tss2_provision failed due to verifying EK certificate
Leo1003 opened this issue · 7 comments
Leo1003 commented
I was provision the TPM on my new laptop, but getting the following error:
- CPU: Intel i5-1340P
- OS: Arch Linux
- Software version:
tool="tss2_provision" version="5.3"
$ TSS2_LOG=fapi+debug tss2_provision
debug:fapi:src/tss2-fapi/ifapi_config.c:200:expand_home() Expanding path ~/.local/share/tpm2-tss/user/keystore to user's home
debug:fapi:src/tss2-fapi/ifapi_config.c:287:ifapi_config_initialize_finish() Configuration profile directory: /etc/tpm2-tss/fapi-profiles/
debug:fapi:src/tss2-fapi/ifapi_config.c:288:ifapi_config_initialize_finish() Configuration user directory: /home/leo/.local/share/tpm2-tss/user/keystore
debug:fapi:src/tss2-fapi/ifapi_config.c:289:ifapi_config_initialize_finish() Configuration key storage directory: /var/lib/tpm2-tss/system/keystore
debug:fapi:src/tss2-fapi/ifapi_config.c:290:ifapi_config_initialize_finish() Configuration profile name: P_ECCP256SHA256
debug:fapi:src/tss2-fapi/ifapi_config.c:291:ifapi_config_initialize_finish() Configuration TCTI:
debug:fapi:src/tss2-fapi/ifapi_config.c:292:ifapi_config_initialize_finish() Configuration log directory: /run/tpm2-tss/eventlog/
debug:fapi:src/tss2-fapi/ifapi_policy_calculate.c:44:copy_policy_digest() Copy policy digest (to) : Copy digest size: 32 (size=32):
0000: 00000000000000000000000000000000 ................
0010: 00000000000000000000000000000000 ................
debug:fapi:src/tss2-fapi/ifapi_policy_calculate.c:470:ifapi_calculate_policy_secret() call
debug:fapi:src/tss2-fapi/fapi_crypto.c:1618:ifapi_crypto_hash_start() call: context=0x7ffc359fa330 hashAlg=11
debug:fapi:src/tss2-fapi/ifapi_policy_calculate.c:176:calculate_policy_key_param() Digest Start (size=32):
0000: 00000000000000000000000000000000 ................
0010: 00000000000000000000000000000000 ................
debug:fapi:src/tss2-fapi/fapi_crypto.c:1689:ifapi_crypto_hash_update() called for context 0x564d797f77b0, buffer 0x564d797f9d82 and size 32
debug:fapi:src/tss2-fapi/fapi_crypto.c:1694:ifapi_crypto_hash_update() Updating hash with (size=32):
0000: 00000000000000000000000000000000 ................
0010: 00000000000000000000000000000000 ................
debug:fapi:src/tss2-fapi/fapi_crypto.c:1689:ifapi_crypto_hash_update() called for context 0x564d797f77b0, buffer 0x7ffc359fa344 and size 4
debug:fapi:src/tss2-fapi/fapi_crypto.c:1694:ifapi_crypto_hash_update() Updating hash with (size=4):
0000: 00000151 ...Q
debug:fapi:src/tss2-fapi/ifapi_policy_calculate.c:183:calculate_policy_key_param() Key name (size=4):
0000: 4000000b @...
debug:fapi:src/tss2-fapi/fapi_crypto.c:1689:ifapi_crypto_hash_update() called for context 0x564d797f77b0, buffer 0x564d797fa27a and size 4
debug:fapi:src/tss2-fapi/fapi_crypto.c:1694:ifapi_crypto_hash_update() Updating hash with (size=4):
0000: 4000000b @...
debug:fapi:src/tss2-fapi/fapi_crypto.c:1738:ifapi_crypto_hash_finish() finish hash (size=32):
0000: b627b043d329fbeb7dfefbddee7d3d1f .'.C.)..}....}=.
