You can subscribe to this list here.
2004 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
(1) |
---|---|---|---|---|---|---|---|---|---|---|---|---|
2005 |
Jan
|
Feb
|
Mar
(6) |
Apr
|
May
(32) |
Jun
(21) |
Jul
(27) |
Aug
(12) |
Sep
(34) |
Oct
(53) |
Nov
(36) |
Dec
(39) |
2006 |
Jan
(31) |
Feb
(24) |
Mar
(60) |
Apr
(20) |
May
(27) |
Jun
(82) |
Jul
(92) |
Aug
(70) |
Sep
(61) |
Oct
(94) |
Nov
(116) |
Dec
(50) |
2007 |
Jan
(145) |
Feb
(113) |
Mar
(87) |
Apr
(82) |
May
(46) |
Jun
(28) |
Jul
(56) |
Aug
(98) |
Sep
(51) |
Oct
(28) |
Nov
(65) |
Dec
(19) |
2008 |
Jan
(62) |
Feb
(65) |
Mar
(59) |
Apr
(30) |
May
(34) |
Jun
(19) |
Jul
(40) |
Aug
(28) |
Sep
(105) |
Oct
(21) |
Nov
(16) |
Dec
(6) |
2009 |
Jan
(24) |
Feb
(23) |
Mar
(29) |
Apr
(15) |
May
(9) |
Jun
(11) |
Jul
(34) |
Aug
(45) |
Sep
(18) |
Oct
(21) |
Nov
(26) |
Dec
(22) |
2010 |
Jan
(15) |
Feb
(12) |
Mar
(7) |
Apr
(9) |
May
(5) |
Jun
(20) |
Jul
(10) |
Aug
(34) |
Sep
(23) |
Oct
(14) |
Nov
(27) |
Dec
(2) |
2011 |
Jan
(5) |
Feb
|
Mar
(5) |
Apr
(1) |
May
(15) |
Jun
(1) |
Jul
(5) |
Aug
(33) |
Sep
(11) |
Oct
(12) |
Nov
(11) |
Dec
|
2012 |
Jan
(23) |
Feb
(12) |
Mar
|
Apr
(7) |
May
(5) |
Jun
(4) |
Jul
(5) |
Aug
(3) |
Sep
(21) |
Oct
(5) |
Nov
(10) |
Dec
(7) |
2013 |
Jan
(22) |
Feb
(9) |
Mar
(32) |
Apr
(2) |
May
(2) |
Jun
(4) |
Jul
(12) |
Aug
(21) |
Sep
(29) |
Oct
(12) |
Nov
(28) |
Dec
(10) |
2014 |
Jan
(23) |
Feb
(21) |
Mar
(30) |
Apr
(17) |
May
(25) |
Jun
(18) |
Jul
(4) |
Aug
(9) |
Sep
(8) |
Oct
(24) |
Nov
(43) |
Dec
(18) |
2015 |
Jan
(22) |
Feb
(6) |
Mar
(21) |
Apr
|
May
(2) |
Jun
(38) |
Jul
(4) |
Aug
(12) |
Sep
(18) |
Oct
(1) |
Nov
(5) |
Dec
(2) |
2016 |
Jan
(3) |
Feb
(10) |
Mar
(27) |
Apr
(8) |
May
(11) |
Jun
(22) |
Jul
(11) |
Aug
(13) |
Sep
(7) |
Oct
(1) |
Nov
(5) |
Dec
(6) |
2017 |
Jan
|
Feb
(3) |
Mar
(24) |
Apr
(9) |
May
(3) |
Jun
(1) |
Jul
(18) |
Aug
(4) |
Sep
|
Oct
(7) |
Nov
|
Dec
|
2018 |
Jan
|
Feb
|
Mar
|
Apr
|
May
(4) |
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
2019 |
Jan
(1) |
Feb
(2) |
Mar
|
Apr
|
May
|
Jun
(3) |
Jul
(1) |
Aug
|
Sep
|
Oct
(2) |
Nov
|
Dec
(4) |
2020 |
Jan
(9) |
Feb
(25) |
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
(1) |
Dec
|
2021 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
(4) |
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
From: Martin G. <omg...@gm...> - 2020-02-06 20:42:47
|
Hi all, I'm working on an application that needs to retrieve some information from a 1.2 TPM, such as its manufacturer info and values of its Permanent flags. My application usually just opens the TPM driver and talks directly to it; however, I saw that tcsd will open the driver and make it return EBUSY whenever my app tries to open it. Looking at man tcsd I saw the following: "tcsd is a user space daemon that should be (according to the TSS spec) the only portal to the TPM device driver. At boot time, tcsd should be started, it should open the TPM device driver and from that point on, all requests to the TPM should go through the TSS stack." I understand that, in order to talk to tcsd, my app should be linked against libtspi. This is undesirable for many reasons, so I'd like to know whether there's another way for me to communicate with the TPM when tcsd is running. Thanks! |
From: Kenneth G. <kgo...@us...> - 2020-02-04 14:17:47
|
