my ideas, in order, are:
1. do you have the TPM configured?
2. if you run the highlighted programs here: https://git.sr.ht/~nabijaczleweli/tzpfms/tree/af6835d586c1f52c5d4f0ff62c82d9e6ec46aa73/item/src/bin/zfs-tpm2-change-key.cpp#L45-46 in order, do they error out, too? (but don't run evictcontrol, you'll have to GC)
3. what if you run with TSS2_LOG=DEBUG (or TRACE) in the environment?
Sat Dec 03 20:04:03 +0000 2022Replying to @lstrojny
but "structure is the wrong size" is a very odd error to be seeing here. if running the tools directly works, how about adding "-gsha1" to the tpm2_createprimary invocation?
Sat Dec 03 20:43:41 +0000 2022Replying to @lstrojny
hm, that's all fine. I'm assuming `tpm2_createprimary -gsha1 -Q --hierarchy=o --key-context=prim2.ctx` works too, then? If so, try running tzpfms with TSS2_LOG=TRACE or =DEBUG in the environment, maybe?
Sat Dec 03 21:07:15 +0000 2022Replying to @lstrojny
i was misremembering, i think, insofar as i had issues with some TPMs that refused to work in weird ways until they got `takeownerhip`ped, but yours is clearly fine
Sat Dec 03 21:09:07 +0000 2022Replying to @lstrojny
The sizing error makes me suspicious of maybe a weird userspace incompatibility? Did you build manually or are you using a package? If the latter, could you build from source and re-try?
Sat Dec 03 21:17:18 +0000 2022Replying to @lstrojny
If the former (or you're re-building already and it still doesn't work), could you follow https://git.sr.ht/~nabijaczleweli/tzpfms#testing (adjust the .so paths for your arch)? By IPCing to swtpm instead of your (hardware, I'm assuming?) TPM, that isolates the weird incompatibility w/just the TPM itself.
Sat Dec 03 21:20:41 +0000 2022Replying to @lstrojny
I've tested this on both swtpm (naturally) in a few configurations, and some hardware TPM2s, so it's a mild surprise it's actually blowing up. and, having just re-tried it, bullseye-package-on-bullseye does Just Work w/swtpm for me, so it may be a hw interaction, which is hell.
Sat Dec 03 21:30:02 +0000 2022Replying to @lstrojny
okay that's good, I thought I was losing my sanity there. I may've found a potential culprit; could you please try the "test" branch (e43c5d0)?
Sat Dec 03 22:08:35 +0000 2022Replying to @lstrojny
okay I GDBed all the way to the Esys_CreatePrimary call and massaged (almost) all the arguments to be identical to the ones that tpm2_createprimary uses; can you please try the test branch again (dd796f5)?
Sat Dec 03 22:58:28 +0000 2022Replying to @lstrojny
if this doesn't work (or at least change where it blows up) I'm giving up
Sat Dec 03 22:59:16 +0000 2022Replying to @lstrojny
thank god. I have a hunch so as to the actual reason ("tpm:parameter(3):structure is the wrong size" => &metadata is parameter "3" (it's actually 8, which is why this wasn't obvious) => I made it empty), so if you wouldn't mind terribly, could you try test2 (4361ed3) to confirm?
Sat Dec 03 23:18:44 +0000 2022Replying to @lstrojny
great, I'll probably have an updated package out by tomorrow; for the record – what's the hardware and how would you like to be credited? (https://usrportage.de/ appears to be 500ing and returning no data)
Sat Dec 03 23:38:29 +0000 2022