0010: 4391c9f6cbbd96a1bac6a99ae1775a3a C............wZ:
debug:fapi:src/tss2-fapi/ifapi_policy_calculate.c:189:calculate_policy_key_param() Digest Finish (size=32):
0000: b627b043d329fbeb7dfefbddee7d3d1f .'.C.)..}....}=.
0010: 4391c9f6cbbd96a1bac6a99ae1775a3a C............wZ:
debug:fapi:src/tss2-fapi/fapi_crypto.c:1618:ifapi_crypto_hash_start() call: context=0x7ffc359fa330 hashAlg=11
debug:fapi:src/tss2-fapi/fapi_crypto.c:1689:ifapi_crypto_hash_update() called for context 0x564d797f8d10, buffer 0x564d797f9d82 and size 32
debug:fapi:src/tss2-fapi/fapi_crypto.c:1694:ifapi_crypto_hash_update() Updating hash with (size=32):
0000: b627b043d329fbeb7dfefbddee7d3d1f .'.C.)..}....}=.
0010: 4391c9f6cbbd96a1bac6a99ae1775a3a C............wZ:
debug:fapi:src/tss2-fapi/fapi_crypto.c:1689:ifapi_crypto_hash_update() called for context 0x564d797f8d10, buffer 0x564d797fa226 and size 0
debug:fapi:src/tss2-fapi/fapi_crypto.c:1694:ifapi_crypto_hash_update() Updating hash with (size=0):
debug:fapi:src/tss2-fapi/fapi_crypto.c:1738:ifapi_crypto_hash_finish() finish hash (size=32):
0000: 837197674484b3f81a90cc8d46a5d724 .q.gD.......F..$
0010: fd52d76e06520b64f2a1da1b331469aa .R.n.R.d....3.i.
debug:fapi:src/tss2-fapi/ifapi_policy_calculate.c:44:copy_policy_digest() Copy policy digest (from) : Copy digest size: 32 (size=32):
0000: 837197674484b3f81a90cc8d46a5d724 .q.gD.......F..$
0010: fd52d76e06520b64f2a1da1b331469aa .R.n.R.d....3.i.
debug:fapi:src/tss2-fapi/fapi_crypto.c:1618:ifapi_crypto_hash_start() call: context=0x7ffc359fa1f8 hashAlg=11
debug:fapi:src/tss2-fapi/fapi_crypto.c:1689:ifapi_crypto_hash_update() called for context 0x564d797f71d0, buffer 0x7ffc359fa200 and size 122
debug:fapi:src/tss2-fapi/fapi_crypto.c:1694:ifapi_crypto_hash_update() Updating hash with (size=122):
0000: 0023000b000300b20020837197674484 .#.........q.gD.
0010: b3f81a90cc8d46a5d724fd52d76e0652 ......F..$.R.n.R
0020: 0b64f2a1da1b331469aa000600800043 .d....3.i......C
0030: 001000030010002033561f965ce679dc ........3V..\.y.
0040: 44b8b6ebfa4bf345e46a87c0d8ca66c1 D....K.E.j....f.
0050: fcdacb74348dbaa2002086e1de10f309 ...t4...........
0060: 9357b92bbc1bafd28c161a75c87e5e63 .W.+.......u.~^c
0070: fff68eff76bbd62e39a9 ....v...9.
debug:fapi:src/tss2-fapi/fapi_crypto.c:1738:ifapi_crypto_hash_finish() finish hash (size=32):
0000: 5df9d612963f3b03d55296a3b1e35081 ]....?;..R....P.
