Only TPM 2.0 supported on devices?? RRS feed

  • Question

  • I'm getting a TPM driver error while running tpm_device_provision from the azure iot sdk.

    I've installed moby-engine, moby-cli, iotedge and libiothsm-std on an ARM device that has a TPM chip.

    I've built the azure-iot-sdk-c (2019-04-11) project, including the provisioning_client code.

    When I attempt to get auto-provisioning information on the device (running ubuntu 18.04.2) by executing tpm_device_provision as the root user, I get the following error(s):

    Gathering the registration information...
    Error: Time:Tue May  7 20:14:24 2019 File:/home/ubuntu/azure-iot-sdk-c/provisioning_client/deps/utpm/src/tpm_codec.c Func:TSS_CreatePersistentKey Line:217 Failed calling TPM2_ReadPublic 0x9a
    Error: Time:Tue May  7 20:14:24 2019 File:/home/ubuntu/azure-iot-sdk-c/provisioning_client/adapters/hsm_client_tpm.c Func:initialize_tpm_device Line:459 Failure calling creating persistent key for Endorsement key
    Error: Time:Tue May  7 20:14:24 2019 File:/home/ubuntu/azure-iot-sdk-c/provisioning_client/adapters/hsm_client_tpm.c Func:hsm_client_tpm_create Line:492 Failure initializing tpm device.
    Error: Time:Tue May  7 20:14:24 2019 File:/home/ubuntu/azure-iot-sdk-c/provisioning_client/src/prov_auth_client.c Func:prov_auth_create Line:306 failed create device auth module.
    failed creating security device handle

    The TPM chip installed on the device supports TPM 1.2, but not TPM 2. The majority of linux-supported TPM devices (aside from Intel desktops) are at TPM 1.2, not TPM 2.0. (See for instance kernel.org's documentation: devicetree/bindings/i2c/trivial-devices.txt)

    I'm able to open the TPM just fine using other tools (trousers and a Java-based TPM library).

    The azure tool fails in a function whose name is prefixed with TPM2, suggesting that maybe azure iot doesn't support TPM 1.2 (?)

    Is it the case that Microsoft does not support TPM 1.2?

    If so, are there any plans and a timeframe for fixing this limitation?


    Tuesday, May 7, 2019 9:33 PM

All replies

  • Hi,

    Are you following any documentation for the steps? Please check the platform support for more details on operating system support.

    Thursday, May 9, 2019 10:46 AM
  • I'm using ubuntu 18.04.2, which is a Tier 2 OS. As mentioned, the SDK builds fine, and the iotedge debian packages install properly.

    My question, though, is about the hardware requirements for the Azure C SDK on armhf.

    Is TPM 1.2 hardware supported? Or only 2.0?

    If only 2.0, is this a deliberate design decision - ie. Microsoft is not going to support 1.2 because they're focused on future technologies only and think it's useless to support an old standard? Or is it simply a matter of priorities, 2.0 was picked for initial implementation, and there are plans to support 1.2 in the near future?

    If 1.2, are there any limitations on supported devices?

    Thursday, May 9, 2019 11:23 AM
  • Hi,

    I haven’t found more details regarding the support of TPM 1.2. As per the documentation DPS only support version 2.0. I suggest you, provide your feedback on the UserVoice forum and upvote for this feature. Also, share the link here for reference.<o:p></o:p>

    All the feedback you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Azure.

    Wednesday, May 15, 2019 7:39 AM