Unfortunately, I know the TPM well (I wrote the simulator and was the spec editor), but I don't know trousers. I think trousers has a verbose mode. Does its trace show anything? If no one on the mailing list can help, I think you're have to run the TSS in a debugger. > From: Sam Jenkins <sam...@go...> > To: Ken Goldman <kgo...@us...> > Cc: tro...@li... > Date: 02/04/2020 04:20 AM > Subject: [EXTERNAL] Re: [TrouSerS-users] Unable to unseal data > > The return code is 1, i.e. not successful, but when I ran the > emulator in debug mode to try and get more information, its saying > unseal ran successfully, so honestly Im not sure where the failure > is occurring. > If you have any suggestions they'd be much appreciated. > Thanks > > On Mon, 3 Feb 2020 at 13:54, Ken Goldman <kgo...@us...> wrote: > Does the emulator show the unseal failing? I.e., is the TPM return code > not success? If so, I can help. If not, you need a trousers expert. > > On 2/1/2020 12:57 PM, Sam Jenkins via TrouSerS-users wrote: > > After some further debugging, without much to show for it, I've found > > that I had an issue where the tpm emulator was complaining about > > Tspi_LoadKeyByUUID, which appears to have been due to the key requiring > > authorisation, as such, GetKeyByUUID and LoadKey has to be used instead, > > while this has silenced the only error the tpm emulators is giving me, > > it still leads to tspi_data_unseal producing the return code 1. Making > > the matter more confusing is that, despite the key apparently not > > loading properly, tspi_data_seal was and is still working fine. Any > > support here would be greatly appreciated. > > > > > _______________________________________________ > TrouSerS-users mailing list > Tro...@li... > https://lists.sourceforge.net/lists/listinfo/trousers-users > > > -- > hello |
From: Sam J. <sam...@go...> - 2020-02-04 09:20:45
|
The return code is 1, i.e. not successful, but when I ran the emulator in debug mode to try and get more information, its saying unseal ran successfully, so honestly Im not sure where the failure is occurring. If you have any suggestions they'd be much appreciated. Thanks On Mon, 3 Feb 2020 at 13:54, Ken Goldman <kgo...@us...> wrote: > Does the emulator show the unseal failing? I.e., is the TPM return code > not success? If so, I can help. If not, you need a trousers expert. > > On 2/1/2020 12:57 PM, Sam Jenkins via TrouSerS-users wrote: > > After some further debugging, without much to show for it, I've found > > that I had an issue where the tpm emulator was complaining about > > Tspi_LoadKeyByUUID, which appears to have been due to the key requiring > > authorisation, as such, GetKeyByUUID and LoadKey has to be used instead, > > while this has silenced the only error the tpm emulators is giving me, > > it still leads to tspi_data_unseal producing the return code 1. Making > > the matter more confusing is that, despite the key apparently not > > loading properly, tspi_data_seal was and is still working fine. Any > > support here would be greatly appreciated. > > > > > _______________________________________________ > TrouSerS-users mailing list > Tro...@li... > https://lists.sourceforge.net/lists/listinfo/trousers-users > -- hello |
From: Ken G. <kgo...@us...> - 2020-02-03 13:54:14
|
Does the emulator show the unseal failing? I.e., is the TPM return code not success? If so, I can help. If not, you need a trousers expert. On 2/1/2020 12:57 PM, Sam Jenkins via TrouSerS-users wrote: > After some further debugging, without much to show for it, I've found > that I had an issue where the tpm emulator was complaining about > Tspi_LoadKeyByUUID, which appears to have been due to the key requiring > authorisation, as such, GetKeyByUUID and LoadKey has to be used instead, > while this has silenced the only error the tpm emulators is giving me, > it still leads to tspi_data_unseal producing the return code 1. Making > the matter more confusing is that, despite the key apparently not > loading properly, tspi_data_seal was and is still working fine. Any > support here would be greatly appreciated. |