0010: aa99b26ea3a36fe8ee5da84681825853 ...n..o..].F..XS
debug:fapi:src/tss2-fapi/fapi_util.c:2133:ifapi_authorize_object() Authorize object: 101
debug:fapi:src/tss2-fapi/fapi_util.c:2630:ifapi_nv_read() success
debug:fapi:src/tss2-fapi/ifapi_curl.c:157:ifapi_curl_verify_ek_cert() EK Certificate: -----BEGIN CERTIFICATE-----
MIIChjCCAiygAwIBAgILAO6nyLlb/nHj78YwCgYIKoZIzj0EAwIwVTFTMB8GA1UE
AxMYTnV2b3RvbiBUUE0gUm9vdCBDQSAyMTEyMCUGA1UEChMeTnV2b3RvbiBUZWNo
bm9sb2d5IENvcnBvcmF0aW9uMAkGA1UEBhMCVFcwHhcNMjMwNDIyMDg0OTU0WhcN
NDMwNDE4MDg0OTU0WjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEM1Yfllzm
edxEuLbr+kvzReRqh8DYymbB/NrLdDSNuqKG4d4Q8wmTV7krvBuv0owWGnXIfl5j
//aO/3a71i45qaOCATYwggEyMFAGA1UdEQEB/wRGMESkQjBAMT4wFAYFZ4EFAgET
C2lkOjRFNTQ0MzAwMBAGBWeBBQICEwdOUENUNzV4MBQGBWeBBQIDEwtpZDowMDA3
MDAwMjAMBgNVHRMBAf8EAjAAMBAGA1UdJQQJMAcGBWeBBQgBMB8GA1UdIwQYMBaA
FOSoZm+PTG2cOTKpSIR3gKaBDEITMA4GA1UdDwEB/wQEAwIDCDAiBgNVHQkEGzAZ
MBcGBWeBBQIQMQ4wDAwDMi4wAgEAAgIAijBpBggrBgEFBQcBAQRdMFswWQYIKwYB
BQUHMAKGTWh0dHBzOi8vd3d3Lm51dm90b24uY29tL3NlY3VyaXR5L05UQy1UUE0t
RUstQ2VydC9OdXZvdG9uIFRQTSBSb290IENBIDIxMTIuY2VyMAoGCCqGSM49BAMC
A0gAMEUCIC62SM5w95+rArkWEUmMZ8V9lkccp+n5XMPSulu9lVO6AiEArS9/VNZv
e7U5+42jRcz19zNVpVrqjLc3TbxbbxfytpA=
-----END CERTIFICATE-----
debug:fapi:src/tss2-fapi/ifapi_curl.c:184:ifapi_curl_verify_ek_cert() Intermediate certificate: (size=522):
0000: 30820206308201ada003020102020900 0...0...........
0010: e98f7de1f1aac4d7300a06082a8648ce ..}.....0...*.H.
0020: 3d04030230553153301f060355040313 =...0U1S0...U...
0030: 184e75766f746f6e2054504d20526f6f .Nuvoton.TPM.Roo
0040: 7420434120323131323025060355040a t.CA.21120%..U..
0050: 131e4e75766f746f6e20546563686e6f ..Nuvoton.Techno
0060: 6c6f677920436f72706f726174696f6e logy.Corporation
0070: 3009060355040613025457301e170d32 0...U....TW0...2
0080: 31303332333037353830365a170d3431 10323075806Z..41
0090: 303331393037353830365a3055315330 0319075806Z0U1S0
00a0: 1f060355040313184e75766f746f6e20 ...U....Nuvoton.
00b0: 54504d20526f6f742043412032313132 TPM.Root.CA.2112
00c0: 3025060355040a131e4e75766f746f6e 0%..U....Nuvoton
00d0: 20546563686e6f6c6f677920436f7270 .Technology.Corp
00e0: 6f726174696f6e300906035504061302 oration0...U....
00f0: 54573059301306072a8648ce3d020106 TW0Y0...*.H.=...
0100: 082a8648ce3d0301070342000496b805 .*.H.=....B.....
0110: 6cc9a1b2484b3e67635f47ed1956af1d l...HK>gc_G..V..
0120: af05c6baf6a994ca224052ebd10a61c3 ........"@R...a.
0130: f39a4eb21cb8127741d7f79f5187e108 ..N....wA...Q...
