stpm-exfiltrate does not return a key or an error

[TomsFilatovs]

I've generated a key in software and am now trying to exfiltrate it, but after entering the owner password, the utility returns only mod=,exp=,key=
Using the key for ssh logins and ssh key signing works fine, I have the dependencies installed, stpm-keygen did not return any errors or warnings during generation, there's no PIN on the ssh key, the SRK password is the well known secret, I've run tpm_restrictsrk -a and tried clearing the TPM and starting fresh as well as trying all combinations of the 2 TPM settings I saw in the BIOS ( 'PPI provision override' and 'PPI deprovision override').
The OS is Ubuntu 16.04, the issue affects both the version of stpm-exfiltrate from Ubuntu's package repos and the one I got by compiling from git source. The device is a Dell Latitude E5440.
tpm_version
TPM 1.2 Version Info:
Chip Version: 1.2.41.1
Spec Level: 2
Errata Revision: 3
TPM Vendor ID: ATML
TPM Version: 01010000
Manufacturer Info: 41544d4c

[ThomasHabets]

Strange. I'll try to reproduce this.

[ThomasHabets]

Not only am I unable to reproduce this, I can't seem to get stpm-exfiltrate to work at all:

$ ./stpm-exfiltrate -k unsafe 
Enter owner password: 
stpm-exfiltrate: Exception:
  Tspi_Key_CreateMigrationBlob: Code=0x00000009: tpm: Operation failed

Building trousers with --enable-debug is not helping much:

TCSD TCS rpc/tcstp/rpc_migration.c:45 tcs_wrap_CreateMigrationBlob: thread 140413693056768 context a02a1800
TCSD TCS tcsi_migration.c:50 Entering TPM_CreateMigrationBlob
TCSD TCS tcs_key_mem_cache.c:159 ensureKeyIsLoaded: 0x40000000
TCSD TCS tcs_key_mem_cache.c:716 mc_get_slot_by_handle: TCSD mem_cached handle: 0x22330000
TCSD TCS tcs_key_mem_cache.c:716 mc_get_slot_by_handle: TCSD mem_cached handle: 0x40000000
TCSD TCS tcs_key_mem_cache.c:167 keySlot is 40000000
TCSD TCS tcs_key_mem_cache.c:872 mc_update_time_stamp: TCSD mem_cached handle: 0x22330000
TCSD TCS tcs_key_mem_cache.c:872 mc_update_time_stamp: TCSD mem_cached handle: 0x40000000
TCSD TCS tcs_key_mem_cache.c:192 ensureKeyIsLoaded: Exit
To TPM: 00 C3 00 00 02 A0 00 00 00 28 40 00 00 00 00 02 
[… many "To TPM" lines …]
TCSD TDDL tddl.c:171 Calling write to driver
From TPM: 00 C4 00 00 00 0A 00 00 00 09 
LOG_RETERR TPM tcsi_migration.c:89: 0x9

That 0x9 appears to be the only thing the TPM tells the host, which is what we already have in the command output: "operation failed".

[reanimus]

Has there been any changes on this? I'm getting a different error when I try to exfiltrate the key:

stpm-exfiltrate: Exception:
  Tspi_Key_CreateMigrationBlob: Code=0x00000001: tpm: Authentication failed
Likely problem:
  Either the SRK password or the key password is incorrect.
  The Well Known Secret (20 nulls unhashed) is not the same as the password "".
Possible solution:
  The SRK password can (and arguable should) be set to the Well Known Secret using:
    tpm_changeownerauth -s -r
  Alternatively the SRK password can be given with -s to stpm-keygen/stpm-sign and
  with srk_pin in the configuration file for the PKCS#11 module.

This is on a Lenovo T450s, btw.

tpm_version output:

TPM 1.2 Version Info:
  Chip Version:        1.2.13.12
  Spec Level:          2
  Errata Revision:     3
  TPM Vendor ID:       STM 
  Vendor Specific data: 50
  TPM Version:         01010000
  Manufacturer Info:   53544d20

[ThomasHabets]

@reanimus maybe you got the owner password wrong? Alt what is your SRK password?

[reanimus]

I double checked and I think I used a hardware key (at least, I assume that's what old me did). Thus, the keys aren't migrateable.