From: Sam J. <sam...@go...> - 2020-02-01 17:57:32
|
After some further debugging, without much to show for it, I've found that I had an issue where the tpm emulator was complaining about Tspi_LoadKeyByUUID, which appears to have been due to the key requiring authorisation, as such, GetKeyByUUID and LoadKey has to be used instead, while this has silenced the only error the tpm emulators is giving me, it still leads to tspi_data_unseal producing the return code 1. Making the matter more confusing is that, despite the key apparently not loading properly, tspi_data_seal was and is still working fine. Any support here would be greatly appreciated. Thanks again, Sam Jenkins On Fri, 24 Jan 2020 at 08:12, Sam Jenkins <sam...@go...> wrote: > So I managed to get a program setup to seal data properly (mostly by > following the examples in the trusted guide to secure computing, but with a > bit of fiddling best off of the test-suite) > > So I've gotten to the point where Tspi_seal_data returned success. and > used getattribData to get the blob out and save it somewhere. But was > having problems with unsealing the data later, since I wasnt sure if the > problem was with how I was reading/writing the blob, or with my use of > unseal, I moved unseal into the seal function so it should litterally just > seal the data, then immediatly unseal it. however doing so returns an > error-code, so it appears the problem is with my use of unseal. unseal > itself is returning code 1, which I couldn't find an explanation for > anywhere. And seems to give an empty buffer. I'll put a code extract in > below. Please ignore that main doesnt clear any of this up, it does lower > down in the function, but I only wanted the snippet to have up to where the > problem was occuring. > > Thanks for the help. > Im running this on a TPM emulator and the trace of it seems to indicate > that unseal was succesfull as far as the tpm is concerend. > > test.h > > > #include <tss/tspi.h> > > TSS_RESULT result; > TSS_HCONTEXT hContext; > TSS_HTPM hTPM; > TSS_HKEY kHandle; > BYTE wks[20] = TSS_WELL_KNOWN_SECRET; > > int createKey(); > > int SealData(TSS_HKEY hKey, TSS_HPCRS hPcrs, UINT32 in_size, BYTE *in, > UINT32 *out_size, BYTE *out); > > int unsealData(TSS_HKEY hKey, UINT32 in_size, BYTE *in, UINT32 *out_size, > BYTE *out); > > _________________________________________________________________________ > test.c > > #include "test.h" > #include <stddef.h> > #include <stdio.h> > #include <stdlib.h> > #include <string.h> > #include <tss/platform.h> > #include <tss/tss_structs.h> > #include <tss/tss_typedef.h> > #include <unistd.h> > > int main() { > TSS_HPCRS pcrs; > UINT32 pcrsToUse[8] = {0, 1, 2, 3, 4, 5, 6, 7}; > UINT32 numOfPcrs = 8, inSize = 0, outSize = 0; > createKey(); > CreatePcrs(numOfPcrs, pcrsToUse, &pcrs); > > // read keyfile > FILE *fin, *fout; > BYTE inBuffer[400] = {0}, outBuffer[400] = {0}; > fin = fopen("/home/bham/Desktop/keyfile", "rb"); > fseek(fin, 0, SEEK_END); > inSize = ftell(fin); > outSize = inSize + 103; > > fseek(fin, 0, SEEK_SET); > fread(inBuffer, inSize, 1, fin); > fclose(fin); > // seal data > SealData(kHandle, pcrs, inSize, inBuffer, &outSize, outBuffer); > > } > > int createKey() { > > TSS_FLAG initFlags; > TSS_HKEY hSRK = 0; > TSS_HKEY hKey; > TSS_UUID key_uuid = {9}; > TSS_UUID SRK_UUID = TSS_UUID_SRK; > TSS_HPOLICY hOwnerPolicy; > Tspi_Context_Create(&hContext); > Tspi_SetAttribUint32(hContext, TSS_TSPATTRIB_CONTEXT_VERSION_MODE, 0, > TSS_TSPATTRIB_CONTEXT_VERSION_V1_2); > Tspi_Context_Connect(hContext, NULL); > // set self to owner > Tspi_Context_GetTpmObject(hContext, &hTPM); > Tspi_GetPolicyObject(hTPM, TSS_POLICY_USAGE, &hOwnerPolicy); > Tspi_Policy_SetSecret(hOwnerPolicy, TSS_SECRET_MODE_SHA1, 0, ""); > > Tspi_Context_LoadKeyByUUID(hContext, TSS_PS_TYPE_SYSTEM, SRK_UUID, > &hSRK); > // set SRK secret to well known secret > Tspi_GetPolicyObject(hSRK, TSS_POLICY_USAGE, &hOwnerPolicy); > Tspi_Policy_SetSecret(hOwnerPolicy, TSS_SECRET_MODE_SHA1, 20, wks); > > initFlags = TSS_KEY_TYPE_STORAGE | TSS_KEY_SIZE_2048 | > TSS_KEY_NOT_MIGRATABLE; > Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_RSAKEY, initFlags, > &hKey); > /* Create the key, not bound to any PCRs. That can be done on* a blob by > blob > * basis */ > Tspi_Key_CreateKey(hKey, hSRK, 0); > result = Tspi_Context_UnregisterKey(hContext, TSS_PS_TYPE_SYSTEM, > key_uuid, > &kHandle); > result = Tspi_Context_RegisterKey(hContext, hKey, TSS_PS_TYPE_SYSTEM, > key_uuid, TSS_PS_TYPE_SYSTEM, > SRK_UUID); > result = Tspi_Context_LoadKeyByUUID(hContext, TSS_PS_TYPE_SYSTEM, > key_uuid, > &kHandle); > return 0; > } > > > int SealData(TSS_HKEY hKey, TSS_HPCRS hPcrs, UINT32 in_size, BYTE *in, > UINT32 *out_size, BYTE *out) { > TSS_HENCDATA hEncData; > UINT32 keySize, tmp_out_size; > BYTE *tmp_out; > /* Create the encrypted data object in the TSP */ > Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_ENCDATA, > TSS_ENCDATA_SEAL, > &hEncData); > Tspi_GetAttribUint32(hKey, TSS_TSPATTRIB_KEY_INFO, > TSS_TSPATTRIB_KEYINFO_SIZE, > &keySize); > printf("%u is key size\n", keySize); > /* Make sure the data is small enough to be bound by this* > key,taking into account the OAEP padding size (38) and* the > size of the TPM_SEALED_DATA structure (65) */ > if (in_size > 153) { > printf("Data to be encrypted is too big !\n"); > return -1; > } > printf("%u bytes to seal\n", in_size); > printf("%s to seal\n", in); > printf("%u outputsize\n", *out_size); > result = Tspi_Data_Seal(hEncData, hKey, in_size, in, hPcrs); > > // This is the test unseal Im using directly afterwoods, wont be here in > finished program. > BYTE *outputholder; > result = Tspi_Data_Unseal(hEncData, hKey, &in_size, &outputholder); > FILE *fout; > fout = fopen("/home/bham/Desktop/Temp Work/testout", "wb"); > > write(fileno(fout), outputholder, *out_size); > fclose(fout); > > /* Now hEncData contains an encrypted blob, let’s extract * it */ > Tspi_GetAttribData(hEncData, TSS_TSPATTRIB_ENCDATA_BLOB, > TSS_TSPATTRIB_ENCDATABLOB_BLOB, > &tmp_out_size, > &tmp_out); > printf("output of get data: %u\n",result); > > > > printf("result = %i\n", result); > printf("%u = tmp_out_size\n", tmp_out_size); > printf("%s = tmp_out\n", tmp_out); > > memcpy(out, tmp_out, tmp_out_size); > *out_size = tmp_out_size; > > printf("out is :%s\n", out); > /* Free the blob returned by the TSP */ > // Tspi_Context_FreeMemory(hContext, tmp_out); > /* Close the encrypted data object, it will no longer * be used */ > // Tspi_Context_CloseObject(hContext, hEncData); > return 0; > } > -- hello |
From: Ken G. <kgo...@us...> - 2020-01-30 19:57:21
|
On 1/28/2020 12:55 AM, Ajeet Singh wrote: > > Could you please help me to get public EK(Endorsement Key) of TPM > without entering owner password. > > What changes I need to make in code of tpm_getpubek to get public key > without entering any password? By design, if there is an owner, you need the owner password. This was a privacy feature. Before there is an owner, the EK pub can be read without authorization. |
From: Ajeet S. <aj...@re...> - 2020-01-28 06:17:34
|
Hi Team,Could you please help me to get public EK(Endorsement Key) of TPM without entering owner password.What changes I need to make in code of tpm_getpubek to get public key without entering any password?RegardsAjeet Singh |