0140: b6fc9c95f55ce0f6cf8ea8e822a36630 .....\......".f0
0150: 64300e0603551d0f0101ff0404030202 d0...U..........
0160: 0430120603551d130101ff0408300601 .0...U.......0..
0170: 01ff020100301d0603551d0e04160414 .....0...U......
0180: e4a8666f8f4c6d9c3932a948847780a6 ..fo.Lm.92.H.w..
0190: 810c4213301f0603551d230418301680 ..B.0...U.#..0..
01a0: 14e4a8666f8f4c6d9c3932a948847780 ...fo.Lm.92.H.w.
01b0: a6810c4213300a06082a8648ce3d0403 ...B.0...*.H.=..
01c0: 020347003044022001e04149236be01b ..G.0D....AI#k..
01d0: c40e2d2fe6f25538257d5bd1f2fa7181 ..-/..U8%}[...q.
01e0: 4d1e3f628620dedf022070bb282f0f4b M.?b......p.(/.K
01f0: 9eaff7184f4108c998df83c47e75450d ....OA......~uE.
0200: acf0e36b6f50fccffda6 ...koP....
ERROR:fapi:src/tss2-fapi/ifapi_curl.c:267:ifapi_curl_verify_ek_cert() self-signed certificate
ERROR:fapi:src/tss2-fapi/ifapi_curl.c:268:ifapi_curl_verify_ek_cert() ErrorCode (0x00060001) Failed to verify intermediate certificate
ERROR:fapi:src/tss2-fapi/api/Fapi_Provision.c:943:Fapi_Provision_Finish() ErrorCode (0x00060001) Verify EK certificate
ERROR:esys:src/tss2-esys/esys_iutil.c:395:iesys_handle_to_tpm_handle() Error: Esys invalid ESAPI handle (ff).
ERROR:esys:src/tss2-esys/esys_iutil.c:1116:esys_GetResourceObject() Unknown ESYS handle. ErrorCode (0x0007000b)
ERROR:esys:src/tss2-esys/api/Esys_FlushContext.c:138:Esys_FlushContext_Async() flushHandle unknown. ErrorCode (0x0007000b)
ERROR:esys:src/tss2-esys/api/Esys_FlushContext.c:66:Esys_FlushContext() Error in async function ErrorCode (0x0007000b)
ERROR:fapi:src/tss2-fapi/fapi_util.c:1199:ifapi_session_clean() Cleanup session failed.
ERROR:fapi:src/tss2-fapi/api/Fapi_Provision.c:174:Fapi_Provision() ErrorCode (0x00060001) Provision
Fapi_Provision(0x60001) - fapi:Catch all for all errors not otherwise specified
debug:fapi:src/tss2-fapi/api/Fapi_Finalize.c:46:Fapi_Finalize() called: context: 0x7ffc359fa8f8, *context: 0x564d797e34d0
debug:fapi:src/tss2-fapi/api/Fapi_Finalize.c:97:Fapi_Finalize() finished
JuergenReppSIT commented
This means that the corresponding root certificate of your TPM vendor is not stored in the TSS.
You can display the vendor and the firmware version of your TPM with:
tpm2_getcap properties-fixed| grep MANUFACT -A 20
The verification can be disabled if you add:
"ek_cert_less":"yes",
to the FAPI config file.
Leo1003 commented
The output of the above command is
TPM2_PT_MANUFACTURER:
raw: 0x4E544300
value: "NTC"
TPM2_PT_VENDOR_STRING_1:
raw: 0x4E504354
value: "NPCT"
TPM2_PT_VENDOR_STRING_2:
raw: 0x37357800
value: "75x"
TPM2_PT_VENDOR_STRING_3:
raw: 0x22212134
value: "\"!!4"
TPM2_PT_VENDOR_STRING_4:
raw: 0x726C7300
value: "rls"
TPM2_PT_VENDOR_TPM_TYPE:
raw: 0x0
TPM2_PT_FIRMWARE_VERSION_1:
raw: 0x70002
TPM2_PT_FIRMWARE_VERSION_2:
raw: 0x20000
JuergenReppSIT commented
Thank you for uploading the information. On the Nuvoton web site I found:
Nuvoton pre-installs EK certificates in its TPM products during manufacturing. Root
CA certificates are self-signed. EK certificates are signed by the Root CA keys.
