andreasfuchstpm / cryptsetup-tpm-incubator Goto Github PK

Hi,

I'm trying to run the command cryptsetup luksAddKey --tpmnew=0x1bffffd --tpmpcr=0,1,2,3,5,7 /dev/sda3

I get the following error:

WARNING:esys:src/tss2-esys/esys_tcti_default.c:137:tcti_from_file() Could not load TCTI file: yes
ERROR:esys:src/tss2-esys/esys_context.c:68:Esys_Initialize() Initialize default tcti. ErrorCode (0x00070005)
Error initializing ESYS: 00070005

I'm using CentOS 7.5 with TPM2 HW installed.
I'm using LUKS on /dev/sda/3:

cryptsetup luksDump /dev/sda3
LUKS header information for /dev/sda3

Version: 1
Cipher name: aes
Cipher mode: xts-plain64
Hash spec: sha256
Payload offset: 4096
MK bits: 512
MK digest: 38 63 22 c5 44 c7 00 5f c0 8d be 40 f3 e9 f7 27 61 ce 8d 34
MK salt: f7 bd 4b 7e 20 23 25 37 8e 3f 3e 8e 72 1c d0 77
c4 0c 34 61 da 49 0e 0c 56 5c cd f1 39 01 a9 19
MK iterations: 9250
UUID: f411f696-68b8-465f-8193-76ebb37e99ef

Key Slot 0: ENABLED
Iterations: 89759
Salt: 3e da d2 5c 2c f6 5c b8 07 0b 7f 18 f0 b5 a4 50
68 5f 47 8f 29 6f f5 f9 a6 4c a4 e9 d2 a3 f9 97
Key material offset: 8
AF stripes: 4000
Key Slot 1: DISABLED
Key Slot 2: DISABLED
Key Slot 3: DISABLED
Key Slot 4: DISABLED
Key Slot 5: DISABLED
Key Slot 6: DISABLED
Key Slot 7: DISABLED

Any ideas?

Hi,

I tried to compile the new luks2tpm branch and failed on make:

