Skip to content

TPM measurements attempt fail on real hw

I got the following error output from stboot when running on a Supermicro machine with a TPM and Secure Boot.

2023/11/14 14:50:26 [INFO] Try TPM measurements
2023/11/14 14:50:26 [WARN] cannot fetch identity from TPM: Host: Identity
failed to measure TPM
failed to retrieve id: decoding NV_ReadPublic response: handle 1, error code 0xb : the handle is not correct for the use
2023/11/14 14:50:26 [INFO] Human-readable device identity:
2023/11/14 14:50:26 [INFO] Loading boot image into memory
2023/11/14 14:50:26 [INFO] Handing over control - kexec

I gave it a quick search and came across https://github.com/tpm2-software/tpm2-tools/issues/2698. Below I just provide the output of the same commands mentioned in there. I can probably provide any other info and command output from the machine if you want.

# tpm2_getcap handles-nv-index
- 0x1410001
- 0x1410002
- 0x1410004
- 0x1880001
- 0x1880011
- 0x1C00002
- 0x1C0000A
# tpm2_getcap properties-fixed
TPM2_PT_FAMILY_INDICATOR:
  raw: 0x322E3000
  value: "2.0"
TPM2_PT_LEVEL:
  raw: 0
TPM2_PT_REVISION:
  raw: 0x8A
  value: 1.38
TPM2_PT_DAY_OF_YEAR:
  raw: 0x8
TPM2_PT_YEAR:
  raw: 0x7E2
TPM2_PT_MANUFACTURER:
  raw: 0x49465800
  value: "IFX"
TPM2_PT_VENDOR_STRING_1:
  raw: 0x534C4D39
  value: "SLM9"
TPM2_PT_VENDOR_STRING_2:
  raw: 0x36373000
  value: "670"
TPM2_PT_VENDOR_STRING_3:
  raw: 0x0
  value: ""
TPM2_PT_VENDOR_STRING_4:
  raw: 0x0
  value: ""
TPM2_PT_VENDOR_TPM_TYPE:
  raw: 0x0
TPM2_PT_FIRMWARE_VERSION_1:
  raw: 0xD000B
TPM2_PT_FIRMWARE_VERSION_2:
  raw: 0x11CB00
TPM2_PT_INPUT_BUFFER:
  raw: 0x400
TPM2_PT_HR_TRANSIENT_MIN:
  raw: 0x4
TPM2_PT_HR_PERSISTENT_MIN:
  raw: 0x7
TPM2_PT_HR_LOADED_MIN:
  raw: 0x3
TPM2_PT_ACTIVE_SESSIONS_MAX:
  raw: 0x40
TPM2_PT_PCR_COUNT:
  raw: 0x18
TPM2_PT_PCR_SELECT_MIN:
  raw: 0x3
TPM2_PT_CONTEXT_GAP_MAX:
  raw: 0xFFFF
TPM2_PT_NV_COUNTERS_MAX:
  raw: 0x8
TPM2_PT_NV_INDEX_MAX:
  raw: 0x800
TPM2_PT_MEMORY:
  raw: 0x6
TPM2_PT_CLOCK_UPDATE:
  raw: 0x4000
TPM2_PT_CONTEXT_HASH:
  raw: 0xB
TPM2_PT_CONTEXT_SYM:
  raw: 0x6
TPM2_PT_CONTEXT_SYM_SIZE:
  raw: 0x80
TPM2_PT_ORDERLY_COUNT:
  raw: 0xFF
TPM2_PT_MAX_COMMAND_SIZE:
  raw: 0x58C
TPM2_PT_MAX_RESPONSE_SIZE:
  raw: 0x58C
TPM2_PT_MAX_DIGEST:
  raw: 0x20
TPM2_PT_MAX_OBJECT_CONTEXT:
  raw: 0x38F
TPM2_PT_MAX_SESSION_CONTEXT:
  raw: 0x1EE
TPM2_PT_PS_FAMILY_INDICATOR:
  raw: 0x1
TPM2_PT_PS_LEVEL:
  raw: 0x0
TPM2_PT_PS_REVISION:
  raw: 0x103
TPM2_PT_PS_DAY_OF_YEAR:
  raw: 0x0
TPM2_PT_PS_YEAR:
  raw: 0x0
TPM2_PT_SPLIT_MAX:
  raw: 0x80
TPM2_PT_TOTAL_COMMANDS:
  raw: 0x61
TPM2_PT_LIBRARY_COMMANDS:
  raw: 0x60
TPM2_PT_VENDOR_COMMANDS:
  raw: 0x1
TPM2_PT_NV_BUFFER_MAX:
  raw: 0x300
TPM2_PT_MODES:
  raw: 0x1
  value: TPMA_MODES_FIPS_140_2