I did assume that the certificate which is downloaded from the uri defined in the EK certificate is an intermediate certificate which has to be verified. That's not possible for self signed certificates. There are three NTC root certificates in the list. So the verfication should now work with #2739.
It would be great if you could test it with your TPM.
Leo1003 commented
Tested with the PR, still cannot verify EK certificate, however, the error message changes to unable to get local issuer certificate
$ LD_PRELOAD=dest/usr/lib/libtss2-fapi.so.1.0.0 TSS2_LOG=fapi+debug tss2_provision
debug:fapi:src/tss2-fapi/ifapi_config.c:203:expand_home() Expanding path ~/.local/share/tpm2-tss/user/keystore to user's home
debug:fapi:src/tss2-fapi/ifapi_config.c:290:ifapi_config_initialize_finish() Configuration profile directory: /etc/tpm2-tss/fapi-profiles/
debug:fapi:src/tss2-fapi/ifapi_config.c:291:ifapi_config_initialize_finish() Configuration user directory: /home/leo/.local/share/tpm2-tss/user/keystore
debug:fapi:src/tss2-fapi/ifapi_config.c:292:ifapi_config_initialize_finish() Configuration key storage directory: /var/lib/tpm2-tss/system/keystore
debug:fapi:src/tss2-fapi/ifapi_config.c:293:ifapi_config_initialize_finish() Configuration profile name: P_ECCP256SHA256
debug:fapi:src/tss2-fapi/ifapi_config.c:294:ifapi_config_initialize_finish() Configuration TCTI:
debug:fapi:src/tss2-fapi/ifapi_config.c:295:ifapi_config_initialize_finish() Configuration log directory: /run/tpm2-tss/eventlog/
debug:fapi:src/tss2-fapi/ifapi_policy_calculate.c:44:copy_policy_digest() Copy policy digest (to) : Copy digest size: 32 (size=32):
0000: 00000000000000000000000000000000 ................
0010: 00000000000000000000000000000000 ................
debug:fapi:src/tss2-fapi/ifapi_policy_calculate.c:470:ifapi_calculate_policy_secret() call
debug:fapi:src/tss2-fapi/fapi_crypto.c:1618:ifapi_crypto_hash_start() call: context=0x7ffe945f90e0 hashAlg=11
debug:fapi:src/tss2-fapi/ifapi_policy_calculate.c:176:calculate_policy_key_param() Digest Start (size=32):
0000: 00000000000000000000000000000000 ................
0010: 00000000000000000000000000000000 ................
debug:fapi:src/tss2-fapi/fapi_crypto.c:1689:ifapi_crypto_hash_update() called for context 0x55b705402a90, buffer 0x55b705407962 and size 32
debug:fapi:src/tss2-fapi/fapi_crypto.c:1694:ifapi_crypto_hash_update() Updating hash with (size=32):
0000: 00000000000000000000000000000000 ................
0010: 00000000000000000000000000000000 ................
debug:fapi:src/tss2-fapi/fapi_crypto.c:1689:ifapi_crypto_hash_update() called for context 0x55b705402a90, buffer 0x7ffe945f90f4 and size 4
debug:fapi:src/tss2-fapi/fapi_crypto.c:1694:ifapi_crypto_hash_update() Updating hash with (size=4):
0000: 00000151 ...Q
debug:fapi:src/tss2-fapi/ifapi_policy_calculate.c:183:calculate_policy_key_param() Key name (size=4):
0000: 4000000b @...
debug:fapi:src/tss2-fapi/fapi_crypto.c:1689:ifapi_crypto_hash_update() called for context 0x55b705402a90, buffer 0x55b705407e5a and size 4
debug:fapi:src/tss2-fapi/fapi_crypto.c:1694:ifapi_crypto_hash_update() Updating hash with (size=4):
0000: 4000000b @...
debug:fapi:src/tss2-fapi/fapi_crypto.c:1738:ifapi_crypto_hash_finish() finish hash (size=32):
0000: b627b043d329fbeb7dfefbddee7d3d1f .'.C.)..}....}=.
