SSAL Unseal operation failed alert reported during ONTAP upgrade
Applies to
- ONTAP upgrade to version 9.8 or higher
- Onboard Key Manager (OKM)
- Trusted Platform Module (TPM)
Issue
- During the ONTAP upgrade, the node reports the following error in the event logs.
[NodeA: svc_queue_thread: crypto.ssal.failed:alert]: SSAL operation failed: SSAL Unseal operation failed.
[NodeA: splog_main: mgr.boot.reason_ok:notice]: System rebooted after a giveback.
- This does not cause any issues with the upgrade process.
- SKTRACE.GZ logs at the time of the error indicate:
[0:0] SSAL_Error: tss_tpm_load:396 tss_malloc of 0 bytes failed for public buffer
[0:0] SSAL_Error: crypto_ssal_tpm_unseal:226 tss_tpm_load failed
[0:0] SSAL_Error: tss_log_error:232 crypto_ssal_tpm_unseal: failed, rc 000b0003
[0:0] SSAL_Error: tss_log_error:234 TSS_RC_MALLOC_SIZE - The malloc size is too large or zero
- At the same time, MGWD.GZ logs indicate:
- TPM getting upgraded
- Writes successfully happening in
KeymanagerConfigFile
[kern_mgwd:info:2666] 0x820cfde00: 0: DEBUG: security_mgwd::upgrade::TPMUpgradeRevert: [upgradeCommit]:107: Entering TPM Upgrade Task
[kern_mgwd:info:2666] 0x820cfde00: 0: DEBUG: keymanager_shared::KeymanagerConfigFile: [write]:192: started writing file: /cfcard/kmip/km_onboard.wkeydb
[kern_mgwd:info:2666] 0x820cfde00: 0: DEBUG: keymanager_shared::KeymanagerConfigFile: [write]:225: finished writing file: /cfcard/kmip/km_onboard.wkeydb
[kern_mgwd:info:2666] 0x820cfde00: 0: DEBUG: security_mgwd::upgrade::TPMUpgradeRevert: [upgradeCommit]:121: Finishing TPM Upgrade Task: success