tpm: tpm_version in chrome://system doesn't report tpm version on tpm1.2 |
|||||
Issue descriptionGoing to chrome://system and the clicking on tpm_version leads to seeing: [ERROR:tpm_impl.cc(495)] TPM error 0x3011 (Communication failure): Error calling Tspi_Context_Connect [ERROR:tpm_impl.cc(495)] TPM error 0x3011 (Communication failure): Error calling Tspi_Context_Connect [ERROR:tpm_impl.cc(3024)] Could not open the TPM Seen on R69-10860.0.0.
,
Jul 10
debugd calls "tpm-manager get_version_info" to report tpm_version. verified that when run from root, this command reports correct version info: localhost ~ # tpm-manager get_version_info tpm_family 312e3200 spec_level 0000000200000003 vendor 49465800 tpm_model ffffffff firmware_version 0000000000000628 vendor_specific 062800be0074706d733135ffff version_fingerprint 987973414 3ae34726 But when run as chronos, this error is seen: localhost ~ # su chronos chronos@localhost /root $ tpm-manager get_version_info [ERROR:tpm_impl.cc(495)] TPM error 0x3011 (Communication failure): Error calling Tspi_Context_Connect [ERROR:tpm_impl.cc(495)] TPM error 0x3011 (Communication failure): Error calling Tspi_Context_Connect [ERROR:tpm_impl.cc(3024)] Could not open the TPM
,
Jul 10
This error is not seen on R68-10718.48.0. The tpm version is reported correctly there.
,
Jul 10
And this may be the reason: https://crrev.com/c/1053426 ?
,
Jul 11
Confirmed that new minijail restrictions in CL:1053426 were the reason. Submitted crrev.com/c/1134417 for review.
,
Jul 15
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/overlays/chromiumos-overlay/+/32d7c9a3b2b8ce29383e535bf18c173651e9a78a commit 32d7c9a3b2b8ce29383e535bf18c173651e9a78a Author: Andrey Pronin <apronin@chromium.org> Date: Sun Jul 15 01:11:48 2018 debugd: add tpm to IUSE To allow conditional mounting of tcsd socket directory in CL:1134417 add tpm flag to IUSE for debugd. BUG= chromium:862429 TEST=build Change-Id: I58fc8873514c1413f87a956fa55f0280978eb13a Reviewed-on: https://chromium-review.googlesource.com/1136859 Commit-Ready: Andrey Pronin <apronin@chromium.org> Tested-by: Andrey Pronin <apronin@chromium.org> Reviewed-by: Mike Frysinger <vapier@chromium.org> [modify] https://crrev.com/32d7c9a3b2b8ce29383e535bf18c173651e9a78a/chromeos-base/debugd/debugd-9999.ebuild
,
Jul 15
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/third_party/trousers/+/5501789276d0afb9eff8bbd35db8beaf743fe4af commit 5501789276d0afb9eff8bbd35db8beaf743fe4af Author: Andrey Pronin <apronin@chromium.org> Date: Sun Jul 15 01:11:39 2018 trousers: move tcsd.socket to /run/tcsd Move tcsd.socket to a dedicated directory in /run to allow minijailed daemons that need it mount that directory instead of the socket directly. This avoids race conditions in cases when those daemons are started in parallel with tcsd. BUG= chromium:862429 TEST=boot, login-logout successfully on a device with TPM 1.2 Change-Id: I8982206a9c1fa96875a829de2df0b19f82582da3 Reviewed-on: https://chromium-review.googlesource.com/1136845 Commit-Ready: Andrey Pronin <apronin@chromium.org> Tested-by: Andrey Pronin <apronin@chromium.org> Reviewed-by: Mike Frysinger <vapier@chromium.org> [modify] https://crrev.com/5501789276d0afb9eff8bbd35db8beaf743fe4af/src/include/tcsd.h [modify] https://crrev.com/5501789276d0afb9eff8bbd35db8beaf743fe4af/init/tpm-probe.conf
,
Jul 15
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/platform2/+/0f029d8ea85fef93b0bc0c3cde1267f11128b55b commit 0f029d8ea85fef93b0bc0c3cde1267f11128b55b Author: Andrey Pronin <apronin@chromium.org> Date: Sun Jul 15 01:11:42 2018 debugd: allow access to tcsd socket from minijail On devices with TPM1.2, debugd runs utilities that need to access TPM via tcsd. This CL allows access to tcsd socket from inside debug minijail. BUG= chromium:862429 TEST=1) check that 'tpm_version' in chrome://system shows version info and not access errors on device with TPM 1.2; 2) check that debugd starts on devices with TPM 1.2 and 2.0. Change-Id: I679b89793320b6f7c915f8f702d76ea7eec37182 Reviewed-on: https://chromium-review.googlesource.com/1134417 Commit-Ready: Andrey Pronin <apronin@chromium.org> Tested-by: Andrey Pronin <apronin@chromium.org> Reviewed-by: Mike Frysinger <vapier@chromium.org> [modify] https://crrev.com/0f029d8ea85fef93b0bc0c3cde1267f11128b55b/debugd/debugd.gyp [modify] https://crrev.com/0f029d8ea85fef93b0bc0c3cde1267f11128b55b/debugd/src/main.cc [modify] https://crrev.com/0f029d8ea85fef93b0bc0c3cde1267f11128b55b/common-mk/common.gypi
,
Jul 16
|
|||||
►
Sign in to add a comment |
|||||
Comment 1 by apronin@chromium.org
, Jul 10