0010: 4391c9f6cbbd96a1bac6a99ae1775a3a C............wZ:
debug:fapi:src/tss2-fapi/ifapi_policy_calculate.c:189:calculate_policy_key_param() Digest Finish (size=32):
0000: b627b043d329fbeb7dfefbddee7d3d1f .'.C.)..}....}=.
0010: 4391c9f6cbbd96a1bac6a99ae1775a3a C............wZ:
debug:fapi:src/tss2-fapi/fapi_crypto.c:1618:ifapi_crypto_hash_start() call: context=0x7ffe945f90e0 hashAlg=11
debug:fapi:src/tss2-fapi/fapi_crypto.c:1689:ifapi_crypto_hash_update() called for context 0x55b705402a90, buffer 0x55b705407962 and size 32
debug:fapi:src/tss2-fapi/fapi_crypto.c:1694:ifapi_crypto_hash_update() Updating hash with (size=32):
0000: b627b043d329fbeb7dfefbddee7d3d1f .'.C.)..}....}=.
0010: 4391c9f6cbbd96a1bac6a99ae1775a3a C............wZ:
debug:fapi:src/tss2-fapi/fapi_crypto.c:1689:ifapi_crypto_hash_update() called for context 0x55b705402a90, buffer 0x55b705407e06 and size 0
debug:fapi:src/tss2-fapi/fapi_crypto.c:1694:ifapi_crypto_hash_update() Updating hash with (size=0):
debug:fapi:src/tss2-fapi/fapi_crypto.c:1738:ifapi_crypto_hash_finish() finish hash (size=32):
0000: 837197674484b3f81a90cc8d46a5d724 .q.gD.......F..$
0010: fd52d76e06520b64f2a1da1b331469aa .R.n.R.d....3.i.
debug:fapi:src/tss2-fapi/ifapi_policy_calculate.c:44:copy_policy_digest() Copy policy digest (from) : Copy digest size: 32 (size=32):
0000: 837197674484b3f81a90cc8d46a5d724 .q.gD.......F..$
0010: fd52d76e06520b64f2a1da1b331469aa .R.n.R.d....3.i.
debug:fapi:src/tss2-fapi/fapi_crypto.c:1618:ifapi_crypto_hash_start() call: context=0x7ffe945f8fb0 hashAlg=11
debug:fapi:src/tss2-fapi/fapi_crypto.c:1689:ifapi_crypto_hash_update() called for context 0x55b705402a90, buffer 0x7ffe945f8fc0 and size 122
debug:fapi:src/tss2-fapi/fapi_crypto.c:1694:ifapi_crypto_hash_update() Updating hash with (size=122):
0000: 0023000b000300b20020837197674484 .#.........q.gD.
0010: b3f81a90cc8d46a5d724fd52d76e0652 ......F..$.R.n.R
0020: 0b64f2a1da1b331469aa000600800043 .d....3.i......C
0030: 001000030010002033561f965ce679dc ........3V..\.y.
0040: 44b8b6ebfa4bf345e46a87c0d8ca66c1 D....K.E.j....f.
0050: fcdacb74348dbaa2002086e1de10f309 ...t4...........
0060: 9357b92bbc1bafd28c161a75c87e5e63 .W.+.......u.~^c
0070: fff68eff76bbd62e39a9 ....v...9.
debug:fapi:src/tss2-fapi/fapi_crypto.c:1738:ifapi_crypto_hash_finish() finish hash (size=32):
0000: 5df9d612963f3b03d55296a3b1e35081 ]....?;..R....P.
