[Touch-packages] [Bug 1969375] Re: systemd-cryptenroll does not support TPM2 devices
Thank you, I am away on holiday until next wednesday but I will test during the second half of next week -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/1969375 Title: systemd-cryptenroll does not support TPM2 devices Status in systemd package in Ubuntu: In Progress Status in systemd source package in Jammy: Fix Committed Status in systemd source package in Kinetic: In Progress Bug description: [Impact] * TPM2/FIDO cannot be used to unlock luks encrpyted block devices * due to missing build-time support in systemd * Error message: "TPM2 not supported on this build." [Test Plan] # 1: check no new binary deps have been introduced to the systemd package, other than "libssl3", which is already installed by default. # Compare to this version of systemd 249.11-0ubuntu3.1: $ apt-cache depends systemd systemd PreDepends: libblkid1 PreDepends: libc6 PreDepends: libcap2 PreDepends: libgcrypt20 PreDepends: liblz4-1 PreDepends: liblzma5 PreDepends: libselinux1 PreDepends: libzstd1 Depends: libacl1 Depends: libapparmor1 Depends: libaudit1 Depends: libcrypt1 Depends: libcryptsetup12 Depends: libgnutls30 Depends: libgpg-error0 Depends: libip4tc2 Depends: libkmod2 Depends: liblz4-1 Depends: libmount1 Depends: libpam0g Depends: libseccomp2 Depends: libsystemd0 Depends: util-linux Depends: mount Depends: adduser Conflicts: Conflicts: Conflicts: Breaks: resolvconf Breaks: udev |Recommends: dbus Recommends: dbus-broker dbus Recommends: networkd-dispatcher |Recommends: systemd-timesyncd Recommends: chrony ntp ntpsec openntpd systemd-timesyncd Suggests: systemd-container Suggests: policykit-1 # 2: check that systemd-cryptenroll doesn't have any undefined symbols that prevent it from running: $ systemd-cryptenroll --help # this should not crash systemd-cryptenroll [OPTIONS...] BLOCK-DEVICE Enroll a security token or authentication credential to a LUKS volume. -h --helpShow this help --version Show package version --passwordEnroll a user-supplied password --recovery-keyEnroll a recovery key --pkcs11-token-uri=URI Specify PKCS#11 security token URI --fido2-device=PATH Enroll a FIDO2-HMAC security token --fido2-with-client-pin=BOOL Whether to require entering a PIN to unlock the volume --fido2-with-user-presence=BOOL Whether to require user presence to unlock the volume --fido2-with-user-verification=BOOL Whether to require user verification to unlock the volume --tpm2-device=PATH Enroll a TPM2 device --tpm2-pcrs=PCR1+PCR2+PCR3+… Specify TPM2 PCRs to seal against --wipe-slot=SLOT1,SLOT2,… Wipe specified slots See the systemd-cryptenroll(1) man page for details. # initial setup $ dd if=/dev/zero of=encrypted.img bs=1 count=0 seek=100M $ echo -n "s0s3cur3" | cryptsetup luksFormat encrypted.img - $ sudo /usr/lib/systemd/systemd-cryptsetup attach volume encrypted.img Please enter passphrase for disk volume: s0s3cur3 Set cipher aes, mode xts-plain64, key size 512 bits for device encrypted.img. $ sudo mkfs.ext4 /dev/mapper/volume $ sudo mount /dev/mapper/volume /mnt $ sudo touch /mnt/TPM_TEST $ ls -la /mnt drwxr-xr-x 3 root root 4096 Jun 7 15:06 . drwxr-xr-x 20 root root 4096 Apr 20 11:45 .. drwx-- 2 root root 16384 Jun 7 15:06 lost+found -rw-r--r-- 1 root root 0 Jun 7 15:06 TPM_TEST $ sudo umount /dev/mapper/volume $ sudo cryptsetup luksClose volume $ ls -la /mnt # empty # 3: check non-TPM use cases (--password & --recovery-key) of systemd-cryptenroll have not regressed. # enroll additional password $ systemd-cryptenroll --password encrypted.img Please enter current passphrase for disk /home/lukas/canonical/systemd-dbg/encrypted.img: s0s3cur3 Please enter new passphrase for disk /home/lukas/canonical/systemd-dbg/encrypted.img: s0s3cr3t Please enter new passphrase for disk /home/lukas/canonical/systemd-dbg/encrypted.img (repeat): s0s3cr3t New password enrolled as key slot 1. $ sudo /usr/lib/systemd/systemd-cryptsetup attach volume encrypted.img Please enter passphrase for disk volume: s0s3cr3t Set cipher aes, mode xts-plain64, key size 512 bits for device encrypted.img. $ sudo cryptsetup luksClose volume $ systemd-cryptenroll --wipe-slot=1 encrypted.img Wiped slot 1. # enroll additional recovery-key $ systemd-cryptenroll --recovery-key encrypted.img Please
