** Description changed: Release: 22.04 with fips-updates - - Symptom: Use of TPM2 tools fails with error code 0x70001 (e.g., `tpm2_clear`, `tpm2_nvdefine 0x1500018 -C o -s 32`). I assume this is an incompatibility between tpm2-tools (5.2-1build1) and the fips OpenSSL package (3.0.5-0ubuntu0.1+Fips2.1). - + Symptom: Use of TPM2 tools fails with error code 0x70001 (e.g., + `tpm2_clear`, `tpm2_nvdefine 0x1500018 -C o -s 32`). I assume this is + an incompatibility between tpm2-tools (5.2-1build1) and the fips OpenSSL + package (3.0.5-0ubuntu0.1+Fips2.1). Example: ``` tpm2_clear - ERROR:esys_crypto:src/tss2-esys/esys_crypto_ossl.c:412:iesys_cryptossl_hmac_start() ErrorCode (0x00070001) DigestSignInit - ERROR:esys_crypto:src/tss2-esys/esys_crypto.c:185:iesys_crypto_authHmac() Error ErrorCode (0x00070001) - ERROR:esys:src/tss2-esys/esys_iutil.c:1244:iesys_compute_hmac() HMAC error ErrorCode (0x00070001) - ERROR:esys:src/tss2-esys/esys_iutil.c:1354:iesys_gen_auths() Error while computing hmacs ErrorCode (0x00070001) - ERROR:esys:src/tss2-esys/api/Esys_Clear.c:188:Esys_Clear_Async() Error in computation of auth values ErrorCode (0x00070001) - ERROR:esys:src/tss2-esys/api/Esys_Clear.c:74:Esys_Clear() Error in async function ErrorCode (0x00070001) + ERROR:esys_crypto:src/tss2-esys/esys_crypto_ossl.c:412:iesys_cryptossl_hmac_start() ErrorCode (0x00070001) DigestSignInit + ERROR:esys_crypto:src/tss2-esys/esys_crypto.c:185:iesys_crypto_authHmac() Error ErrorCode (0x00070001) + ERROR:esys:src/tss2-esys/esys_iutil.c:1244:iesys_compute_hmac() HMAC error ErrorCode (0x00070001) + ERROR:esys:src/tss2-esys/esys_iutil.c:1354:iesys_gen_auths() Error while computing hmacs ErrorCode (0x00070001) + ERROR:esys:src/tss2-esys/api/Esys_Clear.c:188:Esys_Clear_Async() Error in computation of auth values ErrorCode (0x00070001) + ERROR:esys:src/tss2-esys/api/Esys_Clear.c:74:Esys_Clear() Error in async function ErrorCode (0x00070001) ERROR: Esys_Clear(0x70001) - esapi:Catch all for all errors not otherwise specified ERROR: Unable to run tpm2_clear ``` - Steps to reproduce: - 1. Install new Ubuntu Server 22.04 - 2. Apply all updates - 3. Attach pro license and enable fips-updates service - 4. Install tpm2-tools - 5. Reboot - 6. Run `sudo tpm2_clear` - + 1. Install new Ubuntu Server 22.04 + 2. Apply all updates + 3. Attach pro license and enable fips-updates service + 4. Install tpm2-tools + 5. Reboot + 6. Run `sudo tpm2_clear` This looks similar to: https://github.com/tpm2-software/tpm2-tools/issues/2957 - - It seems like TPM2 management is an essential feature and seems to be - broken in out-of-box 22.04 FIPS. + TPM2 management seems to be broken in out-of-box 22.04 FIPS.
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2074270 Title: tpm2_tools error 0x70001 with fips-updates on 22.04 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/tpm2-tools/+bug/2074270/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