0010: aa99b26ea3a36fe8ee5da84681825853 ...n..o..].F..XS
debug:fapi:src/tss2-fapi/fapi_util.c:2154:ifapi_authorize_object() Authorize object: 101
debug:fapi:src/tss2-fapi/fapi_util.c:2661:ifapi_nv_read() success
debug:fapi:src/tss2-fapi/ifapi_curl.c:172:ifapi_curl_verify_ek_cert() EK Certificate: -----BEGIN CERTIFICATE-----
MIIChjCCAiygAwIBAgILAO6nyLlb/nHj78YwCgYIKoZIzj0EAwIwVTFTMB8GA1UE
AxMYTnV2b3RvbiBUUE0gUm9vdCBDQSAyMTEyMCUGA1UEChMeTnV2b3RvbiBUZWNo
bm9sb2d5IENvcnBvcmF0aW9uMAkGA1UEBhMCVFcwHhcNMjMwNDIyMDg0OTU0WhcN
NDMwNDE4MDg0OTU0WjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEM1Yfllzm
edxEuLbr+kvzReRqh8DYymbB/NrLdDSNuqKG4d4Q8wmTV7krvBuv0owWGnXIfl5j
//aO/3a71i45qaOCATYwggEyMFAGA1UdEQEB/wRGMESkQjBAMT4wFAYFZ4EFAgET
C2lkOjRFNTQ0MzAwMBAGBWeBBQICEwdOUENUNzV4MBQGBWeBBQIDEwtpZDowMDA3
MDAwMjAMBgNVHRMBAf8EAjAAMBAGA1UdJQQJMAcGBWeBBQgBMB8GA1UdIwQYMBaA
FOSoZm+PTG2cOTKpSIR3gKaBDEITMA4GA1UdDwEB/wQEAwIDCDAiBgNVHQkEGzAZ
MBcGBWeBBQIQMQ4wDAwDMi4wAgEAAgIAijBpBggrBgEFBQcBAQRdMFswWQYIKwYB
BQUHMAKGTWh0dHBzOi8vd3d3Lm51dm90b24uY29tL3NlY3VyaXR5L05UQy1UUE0t
RUstQ2VydC9OdXZvdG9uIFRQTSBSb290IENBIDIxMTIuY2VyMAoGCCqGSM49BAMC
A0gAMEUCIC62SM5w95+rArkWEUmMZ8V9lkccp+n5XMPSulu9lVO6AiEArS9/VNZv
e7U5+42jRcz19zNVpVrqjLc3TbxbbxfytpA=
-----END CERTIFICATE-----
debug:fapi:src/tss2-fapi/ifapi_curl.c:199:ifapi_curl_verify_ek_cert() Intermediate certificate: (size=522):
0000: 30820206308201ada003020102020900 0...0...........
0010: e98f7de1f1aac4d7300a06082a8648ce ..}.....0...*.H.
0020: 3d04030230553153301f060355040313 =...0U1S0...U...
0030: 184e75766f746f6e2054504d20526f6f .Nuvoton.TPM.Roo
0040: 7420434120323131323025060355040a t.CA.21120%..U..
0050: 131e4e75766f746f6e20546563686e6f ..Nuvoton.Techno
0060: 6c6f677920436f72706f726174696f6e logy.Corporation
0070: 3009060355040613025457301e170d32 0...U....TW0...2
0080: 31303332333037353830365a170d3431 10323075806Z..41
0090: 303331393037353830365a3055315330 0319075806Z0U1S0
00a0: 1f060355040313184e75766f746f6e20 ...U....Nuvoton.
00b0: 54504d20526f6f742043412032313132 TPM.Root.CA.2112
00c0: 3025060355040a131e4e75766f746f6e 0%..U....Nuvoton
00d0: 20546563686e6f6c6f677920436f7270 .Technology.Corp
00e0: 6f726174696f6e300906035504061302 oration0...U....