[Touch-packages] [Bug 1969375] [NEW] systemd-cryptenroll does not support TPM2 devices
Public bug reported: systemd-cryptenroll can make use of tpm2 modules to bind against secure boot pcrs and enable auto unlocking of luks devices. Following the instructions here: https://wiki.archlinux.org/title/Trusted_Platform_Module#systemd-cryptenroll the following commands fail on ubuntu jammy (5.15.0-25-generic) root@testbox:~# systemd-cryptenroll --tpm2-device=list TPM2 not supported on this build. root@testbox:~# systemd-cryptenroll --tpm2-device=auto --tpm2-pcrs=7 /dev/sda3 Please enter current passphrase for disk /dev/sda3: *** root@testbox:~# echo $? 1 It appears that this issue has been resolved in the debian build for systemd here: https://salsa.debian.org/systemd- team/systemd/-/commit/6b5e99f1d7f63c0c83007de9f98f7745f4a564f8 Can we get the same modifications to the Jammy systemd build? ** Affects: systemd (Ubuntu) Importance: Undecided Status: New ** Tags: luks systemd tpm2 ** Package changed: linux (Ubuntu) => systemd (Ubuntu) ** Description changed: systemd-cryptenroll can make use of tpm2 modules to bind against secure - boot pcrs an enable auto unlocking of luks devices. + boot pcrs and enable auto unlocking of luks devices. - Following the instructions here: + Following the instructions here: https://wiki.archlinux.org/title/Trusted_Platform_Module#systemd-cryptenroll the following commands fail on ubuntu jammy (5.15.0-25-generic) root@testbox:~# systemd-cryptenroll --tpm2-device=list TPM2 not supported on this build. root@testbox:~# systemd-cryptenroll --tpm2-device=auto --tpm2-pcrs=7 /dev/sda3 Please enter current passphrase for disk /dev/sda3: *** root@testbox:~# echo $? 1 It appears that this issue has been resolved in the debian build for systemd here: https://salsa.debian.org/systemd- team/systemd/-/commit/6b5e99f1d7f63c0c83007de9f98f7745f4a564f8 Can we get the same modifications to the Jammy systemd build? -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/1969375 Title: systemd-cryptenroll does not support TPM2 devices Status in systemd package in Ubuntu: New Bug description: systemd-cryptenroll can make use of tpm2 modules to bind against secure boot pcrs and enable auto unlocking of luks devices. Following the instructions here: https://wiki.archlinux.org/title/Trusted_Platform_Module#systemd-cryptenroll the following commands fail on ubuntu jammy (5.15.0-25-generic) root@testbox:~# systemd-cryptenroll --tpm2-device=list TPM2 not supported on this build. root@testbox:~# systemd-cryptenroll --tpm2-device=auto --tpm2-pcrs=7 /dev/sda3 Please enter current passphrase for disk /dev/sda3: *** root@testbox:~# echo $? 1 It appears that this issue has been resolved in the debian build for systemd here: https://salsa.debian.org/systemd- team/systemd/-/commit/6b5e99f1d7f63c0c83007de9f98f7745f4a564f8 Can we get the same modifications to the Jammy systemd build? To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1969375/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Bug 1969375] [NEW] systemd-cryptenroll does not support TPM2 devices
Public bug reported: systemd-cryptenroll can make use of tpm2 modules to bind against secure boot pcrs and enable auto unlocking of luks devices. Following the instructions here: https://wiki.archlinux.org/title/Trusted_Platform_Module#systemd-cryptenroll the following commands fail on ubuntu jammy (5.15.0-25-generic) root@testbox:~# systemd-cryptenroll --tpm2-device=list TPM2 not supported on this build. root@testbox:~# systemd-cryptenroll --tpm2-device=auto --tpm2-pcrs=7 /dev/sda3 Please enter current passphrase for disk /dev/sda3: *** root@testbox:~# echo $? 1 It appears that this issue has been resolved in the debian build for systemd here: https://salsa.debian.org/systemd- team/systemd/-/commit/6b5e99f1d7f63c0c83007de9f98f7745f4a564f8 Can we get the same modifications to the Jammy systemd build? ** Affects: systemd (Ubuntu) Importance: Undecided Status: New ** Tags: luks systemd tpm2 ** Package changed: linux (Ubuntu) => systemd (Ubuntu) ** Description changed: systemd-cryptenroll can make use of tpm2 modules to bind against secure - boot pcrs an enable auto unlocking of luks devices. + boot pcrs and enable auto unlocking of luks devices. - Following the instructions here: + Following the instructions here: https://wiki.archlinux.org/title/Trusted_Platform_Module#systemd-cryptenroll the following commands fail on ubuntu jammy (5.15.0-25-generic) root@testbox:~# systemd-cryptenroll --tpm2-device=list TPM2 not supported on this build. root@testbox:~# systemd-cryptenroll --tpm2-device=auto --tpm2-pcrs=7 /dev/sda3 Please enter current passphrase for disk /dev/sda3: *** root@testbox:~# echo $? 