:~/cryptsetup-tpm-incubator# make
make all-recursive
make[1]: Entering directory '/home/eci/cryptsetup-tpm-incubator'
Making all in po
make[2]: Entering directory '/home/eci/cryptsetup-tpm-incubator/po'
make cryptsetup.pot-update
make[3]: Entering directory '/home/eci/cryptsetup-tpm-incubator/po'
if { if (LC_ALL=C find --version) 2>/dev/null | grep GNU >/dev/null; then
LC_ALL=C find -L .. -maxdepth 1 -type f -size -10000000c -exec grep 'GNU cryptsetup' /dev/null '{}' ';' 2>/dev/null;
else
LC_ALL=C grep 'GNU cryptsetup' ../* 2>/dev/null;
fi;
} | grep -v 'libtool:' >/dev/null; then
package_gnu='GNU ';
else
package_gnu='';
fi;
if test -n '[email protected]' || test '' = '@'PACKAGE_BUGREPORT'@'; then
msgid_bugs_address='[email protected]';
else
msgid_bugs_address='';
fi;
case : --version | sed 1q | sed -e 's,^[^0-9]*,,' in
'' | 0.[0-9] | 0.[0-9].* | 0.1[0-5] | 0.1[0-5].* | 0.16 | 0.16.[0-1]*)
: --default-domain=cryptsetup --directory=..
--add-comments=TRANSLATORS: --keyword=_ --keyword=N_
--files-from=./POTFILES.in
--copyright-holder=''
--msgid-bugs-address="$msgid_bugs_address"
;;
*)
: --default-domain=cryptsetup --directory=..
--add-comments=TRANSLATORS: --keyword=_ --keyword=N_
--files-from=./POTFILES.in
--copyright-holder=''
--package-name="${package_gnu}cryptsetup"
--package-version='2.0.3'
--msgid-bugs-address="$msgid_bugs_address"
;;
esac
test ! -f cryptsetup.po || {
if test -f ./cryptsetup.pot; then
sed -f remove-potcdate.sed < ./cryptsetup.pot > cryptsetup.1po &&
sed -f remove-potcdate.sed < cryptsetup.po > cryptsetup.2po &&
if cmp cryptsetup.1po cryptsetup.2po >/dev/null 2>&1; then
rm -f cryptsetup.1po cryptsetup.2po cryptsetup.po;
else
rm -f cryptsetup.1po cryptsetup.2po ./cryptsetup.pot &&
mv cryptsetup.po ./cryptsetup.pot;
fi;
else
mv cryptsetup.po ./cryptsetup.pot;
fi;
}
make[3]: Leaving directory '/home/eci/cryptsetup-tpm-incubator/po'
test ! -f ./cryptsetup.pot ||
test -z "cs.gmo da.gmo de.gmo es.gmo fi.gmo fr.gmo id.gmo it.gmo nl.gmo pl.gmo pt_BR.gmo sr.gmo sv.gmo uk.gmo vi.gmo zh_CN.gmo" || make cs.gmo da.gmo de.gmo es.gmo fi.gmo fr.gmo id.gmo it.gmo nl.gmo pl.gmo pt_BR.gmo sr.gmo sv.gmo uk.gmo vi.gmo zh_CN.gmo
make[2]: Leaving directory '/home/eci/cryptsetup-tpm-incubator/po'
Making all in tests
make[2]: Entering directory '/home/eci/cryptsetup-tpm-incubator/tests'
make[2]: Nothing to be done for 'all'.
make[2]: Leaving directory '/home/eci/cryptsetup-tpm-incubator/tests'
make[2]: Entering directory '/home/eci/cryptsetup-tpm-incubator'
CC lib/libcryptsetup_la-setup.lo
CC lib/libcryptsetup_la-utils.lo
CC lib/libcryptsetup_la-utils_benchmark.lo
CC lib/libcryptsetup_la-utils_crypt.lo
CC lib/libcryptsetup_la-utils_loop.lo
CC lib/libcryptsetup_la-utils_devpath.lo
CC lib/libcryptsetup_la-utils_fips.lo
CC lib/libcryptsetup_la-utils_wipe.lo
CC lib/libcryptsetup_la-utils_device.lo
CC lib/libcryptsetup_la-utils_device_locking.lo
CC lib/libcryptsetup_la-utils_keyring.lo
CC lib/libcryptsetup_la-utils_pbkdf.lo
CC lib/libcryptsetup_la-utils_io.lo
CC lib/libcryptsetup_la-libdevmapper.lo
CC lib/libcryptsetup_la-volumekey.lo
CC lib/libcryptsetup_la-random.lo
CC lib/libcryptsetup_la-crypt_plain.lo
CC lib/integrity/libcryptsetup_la-integrity.lo
CC lib/libcryptsetup_la-base64.lo
CC lib/loopaes/libcryptsetup_la-loopaes.lo
CC lib/tcrypt/libcryptsetup_la-tcrypt.lo
CC lib/luks1/libcryptsetup_la-keyencryption.lo
CC lib/luks1/libcryptsetup_la-af.lo
CC lib/luks1/libcryptsetup_la-keymanage.lo
CC lib/verity/libcryptsetup_la-verity_hash.lo
CC lib/verity/libcryptsetup_la-verity_fec.lo
CC lib/verity/libcryptsetup_la-verity.lo
CC lib/verity/libcryptsetup_la-rs_encode_char.lo
CC lib/verity/libcryptsetup_la-rs_decode_char.lo
CC lib/luks2/libcryptsetup_la-luks2_disk_metadata.lo
CC lib/luks2/libcryptsetup_la-luks2_json_format.lo
CC lib/luks2/libcryptsetup_la-luks2_json_metadata.lo
CC lib/luks2/libcryptsetup_la-luks2_luks1_convert.lo
CC lib/luks2/libcryptsetup_la-luks2_digest.lo
CC lib/luks2/libcryptsetup_la-luks2_keyslot.lo
CC lib/luks2/libcryptsetup_la-luks2_digest_pbkdf2.lo
CC lib/luks2/libcryptsetup_la-luks2_keyslot_luks2.lo
CC lib/luks2/libcryptsetup_la-luks2_token_keyring.lo
CC lib/luks2/libcryptsetup_la-luks2_token.lo
CC lib/crypto_backend/libcrypto_backend_la-crypto_cipher_kernel.lo
CC lib/crypto_backend/libcrypto_backend_la-crypto_storage.lo
CC lib/crypto_backend/libcrypto_backend_la-pbkdf_check.lo
CC lib/crypto_backend/libcrypto_backend_la-crc32.lo
CC lib/crypto_backend/libcrypto_backend_la-argon2_generic.lo
CC lib/crypto_backend/libcrypto_backend_la-cipher_generic.lo
CC lib/crypto_backend/libcrypto_backend_la-crypto_gcrypt.lo
CC lib/utils_crypt.o
CC lib/utils_loop.o
CC lib/utils_io.o
CC src/utils_tools.o
CC src/utils_password.o
CC src/cryptsetup.o
CC src/veritysetup.o
CC src/integritysetup.o
CC src/cryptsetup_reencrypt.o
In file included from lib/luks2/luks2_internal.h:30:0,
from lib/luks2/luks2_json_metadata.c:23:
lib/luks2/luks2_json_metadata.c: In function ‘hdr_validate_areas’:
./lib/internal.h:143:23: warning: ‘type’ may be used uninitialized in this function [-Wmaybe-uninitialized]
#define log_dbg(x...) logger(NULL, CRYPT_LOG_DEBUG, FILE, LINE, x)
^~~~~~
lib/luks2/luks2_json_metadata.c:607:17: note: ‘type’ was declared here
const char *type;
^~~~
CCLD libcrypto_backend.la
ar: u' modifier ignored since D' is the default (see U') CCLD libcryptsetup.la CCLD cryptsetup CCLD veritysetup CCLD integritysetup CCLD cryptsetup-reencrypt ./.libs/libcryptsetup.so: undefined reference to tpm_keyslot'
collect2: error: ld returned 1 exit status
Makefile:1434: recipe for target 'cryptsetup-reencrypt' failed
make[2]: *** [cryptsetup-reencrypt] Error 1
make[2]: *** Waiting for unfinished jobs....
./.libs/libcryptsetup.so: undefined reference to tpm_keyslot' collect2: error: ld returned 1 exit status ./.libs/libcryptsetup.so: undefined reference to tpm_keyslot'
collect2: error: ld returned 1 exit status
Makefile:1448: recipe for target 'integritysetup' failed
make[2]: *** [integritysetup] Error 1
Makefile:1428: recipe for target 'cryptsetup' failed
make[2]: *** [cryptsetup] Error 1
./.libs/libcryptsetup.so: undefined reference to `tpm_keyslot'
collect2: error: ld returned 1 exit status
Makefile:1458: recipe for target 'veritysetup' failed
make[2]: *** [veritysetup] Error 1
make[2]: Leaving directory '/home/eci/cryptsetup-tpm-incubator'
Makefile:2131: recipe for target 'all-recursive' failed
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory '/home/eci/cryptsetup-tpm-incubator'
Makefile:1003: recipe for target 'all' failed
make: *** [all] Error 2

I'm compiling on ubuntu 18.04
Can you please assist?
Thanks