Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Using session instead of system's dbus #827

Open
abdawoud opened this issue Jan 11, 2023 · 3 comments
Open

Using session instead of system's dbus #827

abdawoud opened this issue Jan 11, 2023 · 3 comments

Comments

@abdawoud
Copy link

abdawoud commented Jan 11, 2023
edited
Loading

I successfully built and tested the project, then I wanted to use the session dbus instead of system's dbus by running the daemon as following:

sudo -u tss G_MESSAGES_DEBUG=all /usr/sbin/tpm2-abrmd --session

This fails with the error:

** INFO: 20:21:17.312: tabrmd startup
** (process:2368): DEBUG: 20:21:17.312: tcti_conf before: "(null)"
** INFO: 20:21:17.313: logging to stdout
** (tpm2-abrmd:2368): DEBUG: 20:21:17.313: tcti_conf after: "device:/dev/tpm0"
** INFO: 20:21:17.313: entering g_main_loop
** INFO: 20:21:17.314: init_thread_func start
** (tpm2-abrmd:2368): DEBUG: 20:21:17.314: random_class_init
** (tpm2-abrmd:2368): DEBUG: 20:21:17.315: opening entropy source: /dev/urandom
** (tpm2-abrmd:2368): DEBUG: 20:21:17.315: reading from entropy source: /dev/urandom
** (tpm2-abrmd:2368): DEBUG: 20:21:17.315: connection_manager_set_property
** (tpm2-abrmd:2368): DEBUG: 20:21:17.316:   max_connections: 27
** (tpm2-abrmd:2368): DEBUG: 20:21:17.316: IpcFrontendDbus set bus_name: com.intel.tss2.Tabrmd
** (tpm2-abrmd:2368): DEBUG: 20:21:17.316: ipc_frontend_connect

** (tpm2-abrmd:2368): WARNING **: 20:21:17.319: Failed to get proxy for DBus daemon (org.freedesktop.DBus): Cannot autolaunch D-Bus without X11 $DISPLAY
** (tpm2-abrmd:2368): DEBUG: 20:21:17.320: Got proxy object for DBus daemon.
** (tpm2-abrmd:2368): DEBUG: 20:21:17.320: on_name_lost: com.intel.tss2.Tabrmd

** (tpm2-abrmd:2368): CRITICAL **: 20:21:17.320: Failed to acquire DBus name com.intel.tss2.Tabrmd. UID 995 must be allowed to "own" this name. Check DBus config and check that this is running as user tss or root.
** INFO: 20:21:17.321: main_loop_quit
** INFO: 20:21:17.321: g_main_loop_run done, cleaning up
** (tpm2-abrmd:2368): DEBUG: 20:21:17.327: tcti_set_property
** (tpm2-abrmd:2368): DEBUG: 20:21:17.327: Allocating 0x103c bytes for SAPI context
** (tpm2-abrmd:2368): DEBUG: 20:21:17.327: tpm2_set_property
** (tpm2-abrmd:2368): DEBUG: 20:21:17.328: tpm2_set_property
** (tpm2-abrmd:2368): DEBUG: 20:21:17.328: tpm2_init_tpm
** (tpm2-abrmd:2368): DEBUG: 20:21:17.331: tpm2_get_tpm_properties_fixed
** (tpm2-abrmd:2368): DEBUG: 20:21:17.346: command_attrs_class_init
** (tpm2-abrmd:2368): DEBUG: 20:21:17.352: command_source_class_init
** (tpm2-abrmd:2368): DEBUG: 20:21:17.352: command_source_set_property
** (tpm2-abrmd:2368): DEBUG: 20:21:17.352: command_source_set_property
** (tpm2-abrmd:2368): DEBUG: 20:21:17.352: session_list_new with max-per-connection: 0x4
** (tpm2-abrmd:2368): DEBUG: 20:21:17.353: session_list_init
** (tpm2-abrmd:2368): DEBUG: 20:21:17.353: resource_manager_set_property
** (tpm2-abrmd:2368): DEBUG: 20:21:17.353: resource_manager_set_property
** (tpm2-abrmd:2368): DEBUG: 20:21:17.353: resource_manager_set_property
** (tpm2-abrmd:2368): DEBUG: 20:21:17.353: response_sink_set_property
** (tpm2-abrmd:2368): DEBUG: 20:21:17.353:   setting PROP_IN_QUEUE
** (tpm2-abrmd:2368): DEBUG: 20:21:17.353: source_add_sink
** (tpm2-abrmd:2368): DEBUG: 20:21:17.353: command_source_add_sink
** (tpm2-abrmd:2368): DEBUG: 20:21:17.354: command_source_set_property
** (tpm2-abrmd:2368): DEBUG: 20:21:17.354: source_add_sink
** (tpm2-abrmd:2368): DEBUG: 20:21:17.354: resource_manager_add_sink
** (tpm2-abrmd:2368): DEBUG: 20:21:17.354: resource_manager_set_property
** INFO: 20:21:17.354: init_thread_func done
** (tpm2-abrmd:2368): DEBUG: 20:21:17.354: resource_manager_thread start
** (tpm2-abrmd:2368): DEBUG: 20:21:17.355: message_queue_dequeue
** (tpm2-abrmd:2368): DEBUG: 20:21:17.355: gmain_data_cleanup
** (tpm2-abrmd:2368): DEBUG: 20:21:17.355: command_attrs_finalize
** (tpm2-abrmd:2368): DEBUG: 20:21:17.355: resource_manager_unblock: enqueuing ControlMessage
** (tpm2-abrmd:2368): DEBUG: 20:21:17.356: message_queue_enqueue
** (tpm2-abrmd:2368): DEBUG: 20:21:17.356: resource_manager_thread: message_queue_dequeue got obj
** (tpm2-abrmd:2368): DEBUG: 20:21:17.356: resource_manager_process_control
** (tpm2-abrmd:2368): DEBUG: 20:21:17.356: sink_enqueue
** (tpm2-abrmd:2368): DEBUG: 20:21:17.356: response_sink_enqueue:
** (tpm2-abrmd:2368): DEBUG: 20:21:17.356: message_queue_enqueue
** (tpm2-abrmd:2368): DEBUG: 20:21:17.356: resource_manager_dispose
** (tpm2-abrmd:2368): DEBUG: 20:21:17.356: response_sink_thread: blocking on input queue
** (tpm2-abrmd:2368): DEBUG: 20:21:17.356: message_queue_dequeue
** (tpm2-abrmd:2368): DEBUG: 20:21:17.357: response_sink_process_control
** (tpm2-abrmd:2368): DEBUG: 20:21:17.357: session_list_dispose: SessionList with 0 entries
** (tpm2-abrmd:2368): DEBUG: 20:21:17.357: response_sink_process_control: Received CHECK_CANCEL control code, terminating.
** (tpm2-abrmd:2368): DEBUG: 20:21:17.357: session_list_finalize: SessionList with 0 entries
** (tpm2-abrmd:2368): DEBUG: 20:21:17.357: message_queue_enqueue
** (tpm2-abrmd:2368): DEBUG: 20:21:17.357: ipc_frontend_disconnect
** (tpm2-abrmd:2368): DEBUG: 20:21:17.357: random_finalize
** INFO: 20:21:17.357: main_loop_quit

