I am trying to setup an encrypted drive using the TPM2.0 module on a NUC7i5 on a new installation of Ubuntu server 18.04.
I compiled from sources and installed tpm2-tss (1.3.0), tpm2-abrmd (1.2.0) and tpm2-tools (3.0.2), and I tested some of the tpm2_* utilities and they seem to work. I also installed clevis v10.
I generated a secret using tpm2_getrandom 32 -o secret.key, and then tried to encrypt the secret using the TPM using the following command:
cat secret.key | sudo clevis encrypt tpm2 '{"pcr_ids":"7","pcr_bank":"sha256"}' > secret.jwe
When I do that however, I get the following error:
ERROR:
CreatePrimary Failed ! ErrorCode: 0x9a2
ERROR: Unable to run tpm2_createprimary
Creating TPM2 primary key failed!
When checking the status of the tpm2-abrmd service (systemctl status tpm2-abrmd.service), I get this error:
tpm2-abrmd[1308]: tpm2_response_get_handle: insufficient buffer to get handle
I tried different options for the clevis encryption, tried different ways to generate the secret, but I still can't figure out what the issue is.
The TPM module is a SLB9665 from Infineon Technologies.
I tried with and without taking ownership of the TPM, and always with a clear TPM every time.
Has anyone ran into that issue?