctx);
exit(1);
}
这很管用!