Any idea what causes this problem? and how to fix it?
@williamcroberts
Copy link
Member

Looks like its:

** (tpm2-abrmd:2368): WARNING **: 20:21:17.319: Failed to get proxy for DBus daemon (org.freedesktop.DBus): Cannot autolaunch D-Bus without X11 $DISPLAY
** (tpm2-abrmd:2368): DEBUG: 20:21:17.320: Got proxy object for DBus daemon.
** (tpm2-abrmd:2368): DEBUG: 20:21:17.320: on_name_lost: com.intel.tss2.Tabrmd

** (tpm2-abrmd:2368): CRITICAL **: 20:

Typically session bus runs with the sessions user, what happens if you drop sudo -u tss?

@abdawoud
Copy link
Author

Thanks for the prompt response. Dropping sudo -u tss from the command would opt out the followingerror

** INFO: 09:01:43.543: tabrmd startup
** (process:1551): DEBUG: 09:01:43.543: tcti_conf before: "(null)"
** INFO: 09:01:43.544: logging to stdout
** (tpm2-abrmd:1551): DEBUG: 09:01:43.544: tcti_conf after: "device:/dev/tpm0"
** INFO: 09:01:43.544: entering g_main_loop
** INFO: 09:01:43.545: init_thread_func start
** (tpm2-abrmd:1551): DEBUG: 09:01:43.545: random_class_init
** (tpm2-abrmd:1551): DEBUG: 09:01:43.546: opening entropy source: /dev/urandom
** (tpm2-abrmd:1551): DEBUG: 09:01:43.546: reading from entropy source: /dev/urandom
** (tpm2-abrmd:1551): DEBUG: 09:01:43.546: connection_manager_set_property
** (tpm2-abrmd:1551): DEBUG: 09:01:43.547:   max_connections: 27
** (tpm2-abrmd:1551): DEBUG: 09:01:43.547: IpcFrontendDbus set bus_name: com.intel.tss2.Tabrmd
** (tpm2-abrmd:1551): DEBUG: 09:01:43.548: ipc_frontend_connect
ERROR:tcti:src/tss2-tcti/tcti-device.c:451:Tss2_Tcti_Device_Init() Failed to open specified TCTI device file /dev/tpm0: Permission denied
ERROR:tcti:src/tss2-tcti/tctildr-dl.c:169:tcti_from_file() Could not initialize TCTI file: device
ERROR:tcti:src/tss2-tcti/tctildr.c:430:Tss2_TctiLdr_Initialize_Ex() Failed to instantiate TCTI

