Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OP-TEE fTPM crashes with persistent storage #106

Open
stgloorious opened this issue Dec 11, 2023 · 3 comments
Open

OP-TEE fTPM crashes with persistent storage #106

stgloorious opened this issue Dec 11, 2023 · 3 comments

Comments

@stgloorious
Copy link

stgloorious commented Dec 11, 2023
edited
Loading

We have OP-TEE and the fTPM TA set up on our development board. The fTPM works as long as there is no persistent storage present in the REE filesystem, so either if

  1. only RPMB_EMU is used without REE FS or
  2. the tee directory is deleted

The first time the fTPM is started it will create storage objects:

D/TA:  TA_CreateEntryPoint:151 Entry Point
D/TA:  _plat__NVEnable:381 _plat__NVEnable()
D/TA:  _plat__NvInitFromStorage:132 _plat__NvInitFromStorage()
I/TA: Created fTPM storage object, i: 0x0, s: 0x200, id: 0x54504d00, h:0x98ba0
I/TA: Created fTPM storage object, i: 0x1, s: 0x200, id: 0x54504d01, h:0x98ba0
I/TA: Created fTPM storage object, i: 0x2, s: 0x200, id: 0x54504d02, h:0x98ba0
I/TA: Created fTPM storage object, i: 0x3, s: 0x200, id: 0x54504d03, h:0x98ba0
I/TA: Created fTPM storage object, i: 0x4, s: 0x200, id: 0x54504d04, h:0x98ba0
I/TA: Created fTPM storage object, i: 0x5, s: 0x200, id: 0x54504d05, h:0x98ba0
I/TA: Created fTPM storage object, i: 0x6, s: 0x200, id: 0x54504d06, h:0x98ba0
I/TA: Created fTPM storage object, i: 0x7, s: 0x200, id: 0x54504d07, h:0x98ba0
I/TA: Created fTPM storage object, i: 0x8, s: 0x200, id: 0x54504d08, h:0x98ba0
I/TA: Created fTPM storage object, i: 0x9, s: 0x200, id: 0x54504d09, h:0x98ba0
I/TA: Created fTPM storage object, i: 0xa, s: 0x200, id: 0x54504d0a, h:0x98ba0
I/TA: Created fTPM storage object, i: 0xb, s: 0x200, id: 0x54504d0b, h:0x98ba0
I/TA: Created fTPM storage object, i: 0xc, s: 0x200, id: 0x54504d0c, h:0x98ba0
I/TA: Created fTPM storage object, i: 0xd, s: 0x200, id: 0x54504d0d, h:0x98ba0
I/TA: Created fTPM storage object, i: 0xe, s: 0x200, id: 0x54504d0e, h:0x98ba0
I/TA: Created fTPM storage object, i: 0xf, s: 0x200, id: 0x54504d0f, h:0x98ba0
I/TA: Created fTPM storage object, i: 0x10, s: 0x200, id: 0x54504d10, h:0x98ba0
I/TA: Created fTPM storage object, i: 0x11, s: 0x200, id: 0x54504d11, h:0x98ba0
I/TA: Created fTPM storage object, i: 0x12, s: 0x200, id: 0x54504d12, h:0x98ba0
I/TA: Created fTPM storage object, i: 0x13, s: 0x200, id: 0x54504d13, h:0x98ba0
I/TA: Created fTPM storage object, i: 0x14, s: 0x200, id: 0x54504d14, h:0x98ba0
I/TA: Created fTPM storage object, i: 0x15, s: 0x200, id: 0x54504d15, h:0x98ba0
I/TA: Created fTPM storage object, i: 0x16, s: 0x200, id: 0x54504d16, h:0x98ba0
I/TA: Created fTPM storage object, i: 0x17, s: 0x200, id: 0x54504d17, h:0x98ba0
I/TA: Created fTPM storage object, i: 0x18, s: 0x200, id: 0x54504d18, h:0x98ba0
I/TA: Created fTPM storage object, i: 0x19, s: 0x200, id: 0x54504d19, h:0x98ba0
I/TA: Created fTPM storage object, i: 0x1a, s: 0x200, id: 0x54504d1a, h:0x98ba0
I/TA: Created fTPM storage object, i: 0x1b, s: 0x200, id: 0x54504d1b, h:0x98ba0
I/TA: Created fTPM storage object, i: 0x1c, s: 0x200, id: 0x54504d1c, h:0x98ba0
I/TA: Created fTPM storage object, i: 0x1d, s: 0x200, id: 0x54504d1d, h:0x98ba0
I/TA: Created fTPM storage object, i: 0x1e, s: 0x200, id: 0x54504d1e, h:0x98ba0
I/TA: Created fTPM storage object, i: 0x1f, s: 0x200, id: 0x54504d1f, h:0x98ba0
I/TA: Created fTPM storage object, i: 0x20, s: 0x200, id: 0x54504d20, h:0x98ba0
D/TA:  TA_CreateEntryPoint:173 NVEnable Complete
D/TA:  TA_CreateEntryPoint:180 TPM_Manufacture
Size of OBJECT = 1204
Size of components in TPMT_SENSITIVE = 744
    TPMI_ALG_PUBLIC                 2
    TPM2B_AUTH                      50
    TPM2B_DIGEST                    50
    TPMU_SENSITIVE_COMPOSITE        642
MAX_CONTEXT_SIZE can be reduced to 1264 (1344)
D/TA:  _plat__NvWriteBack:292 bMap: 0xffffffff
D/TA:  _plat__NVEnable:381 _plat__NVEnable()
D/TA:  TA_CreateEntryPoint:192 Init Complete
D/TA:  TA_CreateEntryPoint:215 No TPM state present
D/TA:  _plat__NvWriteBack:292 bMap: 0x2
D/TA:  fTPM_Submit_Command:382 Success, RS: 0xa
D/TA:  fTPM_Submit_Command:382 Success, RS: 0x1b
D/TA:  fTPM_Submit_Command:382 Success, RS: 0x1e7
D/TA:  fTPM_Submit_Command:382 Success, RS: 0x25