From: Sam J. <sam...@go...> - 2020-01-24 08:12:38
|
So I managed to get a program setup to seal data properly (mostly by following the examples in the trusted guide to secure computing, but with a bit of fiddling best off of the test-suite) So I've gotten to the point where Tspi_seal_data returned success. and used getattribData to get the blob out and save it somewhere. But was having problems with unsealing the data later, since I wasnt sure if the problem was with how I was reading/writing the blob, or with my use of unseal, I moved unseal into the seal function so it should litterally just seal the data, then immediatly unseal it. however doing so returns an error-code, so it appears the problem is with my use of unseal. unseal itself is returning code 1, which I couldn't find an explanation for anywhere. And seems to give an empty buffer. I'll put a code extract in below. Please ignore that main doesnt clear any of this up, it does lower down in the function, but I only wanted the snippet to have up to where the problem was occuring. Thanks for the help. Im running this on a TPM emulator and the trace of it seems to indicate that unseal was succesfull as far as the tpm is concerend. test.h #include <tss/tspi.h> TSS_RESULT result; TSS_HCONTEXT hContext; TSS_HTPM hTPM; TSS_HKEY kHandle; BYTE wks[20] = TSS_WELL_KNOWN_SECRET; int createKey(); int SealData(TSS_HKEY hKey, TSS_HPCRS hPcrs, UINT32 in_size, BYTE *in, UINT32 *out_size, BYTE *out); int unsealData(TSS_HKEY hKey, UINT32 in_size, BYTE *in, UINT32 *out_size, BYTE *out); _________________________________________________________________________ test.c #include "test.h" #include <stddef.h> #include <stdio.h> #include <stdlib.h> #include <string.h> #include <tss/platform.h> #include <tss/tss_structs.h> #include <tss/tss_typedef.h> #include <unistd.h> int main() { TSS_HPCRS pcrs; UINT32 pcrsToUse[8] = {0, 1, 2, 3, 4, 5, 6, 7}; UINT32 numOfPcrs = 8, inSize = 0, outSize = 0; createKey(); CreatePcrs(numOfPcrs, pcrsToUse, &pcrs); // read keyfile FILE *fin, *fout; BYTE inBuffer[400] = {0}, outBuffer[400] = {0}; fin = fopen("/home/bham/Desktop/keyfile", "rb"); fseek(fin, 0, SEEK_END); inSize = ftell(fin); outSize = inSize + 103; fseek(fin, 0, SEEK_SET); fread(inBuffer, inSize, 1, fin); fclose(fin); // seal data SealData(kHandle, pcrs, inSize, inBuffer, &outSize, outBuffer); } int createKey() { TSS_FLAG initFlags; TSS_HKEY hSRK = 0; TSS_HKEY hKey; TSS_UUID key_uuid = {9}; TSS_UUID SRK_UUID = TSS_UUID_SRK; TSS_HPOLICY hOwnerPolicy; Tspi_Context_Create(&hContext); Tspi_SetAttribUint32(hContext, TSS_TSPATTRIB_CONTEXT_VERSION_MODE, 0, TSS_TSPATTRIB_CONTEXT_VERSION_V1_2); Tspi_Context_Connect(hContext, NULL); // set self to owner Tspi_Context_GetTpmObject(hContext, &hTPM); Tspi_GetPolicyObject(hTPM, TSS_POLICY_USAGE, &hOwnerPolicy); Tspi_Policy_SetSecret(hOwnerPolicy, TSS_SECRET_MODE_SHA1, 0, ""); Tspi_Context_LoadKeyByUUID(hContext, TSS_PS_TYPE_SYSTEM, SRK_UUID, &hSRK); // set SRK secret to well known secret Tspi_GetPolicyObject(hSRK, TSS_POLICY_USAGE, &hOwnerPolicy); Tspi_Policy_SetSecret(hOwnerPolicy, TSS_SECRET_MODE_SHA1, 20, wks); initFlags = TSS_KEY_TYPE_STORAGE | TSS_KEY_SIZE_2048 | TSS_KEY_NOT_MIGRATABLE; Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_RSAKEY, initFlags, &hKey); /* Create the key, not bound to any PCRs. That can be done on* a blob by blob * basis */ Tspi_Key_CreateKey(hKey, hSRK, 0); result = Tspi_Context_UnregisterKey(hContext, TSS_PS_TYPE_SYSTEM, key_uuid, &kHandle); result = Tspi_Context_RegisterKey(hContext, hKey, TSS_PS_TYPE_SYSTEM, key_uuid, TSS_PS_TYPE_SYSTEM, SRK_UUID); result = Tspi_Context_LoadKeyByUUID(hContext, TSS_PS_TYPE_SYSTEM, key_uuid, &kHandle); return 