** (tpm2-abrmd:1551): CRITICAL **: 09:01:43.555: init_thread_func: failed to create TCTI with conf "device:/dev/tpm0", got RC: 0xa000a
** (tpm2-abrmd:1551): DEBUG: 09:01:43.555: init_thread_func: calling gmain_data_cleanup
** (tpm2-abrmd:1551): DEBUG: 09:01:43.556: gmain_data_cleanup
** (tpm2-abrmd:1551): DEBUG: 09:01:43.556: ipc_frontend_disconnect

(tpm2-abrmd:1551): GLib-GIO-CRITICAL **: 09:01:43.556: g_bus_unown_name: assertion 'owner_id > 0' failed
** (tpm2-abrmd:1551): DEBUG: 09:01:43.556: random_finalize
** INFO: 09:01:43.557: main_loop_quit
** INFO: 09:01:43.557: g_main_loop_run done, cleaning up
** (tpm2-abrmd:1551): DEBUG: 09:01:43.557: gmain_data_cleanup
** INFO: 09:01:43.558: main_loop_quit

But I think that's a user's permission issue, I will look into it, but any hints would be appreciated.

@williamcroberts
Copy link
Member

Thanks for the prompt response. Dropping sudo -u tss from the command would opt out the followingerror

** INFO: 09:01:43.543: tabrmd startup
** (process:1551): DEBUG: 09:01:43.543: tcti_conf before: "(null)"
** INFO: 09:01:43.544: logging to stdout
** (tpm2-abrmd:1551): DEBUG: 09:01:43.544: tcti_conf after: "device:/dev/tpm0"
** INFO: 09:01:43.544: entering g_main_loop
** INFO: 09:01:43.545: init_thread_func start
** (tpm2-abrmd:1551): DEBUG: 09:01:43.545: random_class_init
** (tpm2-abrmd:1551): DEBUG: 09:01:43.546: opening entropy source: /dev/urandom
** (tpm2-abrmd:1551): DEBUG: 09:01:43.546: reading from entropy source: /dev/urandom
** (tpm2-abrmd:1551): DEBUG: 09:01:43.546: connection_manager_set_property
** (tpm2-abrmd:1551): DEBUG: 09:01:43.547:   max_connections: 27
** (tpm2-abrmd:1551): DEBUG: 09:01:43.547: IpcFrontendDbus set bus_name: com.intel.tss2.Tabrmd
** (tpm2-abrmd:1551): DEBUG: 09:01:43.548: ipc_frontend_connect
ERROR:tcti:src/tss2-tcti/tcti-device.c:451:Tss2_Tcti_Device_Init() Failed to open specified TCTI device file /dev/tpm0: Permission denied
ERROR:tcti:src/tss2-tcti/tctildr-dl.c:169:tcti_from_file() Could not initialize TCTI file: device
ERROR:tcti:src/tss2-tcti/tctildr.c:430:Tss2_TctiLdr_Initialize_Ex() Failed to instantiate TCTI

** (tpm2-abrmd:1551): CRITICAL **: 09:01:43.555: init_thread_func: failed to create TCTI with conf "device:/dev/tpm0", got RC: 0xa000a
** (tpm2-abrmd:1551): DEBUG: 09:01:43.555: init_thread_func: calling gmain_data_cleanup
** (tpm2-abrmd:1551): DEBUG: 09:01:43.556: gmain_data_cleanup
** (tpm2-abrmd:1551): DEBUG: 09:01:43.556: ipc_frontend_disconnect

(tpm2-abrmd:1551): GLib-GIO-CRITICAL **: 09:01:43.556: g_bus_unown_name: assertion 'owner_id > 0' failed
** (tpm2-abrmd:1551): DEBUG: 09:01:43.556: random_finalize
** INFO: 09:01:43.557: main_loop_quit
** INFO: 09:01:43.557: g_main_loop_run done, cleaning up
** (tpm2-abrmd:1551): DEBUG: 09:01:43.557: gmain_data_cleanup
** INFO: 09:01:43.558: main_loop_quit

But I think that's a user's permission issue, I will look into it, but any hints would be appreciated.

Whatever user it's being run on doesn't have permissions to /dev/tpm0. /dev/tpm0 usually is perms tss root 0660, so a regular user cannot open it. /dev/tpmrm0 is usually root tss 0660 as well. So if your user is part of the tss group, you could use the --tcti option with tpm2-abrmd and try --tcti=device:/dev/tpmrm0. In theory you can stack resource managers on top of each other but I have never tried. But you could also just use the in-kernel RM directly and not use tpm2-abrmd unless you need policy support.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@abdawoud @williamcroberts