00f0: 54573059301306072a8648ce3d020106 TW0Y0...*.H.=...
0100: 082a8648ce3d0301070342000496b805 .*.H.=....B.....
0110: 6cc9a1b2484b3e67635f47ed1956af1d l...HK>gc_G..V..
0120: af05c6baf6a994ca224052ebd10a61c3 ........"@R...a.
0130: f39a4eb21cb8127741d7f79f5187e108 ..N....wA...Q...
0140: b6fc9c95f55ce0f6cf8ea8e822a36630 .....\......".f0
0150: 64300e0603551d0f0101ff0404030202 d0...U..........
0160: 0430120603551d130101ff0408300601 .0...U.......0..
0170: 01ff020100301d0603551d0e04160414 .....0...U......
0180: e4a8666f8f4c6d9c3932a948847780a6 ..fo.Lm.92.H.w..
0190: 810c4213301f0603551d230418301680 ..B.0...U.#..0..
01a0: 14e4a8666f8f4c6d9c3932a948847780 ...fo.Lm.92.H.w.
01b0: a6810c4213300a06082a8648ce3d0403 ...B.0...*.H.=..
01c0: 020347003044022001e04149236be01b ..G.0D....AI#k..
01d0: c40e2d2fe6f25538257d5bd1f2fa7181 ..-/..U8%}[...q.
01e0: 4d1e3f628620dedf022070bb282f0f4b M.?b......p.(/.K
01f0: 9eaff7184f4108c998df83c47e75450d ....OA......~uE.
0200: acf0e36b6f50fccffda6 ...koP....
ERROR:fapi:src/tss2-fapi/ifapi_curl.c:307:ifapi_curl_verify_ek_cert() unable to get local issuer certificate
ERROR:fapi:src/tss2-fapi/ifapi_curl.c:308:ifapi_curl_verify_ek_cert() ErrorCode (0x00060001) Failed to verify EK certificate
ERROR:fapi:src/tss2-fapi/api/Fapi_Provision.c:943:Fapi_Provision_Finish() ErrorCode (0x00060001) Verify EK certificate
ERROR:esys:src/tss2-esys/esys_iutil.c:395:iesys_handle_to_tpm_handle() Error: Esys invalid ESAPI handle (ff).
ERROR:esys:src/tss2-esys/esys_iutil.c:1116:esys_GetResourceObject() Unknown ESYS handle. ErrorCode (0x0007000b)
ERROR:esys:src/tss2-esys/api/Esys_FlushContext.c:138:Esys_FlushContext_Async() flushHandle unknown. ErrorCode (0x0007000b)
ERROR:esys:src/tss2-esys/api/Esys_FlushContext.c:66:Esys_FlushContext() Error in async function ErrorCode (0x0007000b)
ERROR:fapi:src/tss2-fapi/fapi_util.c:1212:ifapi_session_clean() Cleanup session failed.
ERROR:fapi:src/tss2-fapi/api/Fapi_Provision.c:174:Fapi_Provision() ErrorCode (0x00060001) Provision
Fapi_Provision(0x60001) - fapi:Catch all for all errors not otherwise specified
debug:fapi:src/tss2-fapi/api/Fapi_Finalize.c:46:Fapi_Finalize() called: context: 0x7ffe945f96d8, *context: 0x55b7053f24d0
debug:fapi:src/tss2-fapi/api/Fapi_Finalize.c:97:Fapi_Finalize() finished
JuergenReppSIT commented
@Leo1003 Sorry i didn't check whether the certificates of your trace are already stored in FAPI.
Now I have added two further Nuvoton certificates.
Thank you for the testing the PR. Could you please also test the fixed PR.
Leo1003 commented
The fixed version is working as expected. Thanks for fixing this issue!
JuergenReppSIT commented
@Leo1003 Thank you for testing the fix.