1 It appears that this issue has been resolved in the debian build for systemd here: https://salsa.debian.org/systemd- team/systemd/-/commit/6b5e99f1d7f63c0c83007de9f98f7745f4a564f8 Can we get the same modifications to the Jammy systemd build? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1969375 Title: systemd-cryptenroll does not support TPM2 devices To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1969375/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Kernel-packages] [Bug 1969375] [NEW] systemd-cryptenroll does not support TPM2 devices
Public bug reported: systemd-cryptenroll can make use of tpm2 modules to bind against secure boot pcrs and enable auto unlocking of luks devices. Following the instructions here: https://wiki.archlinux.org/title/Trusted_Platform_Module#systemd-cryptenroll the following commands fail on ubuntu jammy (5.15.0-25-generic) root@testbox:~# systemd-cryptenroll --tpm2-device=list TPM2 not supported on this build. root@testbox:~# systemd-cryptenroll --tpm2-device=auto --tpm2-pcrs=7 /dev/sda3 Please enter current passphrase for disk /dev/sda3: *** root@testbox:~# echo $? 1 It appears that this issue has been resolved in the debian build for systemd here: https://salsa.debian.org/systemd- team/systemd/-/commit/6b5e99f1d7f63c0c83007de9f98f7745f4a564f8 Can we get the same modifications to the Jammy systemd build? ** Affects: systemd (Ubuntu) Importance: Undecided Status: New ** Tags: luks systemd tpm2 ** Package changed: linux (Ubuntu) => systemd (Ubuntu) ** Description changed: systemd-cryptenroll can make use of tpm2 modules to bind against secure - boot pcrs an enable auto unlocking of luks devices. + boot pcrs and enable auto unlocking of luks devices. - Following the instructions here: + Following the instructions here: https://wiki.archlinux.org/title/Trusted_Platform_Module#systemd-cryptenroll the following commands fail on ubuntu jammy (5.15.0-25-generic) root@testbox:~# systemd-cryptenroll --tpm2-device=list TPM2 not supported on this build. root@testbox:~# systemd-cryptenroll --tpm2-device=auto --tpm2-pcrs=7 /dev/sda3 Please enter current passphrase for disk /dev/sda3: *** root@testbox:~# echo $? 1 It appears that this issue has been resolved in the debian build for systemd here: https://salsa.debian.org/systemd- team/systemd/-/commit/6b5e99f1d7f63c0c83007de9f98f7745f4a564f8 Can we get the same modifications to the Jammy systemd build? -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1969375 Title: systemd-cryptenroll does not support TPM2 devices Status in systemd package in Ubuntu: New Bug description: systemd-cryptenroll can make use of tpm2 modules to bind against secure boot pcrs and enable auto unlocking of luks devices. Following the instructions here: https://wiki.archlinux.org/title/Trusted_Platform_Module#systemd-cryptenroll the following commands fail on ubuntu jammy (5.15.0-25-generic) root@testbox:~# systemd-cryptenroll --tpm2-device=list TPM2 not supported on this build. root@testbox:~# systemd-cryptenroll --tpm2-device=auto --tpm2-pcrs=7 /dev/sda3 Please enter current passphrase for disk /dev/sda3: *** root@testbox:~# echo $? 1 It appears that this issue has been resolved in the debian build for systemd here: https://salsa.debian.org/systemd- team/systemd/-/commit/6b5e99f1d7f63c0c83007de9f98f7745f4a564f8 Can we get the same modifications to the Jammy systemd build? To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1969375/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Bug 1961758] Re: Fail to run tpm2 command under ubuntu server 22.04
I can confirm the following steps work on 21.10 fresh install to enroll
a TPM2.0 for use with a LUKS encrypted partition but do not work on
22.04.
