intel

[IoTG] [TGL-H] TPM tests fail

Bug #1936899 reported by Doug Jacobs
12
This bug affects 1 person
Affects Status Importance Assigned to Milestone
intel
Invalid
Undecided
Unassigned
linux-intel (Ubuntu)
Invalid
Undecided
Unassigned

Bug Description

[Summary]TPM tests from CDTS 20 automated fail

[Steps to reproduce]Run cdts.odm_certification, select TPM

[Expected result]All tests should pass.

[Actual result]
Failed Jobs (TPM 2.0):
tpm2.0_4.1.1/tpm2_clockratedadjust
tpm2.0_4.1.1/tpm2_createprimary
tpm2.0_4.1.1/tpm2_import
tpm2.0_4.1.1/tpm2_loadexternal

Jobs with failed dependencies
tpm2.0_4.1.1/tpm2_rc_decode

[Failure rate]100%

[Additional information]
CID: 202106-29175
SKU:
system-manufacturer: Intel Corporation
system-product-name: Tiger Lake Client Platform
bios-version: TGLIFUI1.R00.3455.A03.2011281547
CPU: Genuine Intel(R) CPU 0000 @ 2.60GHz (16x)
GPU: 00:02.0 VGA compatible controller [0300]: Intel Corporation Device [8086:9a60]
kernel-version: 5.11.0-1009-intel

[Stage]
Issue reported and logs collected right after it happened

See original description
Revision history for this message
Doug Jacobs (djacobs98) wrote :

Automatically attached

description: updated
Revision history for this message
Doug Jacobs (djacobs98) wrote :

Automatically attached

Revision history for this message
Doug Jacobs (djacobs98) wrote :

Automatically attached

Revision history for this message
Doug Jacobs (djacobs98) wrote :

Automatically attached

Kent Lin (kent-jclin)
tags: added: iotg
summary: - TPM tests fail
+ [IoTG] [TGL-H] TPM tests fail
Kent Lin (kent-jclin)
tags: added: tgl-h
Kent Lin (kent-jclin)
Changed in intel:
importance: Undecided → Critical
Revision history for this message
Sachin Mokashi (sachinmokashi) wrote :

Hi @Doug,

As mentioned by @shanelin, can you please try the steps:
https://bugs.launchpad.net/intel/+bug/1938413/comments/17

Revision history for this message
Kent Lin (kent-jclin) wrote :

@Sachin,
Could you please advise why you think test Kernel could fix the issue?
The issue has not been checked by anyone yet.

Revision history for this message
Chao Qin (chaoqin) wrote :

We can reproduce these issues with our mainline-tracking kernel. The following error logs are for case tpm2.0_4.1.1/tpm2_clockrateadjust

WARNING:esys:src/tss2-esys/api/Esys_ClockRateAdjust.c:287:Esys_ClockRateAdjust_Finish() Received TPM Error
ERROR:esys:src/tss2-esys/api/Esys_ClockRateAdjust.c:100:Esys_ClockRateAdjust() Esys Finish ErrorCode (0x000001c4)
ERROR: Esys_ClockRateAdjust(0x1C4) - tpm:parameter(1):value is out of range or is not correct for the context
ERROR: Unable to run tpm2_clockrateadjust
++ onerror
++ echo 'tpm2_clockrateadjust s on line 19 failed: 1'

Could please involve Canonical Engineer to help check?

Revision history for this message
Kent Lin (kent-jclin) wrote :

Test Report:
https://drive.google.com/file/d/1eE8wVEgl34YbkqT9Tch1ZjMg2iWbdnb-/view?usp=sharing

Revision history for this message
Ivan Hu (ivan.hu) wrote :

For the tpm2_clockrateadjust test fail,

+ tpm2_clockrateadjust s
WARNING:esys:src/tss2-esys/api/Esys_ClockRateAdjust.c:287:Esys_ClockRateAdjust_Finish() Received TPM Error
ERROR:esys:src/tss2-esys/api/Esys_ClockRateAdjust.c:100:Esys_ClockRateAdjust() Esys Finish ErrorCode (0x000001c4)
ERROR: Esys_ClockRateAdjust(0x1C4) - tpm:parameter(1):value is out of range or is not correct for the context
ERROR: Unable to run tpm2_clockrateadjust

it occurred on the tpm2_clockrateadjust to slow down the clock period one fine increment and got the "value is out of range or is not correct for the context" from TPM.

It is due to the platform unsupported the clock rate adjust, it is known that some firmware TPM do not support this function, please check if this platform is firmware TPM, and check with your TPM vendors.