0; } int SealData(TSS_HKEY hKey, TSS_HPCRS hPcrs, UINT32 in_size, BYTE *in, UINT32 *out_size, BYTE *out) { TSS_HENCDATA hEncData; UINT32 keySize, tmp_out_size; BYTE *tmp_out; /* Create the encrypted data object in the TSP */ Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_ENCDATA, TSS_ENCDATA_SEAL, &hEncData); Tspi_GetAttribUint32(hKey, TSS_TSPATTRIB_KEY_INFO, TSS_TSPATTRIB_KEYINFO_SIZE, &keySize); printf("%u is key size\n", keySize); /* Make sure the data is small enough to be bound by this* key,taking into account the OAEP padding size (38) and* the size of the TPM_SEALED_DATA structure (65) */ if (in_size > 153) { printf("Data to be encrypted is too big !\n"); return -1; } printf("%u bytes to seal\n", in_size); printf("%s to seal\n", in); printf("%u outputsize\n", *out_size); result = Tspi_Data_Seal(hEncData, hKey, in_size, in, hPcrs); // This is the test unseal Im using directly afterwoods, wont be here in finished program. BYTE *outputholder; result = Tspi_Data_Unseal(hEncData, hKey, &in_size, &outputholder); FILE *fout; fout = fopen("/home/bham/Desktop/Temp Work/testout", "wb"); write(fileno(fout), outputholder, *out_size); fclose(fout); /* Now hEncData contains an encrypted blob, let’s extract * it */ Tspi_GetAttribData(hEncData, TSS_TSPATTRIB_ENCDATA_BLOB, TSS_TSPATTRIB_ENCDATABLOB_BLOB, &tmp_out_size, &tmp_out); printf("output of get data: %u\n",result); printf("result = %i\n", result); printf("%u = tmp_out_size\n", tmp_out_size); printf("%s = tmp_out\n", tmp_out); memcpy(out, tmp_out, tmp_out_size); *out_size = tmp_out_size; printf("out is :%s\n", out); /* Free the blob returned by the TSP */ // Tspi_Context_FreeMemory(hContext, tmp_out); /* Close the encrypted data object, it will no longer * be used */ // Tspi_Context_CloseObject(hContext, hEncData); return 0; } |
From: Debora V. B. <de...@li...> - 2020-01-23 22:44:51
|
On Thu, 2020-01-23 at 16:17 +0000, Sam Jenkins wrote: > Hi Debbie, > > I should have emailed in again as I have managed to get around this > issue. > It seems like it was being caused indirectly by me not properly set > up the owner key. > > Sorry for not stating as much. > > Would you be willing to help me with a different issue I've run into > while trying use unseal? > If you wouldn't mind I can post the code as well as the different > outputs I've been getting from it? Sure, feel free to post it (with updated subject line if it is no longer an issue with Tspi_LoadKeyByUUID). > > On Thu, 23 Jan 2020 at 10:16, Debora Velarde Babb < > de...@li...> wrote: > > On Sat, 2020-01-04 at 10:03 +0000, Sam Jenkins via TrouSerS-users > > wrote: > > > Hi there, > > > I've been trying to setup a short program to seal and unseal a > > file > > > using the TSPI library, and seem to have run into a wall, when I > > try > > > to load the key in by uuid I keep getting an error of 12556, > > which > > > from what I've looked up, is TSS_E_INVALID_OBJECT_INITFLAG But I > > > havn't been able to fix it by changing round the object flags > > etc. > > > I'll post my code below up to the point where the error's > > occuring, > > > any help would be much appreciated. > > > > Hi Sam, > > > > Are you able to also please share the output as well? > > > > Thanks, > > Debbie > > > > > > > > int main(int argc, const char argv[]) { > > > TSS_HCONTEXT hContext; > > > TSS_RESULT result; > > > TSS_HTPM hTPM = 0; > > > TSS_UUID thisID = {9}; > > > TSS_HKEY hKey, hSRK; > > > TSS_UUID SRK_UUID = TSS_UUID_SRK; > > > UINT32 pcrs[8] = {0, 1, 2, 3, 4, 5, 6, 7}; > > > Tspi_Context_Create(&hContext); > > > /* Connect to the local TCS provider */ > > > Tspi_Context_Connect(hContext, NULL); > > > Tspi_Context_GetTpmObject(hContext, &hTPM); > > > keySetup(&hContext); > > > printf( > > > "%u is load error\n", > > > Tspi_Context_LoadKeyByUUID(hContext, TSS_PS_TYPE_SYSTEM, > > > thisID, &hKey)); > > > sealFile(&hContext, &hTPM, "test.txt", hKey, pcrs, 8); > > > unsealFile(&hContext, "test.txt", hKey); > > > Tspi_Context_FreeMemory(hContext, NULL); > > > result = Tspi_Context_Close(hContext); > > > if (result == TSS_SUCCESS) { > > > printf("succesfully close context\n"); > > > } else { > > > return 0; > > > } > > > return 0; > > > } > > > > > > > > > int keySetup(TSS_HCONTEXT *hContext) { > > > > > > TSS_UUID SRK_UUID = TSS_UUID_SRK; > > > TSS_UUID thisID = {9}; > > > TSS_FLAG initFlags; > > > TSS_HKEY hSRK, hKey, temp; > > > TSS_HPOLICY hPolicy; > > > initFlags = TSS_KEY_TYPE_STORAGE | TSS_KEY_SIZE_2048 | > > > TSS_KEY_NO_AUTHORIZATION | TSS_KEY_NOT_MIGRATABLE; > > > > > > /* Load the new key’s parent key, the Storage Root Key */ > > > Tspi_Context_LoadKeyByUUID(*hContext, TSS_PS_TYPE_SYSTEM, > > SRK_UUID, > > > &hSRK); > > > /* Create the software key object */ > > > Tspi_Context_CreateObject(*hContext, TSS_OBJECT_TYPE_RSAKEY, > > > initFlags, > > > &hKey); > > > Tspi_Key_CreateKey(hKey, hSRK, 0); > > > Tspi_Context_UnregisterKey(*hContext, TSS_PS_TYPE_SYSTEM, > > thisID, > > > &temp); > > > printf("%u is register error\n", > > > Tspi_Context_RegisterKey(*hContext, hKey, > > > TSS_PS_TYPE_SYSTEM, thisID, > > > TSS_PS_TYPE_SYSTEM, SRK_UUID)); > > > return 0; > > > } > > > _______________________________________________ > > > TrouSerS-users mailing list > > > Tro...@li... > > > https://lists.sourceforge.net/lists/listinfo/trousers-users > > > > > > |
From: Sam J. <sam...@go...> - 2020-01-23 16:17:43
|
Hi Debbie, I should have emailed in again as I have managed to get around this issue. It seems like it was being caused indirectly by me not properly set up the owner key. Sorry for not stating as much. Would you be willing to help me with a different issue I've run into while trying use unseal? If you wouldn't mind I can post the code as well as the different outputs I've been getting from it? On Thu, 23 Jan 2020 at 10:16, Debora Velarde Babb <de...@li...> wrote: > On Sat, 2020-01-04 at 10:03 +0000, Sam Jenkins via TrouSerS-users > wrote: > > Hi there, > > I've been trying to setup a short program to seal and unseal a file > > using the TSPI library, and seem to have run into a wall, when I try > > to load the key in by uuid I keep getting an error of 12556, which > > from what I've looked up, is TSS_E_INVALID_OBJECT_INITFLAG But I > > havn't been able to fix it by changing round the object flags etc. > > I'll post my code below up to the point where the error's occuring, > > any help would be much appreciated. > > Hi Sam, > > Are you able to also please share the output as well? > > Thanks, > Debbie > > > > > int main(int argc, const char argv[]) { > > TSS_HCONTEXT hContext; > > TSS_RESULT result; > > TSS_HTPM hTPM = 0; > > TSS_UUID thisID = {9}; > > TSS_HKEY hKey, hSRK; > > TSS_UUID SRK_UUID = TSS_UUID_SRK; > > UINT32 pcrs[8] = {0, 1, 2, 3, 4, 5, 6, 7}; > > Tspi_Context_Create(&hContext); > > /* Connect to the local TCS provider */ > > Tspi_Context_Connect(hContext, NULL); > > Tspi_Context_GetTpmObject(hContext, &hTPM); > > keySetup(&hContext); > > printf( > > "%u is load error\n", > > Tspi_Context_LoadKeyByUUID(hContext, TSS_PS_TYPE_SYSTEM, > > thisID, &hKey)); > > sealFile(&hContext, &hTPM, "test.txt", hKey, pcrs, 8); > > unsealFile(&hContext, "test.txt", hKey); > > Tspi_Context_FreeMemory(hContext, NULL); > > result = Tspi_Context_Close(hContext); > > if (result == TSS_SUCCESS) { > > printf("succesfully