apt install clevis clevis-tpm2 clevis-luks clevis-udisks2 clevis-systemd
clevis-initramfs
udevadm trigger
clevis luks bind -d /dev/sda3 tpm2 '{"pcr_bank":"sha256","pcr_ids":"0,1,7"}'
update-initramfs -u -k 'all'
The command starting with "clevis" fails with the following under a
fresh install of 22.04:
root@svdivr-:/var/log/installer# clevis luks bind -d /dev/sda3 tpm2
'{"pcr_bank":"sha256","pcr_ids":"0,1,7"}'
Enter existing LUKS password:
No key available with this passphrase.
Enter existing LUKS password:
Warning: Value 512 is outside of the allowed entropy range, adjusting it.
ERROR:esys_crypto:src/tss2-esys/esys_crypto_ossl.c:327:iesys_cryptossl_hmac_start()
ErrorCode (0x00070001) EVP_PKEY_new_mac_key
ERROR:esys_crypto:src/tss2-esys/esys_crypto.c:185:iesys_crypto_authHmac() Error
ErrorCode (0x00070001)
ERROR:esys:src/tss2-esys/esys_iutil.c:1244:iesys_compute_hmac() HMAC error
ErrorCode (0x00070001)
ERROR:esys:src/tss2-esys/esys_iutil.c:1354:iesys_gen_auths() Error while
computing hmacs ErrorCode (0x00070001)
ERROR:esys:src/tss2-esys/api/Esys_CreatePrimary.c:244:Esys_CreatePrimary_Async()
Error in computation of auth values ErrorCode (0x00070001)
ERROR:esys:src/tss2-esys/api/Esys_CreatePrimary.c:110:Esys_CreatePrimary()
Error in async function ErrorCode (0x00070001)
ERROR: Esys_CreatePrimary(0x70001) - esapi:Catch all for all errors not
otherwise specified
ERROR: Unable to run tpm2_createprimary
Creating TPM2 primary key failed!
Invalid input!
Usage: jose jwe fmt -i JWE [-I CT] [-o JWE] [-O CT] [-c]
Converts a JWE between serialization formats
-i JSON --input=JSON Parse JWE from JSON
-i FILE --input=FILE Read JWE from FILE
-i ---input=-Read JWE from standard input
-I FILE --detached=FILE Read decoded ciphertext from FILE
-I ---detached=- Read decoded ciphertext from standard input
-o JSON --output=JSONParse JWE from JSON
-o FILE --output=FILERead JWE from FILE
-o ---output=- Read JWE from standard input
Default: "-"
-O JSON --detach=JSONParse JWE from JSON
-O FILE --detach=FILERead JWE from FILE
-O ---detach=- Read JWE from standard input
-c --compactOutput JWE using compact serialization
Failed to import token from file.
Error saving metadata to LUKS2 header in device /dev/sda3
Unable to update metadata; operation cancelled
Error adding new binding to /dev/sda3
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1961758
Title:
Fail to run tpm2 command under ubuntu server 22.04
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/tpm2-tss-engine/+bug/1961758/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
JavaScriptObject deep copy.