Revision history for this message
Ivan Hu (ivan.hu) wrote :

For the tpm2_createprimary tests,

The failures are both from tpm2_createprimary whit hash-algorithm sm3_256

+ tpm2_createprimary -Q -g sm3_256 -G rsa -c context.out
ERROR:esys_crypto:src/tss2-esys/esys_crypto_ossl.c:103:iesys_cryptossl_hash_start() ErrorCode (0x00070002) Unsupported hash algorithm (18)
ERROR:esys:src/tss2-esys/esys_iutil.c:1493:iesys_get_name() crypto hash start ErrorCode (0x00070002)
ERROR:esys:src/tss2-esys/api/Esys_CreatePrimary.c:426:Esys_CreatePrimary_Finish() ErrorCode (0x00070011) in Public name not equal name in response
ERROR:esys:src/tss2-esys/api/Esys_CreatePrimary.c:135:Esys_CreatePrimary() Esys Finish ErrorCode (0x00070011)
ERROR: Esys_CreatePrimary(0x70011) - esapi:Response is malformed
ERROR:esys:src/tss2-esys/esys_iutil.c:1134:iesys_check_sequence_async() Esys called in bad sequence.
ERROR:esys:src/tss2-esys/api/Esys_FlushContext.c:66:Esys_FlushContext() Error in async function ErrorCode (0x00070007)
ERROR: Esys_FlushContext(0x70007) - esapi:Function called in the wrong order
ERROR: Unable to run tpm2_createprimary

the latest tpm2_tests will first check the platform supported hash algorithms, then do the tests with the hash algorithms.
But test with it, got
ERROR:esys_crypto:src/tss2-esys/esys_crypto_ossl.c:103:iesys_cryptossl_hash_start() ErrorCode (0x00070002) Unsupported hash algorithm (18)

Checking the tpm2-tss code, the sm3_256, so got the Unsupported hash algorithm return from tpm2-tss.
Below is the tss support hash,
get_ossl_hash_md(TPM2_ALG_ID hashAlg)
{
    switch (hashAlg) {
    case TPM2_ALG_SHA1:
        return EVP_sha1();
        break;
    case TPM2_ALG_SHA256:
        return EVP_sha256();
        break;
    case TPM2_ALG_SHA384:
        return EVP_sha384();
        break;
    case TPM2_ALG_SHA512:
        return EVP_sha512();
        break;
    default:
        return NULL;
    }
}

From the latest Spec "TCG PC Client Platform TPM Profile Specification for TPM 2.0, Version 1.05
Revision 14 September 4, 2020"
I found that "sm3_256" is optional.
So, I think this failure could be safely ignored.

Revision history for this message
Ivan Hu (ivan.hu) wrote :

For the tpm2_loadexternal, and tpm2_import tests, the failure seems from RSA private key 1024 bit no support for this platform. So TPM returned ErrorCode (0x000002c4), "value is out of range or is not correct for the context"

+ openssl genrsa -aes128 -passout pass:mypassword -out private.pem 1024
Generating RSA private key, 1024 bit long modulus (2 primes)
.........................+++++
...+++++
e is 65537 (0x010001)
+ '[' pass:mypassword '!=' stdin ']'
+ cmd='tpm2_loadexternal -Q -G rsa -r private.pem -c key.ctx --passin pass:mypassword'
+ eval tpm2_loadexternal -Q -G rsa -r private.pem -c key.ctx --passin pass:mypassword
++ tpm2_loadexternal -Q -G rsa -r private.pem -c key.ctx --passin pass:mypassword
WARNING:esys:src/tss2-esys/api/Esys_LoadExternal.c:304:Esys_LoadExternal_Finish() Received TPM Error
ERROR:esys:src/tss2-esys/api/Esys_LoadExternal.c:108:Esys_LoadExternal() Esys Finish ErrorCode (0x000002c4)
ERROR: Esys_LoadExternal(0x2C4) - tpm:parameter(2):value is out of range or is not correct for the context
ERROR: Unable to run tpm2_loadexternal

From the PTP spec"TCG PC Client Platform TPM Profile Specification for TPM 2.0",
Table2. PC Client TPM Algorithms
It described,
TPM_ALG_RSA M Support for 2048-bit keys is required; the TPM SHOULD NOT support 1024-bit keys.

So I think this could be safely ignored, if 1024 key is not supported.

Anthony Wong (anthonywong)
Changed in linux-intel (Ubuntu):
status: New → Invalid
Changed in intel:
status: New → Invalid
importance: Critical → Undecided
Doug Jacobs (djacobs98)
tags: added: lookout-canyon
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.