Join Log in
Score:1
avatar Ubuntu

How to run a TPM simulator on a Ubuntu machine (maybe incorrect DBus)?

ke flag
Veksi

I have a Ubuntu set up in WSL2. Then I tried instructions at https://wiki.ubuntu.com/TPM/Testing and tried to set up TPM simulator on Ubuntu. But for some reason I seem to end up in a situation I can't start the simulator due to DBus error, while the real problem might be different. I can replicate this same problem also trying to set up a TPM simulator in GitHub action using ubuntu-latest. So, it occurred to me maybe Ubuntu forums someone knows better, it appears this same troubles people on TPM GitHub threads too. :)

The current sequence I have is as follows:

sudo apt-get update
sudo apt-get install tpm2-abrmd
sudo apt-get install libtss2-tcti-tabrmd-dev

sudo tpm2-abrmd --tcti=mssim --allow-root

or on GitHub Actions the second part is

sudo service tpm2-abrmd start
sudo tpm2-abrmd --allow-root --tcti=mssim --logger=stdout

which seem to work due the way the access rights are set up.

> sudo tpm2-abrmd --tcti=mssim --allow-root

** (process:741): WARNING **: 16:36:40.585: tcti_conf before: "device:/dev/tpm0"
 
** (tpm2-abrmd:741): WARNING **: 16:36:40.585: tcti_conf after: "mssim"

** (tpm2-abrmd:741): WARNING **: 16:36:40.586: Failed to get proxy for DBus daemon (org.freedesktop.DBus): Could not connect: No such file or directory

** (tpm2-abrmd:741): CRITICAL **: 16:36:40.586: Failed to acquire DBus name com.intel.tss2.Tabrmd. UID 0 must be allowed to "own" this name. Check DBus config and check that this is running as user tss or root.
WARNING:tcti:src/util/io.c:251:socket_connect() Failed to connect to host 127.0.0.1, port 2321: errno 111: Connection refused
WARNING:tcti:src/tss2-tcti/tctildr.c:62:tcti_from_init() TCTI init for function 0x7f0f40e733d0 failed with a000a
WARNING:tcti:src/tss2-tcti/tctildr.c:92:tcti_from_info() Could not initialize TCTI named: tcti-socket
ERROR:tcti:src/tss2-tcti/tctildr-dl.c:150:tcti_from_file() Could not initialize TCTI file: mssim
ERROR:tcti:src/tss2-tcti/tctildr.c:418:Tss2_TctiLdr_Initialize_Ex() Failed to instantiate TCTI

** (tpm2-abrmd:741): CRITICAL **: 16:36:40.586: init_thread_func: failed to create TCTI with conf "mssim", got RC: 0xa000a

Looking at DBus configuration, there is /etc/dbus-1/system.d/tpm2-abrmd.conf:

<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
 "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
<busconfig>
  <!-- ../system.conf have denied everything, so we just punch some holes -->
  <policy user="tss">
    <allow own="com.intel.tss2.Tabrmd"/>
  </policy>
  <policy user="root">
    <allow own="com.intel.tss2.Tabrmd"/>
  </policy>
  <policy user="XYZ">
    <allow own="com.intel.tss2.Tabrmd"/>
  </policy>
  <policy context="default">
    <allow send_destination="com.intel.tss2.Tabrmd"/>
    <allow receive_sender="com.intel.tss2.Tabrmd"/>
  </policy>
</busconfig>

Also /etc/dbus-1/system.d/tpm2-abrmd.service:

[Unit]
Description=TPM2 Access Broker and Resource Management Daemon
After=systemd-udev-settle.service
Requires=systemd-udev-settle.service
# This condition is needed when using the device TCTI. If the
# TCP mssim is used then the condition should be commented out.
# ConditionPathExistsGlob=/dev/tpm*

[Service]
Type=dbus
BusName=com.intel.tss2.Tabrmd
StandardOutput=syslog
ExecStart=/usr/sbin/tpm2-abrmd --tcti=mssim
User=tss

[Install]
WantedBy=multi-user.target

I'll add that running like

sudo -u tss /usr/local/sbin/tpm2-abrmd --tcti=mssim --logger=stdout &

Seem to make no difference. The result of that is

> [2] 163
XYZ@ABC:/$ sudo: /usr/local/sbin/tpm2-abrmd: command not found

[2]-  Exit 1                  sudo -u tss /usr/local/sbin/tpm2-abrmd --tcti=mssim --logger=stdout

It may also be, even likely, I don't know what I'm doing. Being fairly new to Linux and Ubuntu.

396
0 + 2
tpm
NotTheDr01ds avatar
vn flag
NotTheDr01ds
Don't worry - You've already made it *much* further into this than most newbies would ever get. It's a very well researched question, IMHO. I'll try to find some time to repro it after I get my "throwaway/testing" session configured again. I think it's going to come down to Dbus not being supported on WSL without additional configuration. Whether or not the TPM simulator will run without it (or if there's a way to get "just enough DBus"), I'm not sure.
2
Reply
ke flag
Veksi
Thank you for the kind words. I think the root problems on WSL2 and GitHub are different, but maybe similar. It could be be on WSL2 systemd is not running, and I'm not sure if logging is working like it's otherwise too. I'm doing "something" on GitHub actions to make this work and took on to WSL2 + Ubuntu for faster iterations. :) But it's probably time to look deeper into developing on Linux as it seem to be faster on GitHub Actions and then there's all the cloud native stuff!
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.