Since it took me 3 hours to figure out why this doesn't work and I
could not find any other post on the subject, here is one way to do a
deep copy of a JavaScriptObject using JSNI.
public static final native JavaScriptObject deepCopy(JavaScriptObject
obj) /*-{
if (Object.prototype.toString.call(obj) === '[object Array]') {
var out = [], i = 0, len = obj.length;
for ( ; i len; i++ ) {
out[i] = arguments.callee(obj[i]);
}
return out;
}
if (typeof obj === 'object') {
var out = {}, i;
for ( i in obj ) {
if (i != __gwt_ObjectId) {
out[i] = arguments.callee(obj[i]);
}
}
return out;
}
return obj;
}-*/;
--
You received this message because you are subscribed to the Google Groups
Google Web Toolkit group.
To post to this group, send email to google-web-tool...@googlegroups.com.
To unsubscribe from this group, send email to
google-web-toolkit+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/google-web-toolkit?hl=en.
[jira] Created: (SYNAPSE-428) WstxIOException when using Dynamic Sequences with large size XML files
WstxIOException when using Dynamic Sequences with large size XML files -- Key: SYNAPSE-428 URL: https://issues.apache.org/jira/browse/SYNAPSE-428 Project: Synapse Issue Type: Bug Affects Versions: 1.2 Environment: Redhat Linux 5, Java 1.5. Catching message from JMS, transforming message, logging to database. Reporter: Dean Huffman When I'm using an external XML file for a dynamic sequence, Synapse throws an error when the XML file is too large. I'm not sure if it's related to the file size or to the number of elements. My sequence works correctly when specified all in one file. I'm running a query as part of the sequence so if i slim down the number of parameters, the sequence will also work when dynamically linked. However, once i found the maximum number of parameters that will execute, if i even add a html comment to the xml file, synapse will throw an error. I'm not able to post detailed stack traces but the top level error i'm receiving when things fail is: org.apache.axiom.om.OMException, com.ctc.wstx.exc.WstxIOException: Stream Closed. the linked xml file is not that large, only about 4 KB. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Real VNC over 52K modem
. I use VNC to connect from the road to my computer at home. One time the router went out and I could not connect to my computer. I therefore had my wife connect to the internet through a dial-up connection. In my area, the best speed I can get by dialup is 22 - 24 KBPS. The connection was SLOW but otherwise fine. The only problem I noted was that periodically I would have to reconnect to my home computer. with the slow connection speed, the VNC connection kept closng. The home computer maintianed the modem connection, however, so it was always simple to re-connect through VNC. I do not know why I kept losing the VNC connection, but I presume it was because of problems caused by the 22 KBPS connection. Dean Huffman - - - - I am very new to RealVNC and now am using it between computers, linux and windows. I really appreciate the functionality. My question: Mom lives on the west coast, I'm on the east. She only has a 52K dial-up modem. When she has computer problems, I walk through the checks and fixes with her over the phone. Invariably, right click gets mixed up with left click and she is not conveying precisely what is happening on her box. Terminology becomes an obstacle--the usual stuff for the home-user. I want to work on her box via RealVNC to show her what to do and teach her how things work. Can I have her install VNC and then work over the viewer through her 52K modem? If so, please note special hardware configurations that may be required. I have the standard broadband modem/router hookup. This would be a great teaching tool. -Mark ___ VNC-List mailing list VNC-List@realvnc.com To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list
Using SSH ...
. Is there a good URL that contains a tutorial on how to set up SSH for VNC? I have been trying to figure out the system and it appears that one computer (with the VNC server) must have an SSH server that accepts the messages (from an SSH client) and converts them to plaintext and sends them on to the VNC server on the same computer. The VNC server then responds, sends the message to the SSH server, on the same computer, in plaintext, which then converts the signal to an encrypted signal, sends it on to the SSH client on the other computer, which then translates the signal into plaintext and sends it to the VNC client on the same computer. Are the SSH applications on the client and server computer the SAME application, or are there different SSH applications for each computer? How, on the server end, does the VNC client (or web browser) know to send the text to SSH rather than directly to the internet? How does the SSH know to send the signal to the SSH on the other end rather than directly to VNC? In some of the tutorials I have found, it appears (but is not stated) that SSH is assumed to be running on the server side. What I am looking for is a tutorial that explains SSH and gives the nuts and bolts of setting it up. As an aside, why doesn't Windows (yes, I am embarrassed to admit that I use Windows) have SSH set up in its operating system so that one just has to do a few mouse clicks to get it started? Thanks. Dean Huffman ___ VNC-List mailing list VNC-List@realvnc.com To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list