tpm2-tools work as expected.
If the system is rebooted or reset from this state, the fTPM will reliably panic when trying to open the persistent storage objects:

D/TA:  TA_CreateEntryPoint:151 Entry Point
D/TA:  _plat__NVEnable:381 _plat__NVEnable()
D/TA:  _plat__NvInitFromStorage:132 _plat__NvInitFromStorage()
I/TA: Read fTPM storage object, i: 0x0, s: 0x200, id: 0x54504d00, h:0x98ba0
I/TA: Read fTPM storage object, i: 0x0, s: 0x200, id: 0x54504d01, h:0x0
D/TA:  _plat__NvInitFromStorage:172 Failed to open fTPM storage object
E/TC:? 0
E/TC:? 0 TA panicked with code 0xffff0007
E/LD:  Status of TA bc50d971-d4c9-42c4-82cb-343fb7f37896
E/LD:   arch: aarch64
E/LD:  region  0: va 0x40005000 pa 0x9ea01000 size 0x002000 flags rw-s (ldelf)
E/LD:  region  1: va 0x40007000 pa 0x9ea03000 size 0x009000 flags r-xs (ldelf)
E/LD:  region  2: va 0x40010000 pa 0x9ea0c000 size 0x001000 flags rw-s (ldelf)
E/LD:  region  3: va 0x40011000 pa 0x9ea0d000 size 0x004000 flags rw-s (ldelf)
E/LD:  region  4: va 0x40015000 pa 0x9ea11000 size 0x001000 flags r--s
E/LD:  region  5: va 0x40016000 pa 0x9eb2c000 size 0x011000 flags rw-s (stack)
E/LD:  region  6: va 0x40077000 pa 0x00001000 size 0x07b000 flags r-xs [0]
E/LD:  region  7: va 0x400f2000 pa 0x0007c000 size 0x09f000 flags rw-s [0]
E/LD:   [0] bc50d971-d4c9-42c4-82cb-343fb7f37896 @ 0x40077000
E/LD:  Call stack:
E/LD:   0x400c8b24
E/LD:   0x4007a620
E/LD:   0x400c8984
E/TC:? 0 ldelf_dump_ftrace:336 ldelf stack is inaccessible!
E/TC:? 0 tee_ta_open_session:743 Failed. Return error 0xffff3024

The OP-TEE storage tests pass and example applications also work as expected.
We are using the latest version (e9fc7b8).

Any help is greatly appreciated.
@TallGuy74
Copy link

I am seeing the exact same issue here.

@akorb
Copy link

akorb commented Jun 13, 2024

The OP-TEE code in this repo will be removed soon #108 . So it's probably better to not expect any changes here.

Having said that, I worked with an fTPM persistent storage several months ago. I observed a similar issue (don't remember exactly). If it is the same error, you can fix it with executing chown tee:tee /data/tee/* in Linux before loading the fTPM. At least, it worked for me then.

@TallGuy74
Copy link

In my case tee-supplicant is running as root, and the files in the tee data directory are all owned by root (R/W for user only).
It's a yocto based system. The main problem is that I can see it loading the first two objects, and it only fails on the third.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@akorb @TallGuy74 @stgloorious