Ecryptfs on TPM emulator

[Deadpoolmine]

Hello, dear sir.
I'm struggling on the tpm and ecryptfs for a long time. I can emulate the tpm device successfully with the follow command:

modprobe tpmd_dev
ecryptfsd
tpmd -d
/usr/local/sbin/tcsd
tpm_version
---------------------------------------------output---------------------------------------------------
tpmd.c:529: Info: starting TPM Emulator daemon (1.2.0.7-475)
tpmd.c:102: Info: parsing options
tpmd.c:109: Debug: debug mode enabled
tpmd.c:194: Info: no startup mode was specified; asuming 'clear'
tpmd.c:228: Info: installing signal handlers
tpmd.c:250: Info: daemonizing process
  TPM 1.2 Version Info:
  Chip Version:        1.2.0.7
  Spec Level:          2
  Errata Revision:     1
  TPM Vendor ID:       ETHZ
  TPM Version:         01010000
  Manufacturer Info:   4554485a

then, I generate my srk with the following command:

tpm_takeownership -u -y -z

After that, I can create my TPM key

ecryptfs-generate-tpm-key -p 0 -p 2 -p 3
---------------------------------------------output---------------------------------------------------
Success: Key created bound to:
PCR 0: 0000000000000000000000000000000000000000
PCR 2: 0000000000000000000000000000000000000000
PCR 3: 0000000000000000000000000000000000000000
And registered in persistent storage with UUID (tspi_uuid parameter): 913bdea9a6306838774ea3d961a27f9f

Then I mount encrypt file with the following command:

mkdir encrypt
mount -t ecryptfs -o key=tspi:tspi_uuid=913bdea9a6306838774ea3d961a27f9f,ecryptfs_cipher=aes,no_sig_cache,ecryptfs_key_bytes=16,ecryptfs_passthrough=n,ecryptfs_enable_filename_crypto=n encrypt/ encrypt/
---------------------------------------------output---------------------------------------------------
Attempting to mount with the following options:
  ecryptfs_unlink_sigs
  ecryptfs_key_bytes=16
  ecryptfs_cipher=aes
  ecryptfs_sig=94defdb44a6aab52
Mounted eCryptfs

Everything is fine here, I can normally echo content into encrypt/file like this

echo "Hello World" > ./encrypt/hello
cat ./encrypt/hello
---------------------------------------------output---------------------------------------------------
Hello World

And I umount the fs, remount then, things become weird:

umount ./encrypt
mount -t ecryptfs -o key=tspi:tspi_uuid=913bdea9a6306838774ea3d961a27f9f,ecryptfs_cipher=aes,no_sig_cache,ecryptfs_key_bytes=16,ecryptfs_passthrough=n,ecryptfs_enable_filename_crypto=n encrypt/ encrypt/
cat ./encrypt/hello
---------------------------------------------output---------------------------------------------------
Attempting to mount with the following options:
  ecryptfs_unlink_sigs
  ecryptfs_key_bytes=16
  ecryptfs_cipher=aes
  ecryptfs_sig=94defdb44a6aab52
Mounted eCryptfs
cat ./encrypt/hello: Input/output error

Here is the log message:

[116125.323576] Failed to parse tag 65 packet; rc = [-5]
[116125.323576] ecryptfs_parse_packet_set: Error decrypting the session key for authentication token with sig [94defdb44a6aab52]; rc = [-5]. Removing auth tok candidate from the list and searching for the next match.
[116125.323576] ecryptfs_parse_packet_set: Could not find a usable authentication token
[116125.323576] Valid eCryptfs headers not found in file header region or xattr region, inode 3182408

Here is the version:

• kernel: Linux version 4.12.14-120-default (geeko@buildhost) (gcc version 4.8.5 (SUSE Linux) ) Fix cross build issues #1 SMP Thu Nov 7 16:39:09 UTC 2019 (fd9dc36)
• tcsd: TrouSerS trousers 0.3.9
• tpmd: starting TPM Emulator daemon (1.2.0.7-475)
• ecryptfsd: ecryptfsd (ecryptfs-utils) 104
• tpm-tools: version: 1.3.8

Could anybody tell me how to solve this, thank you very much 💐