close context\n"); > > } else { > > return 0; > > } > > return 0; > > } > > > > > > int keySetup(TSS_HCONTEXT *hContext) { > > > > TSS_UUID SRK_UUID = TSS_UUID_SRK; > > TSS_UUID thisID = {9}; > > TSS_FLAG initFlags; > > TSS_HKEY hSRK, hKey, temp; > > TSS_HPOLICY hPolicy; > > initFlags = TSS_KEY_TYPE_STORAGE | TSS_KEY_SIZE_2048 | > > TSS_KEY_NO_AUTHORIZATION | TSS_KEY_NOT_MIGRATABLE; > > > > /* Load the new key’s parent key, the Storage Root Key */ > > Tspi_Context_LoadKeyByUUID(*hContext, TSS_PS_TYPE_SYSTEM, SRK_UUID, > > &hSRK); > > /* Create the software key object */ > > Tspi_Context_CreateObject(*hContext, TSS_OBJECT_TYPE_RSAKEY, > > initFlags, > > &hKey); > > Tspi_Key_CreateKey(hKey, hSRK, 0); > > Tspi_Context_UnregisterKey(*hContext, TSS_PS_TYPE_SYSTEM, thisID, > > &temp); > > printf("%u is register error\n", > > Tspi_Context_RegisterKey(*hContext, hKey, > > TSS_PS_TYPE_SYSTEM, thisID, > > TSS_PS_TYPE_SYSTEM, SRK_UUID)); > > return 0; > > } > > _______________________________________________ > > TrouSerS-users mailing list > > Tro...@li... > > https://lists.sourceforge.net/lists/listinfo/trousers-users > > > -- hello |
From: Sam J. <sam...@go...> - 2020-01-23 16:14:31
|
Hi Debora, Its less that the issue was solved, and more that I realized that for the project I'd need to use a lot of the stuff from Tspi instead anyway, so I stopped trying to get tpmUnsealFile to link. So yes I guess? Thanks for the response. Sam Jenkins On Thu, 23 Jan 2020 at 09:15, Debora Velarde Babb <de...@li...> wrote: > On Sat, 2019-12-28 at 10:33 +0000, Sam Jenkins via TrouSerS-users > wrote: > > Hi, > > I've been trying to link against the tpm-tools library for a project > > im working on and have run into some difficulties. I've compiled and > > installed it all successfully, however, when I try to link against it > > in a make file, provided below, I get an error. > > CXXFLAGS += - I/usr/local/include > > LDFLAGS += -L/usr/local/lib > > test: test.c > > gcc -o test test.c > > this successfully finds the file, however it gives me an error with > > the following. > > /sir/local/include/tpm_tools/tpm_unseal.h:40:49: error: unknown type > > name 'BOOL' int tpmUnsealFile(char*, unsigned char**, int* BOOL) > > > > I'm not really sure I understand why this is occurring, given that > > the file that the errors is supposedly in was created by successfully > > running make_install, but any advice to fix this would be greatly > > appreciated. > > > > Thanks, > > Sam Jenkins. > > _______________________________________________ > > TrouSerS-users mailing list > > Tro...@li... > > https://lists.sourceforge.net/lists/listinfo/trousers-users > > Hi Sam, > > I saw that you posted a different issue to the list in January. Does > that mean that this issue is now resolved for you? > > Thanks, > Debbie > > -- hello |
From: Debora V. B. <de...@li...> - 2020-01-23 10:16:18
|
On Sat, 2020-01-04 at 10:03 +0000, Sam Jenkins via TrouSerS-users wrote: > Hi there, > I've been trying to setup a short program to seal and unseal a file > using the TSPI library, and seem to have run into a wall, when I try > to load the key in by uuid I keep getting an error of 12556, which > from what I've looked up, is TSS_E_INVALID_OBJECT_INITFLAG But I > havn't been able to fix it by changing round the object flags etc. > I'll post my code below up to the point where the error's occuring, > any help would be much appreciated. Hi Sam, Are you able to also please share the output as well? Thanks, Debbie > > int main(int argc, const char argv[]) { > TSS_HCONTEXT hContext; > TSS_RESULT result; > TSS_HTPM hTPM = 0; > TSS_UUID thisID = {9}; > TSS_HKEY hKey, hSRK; > TSS_UUID SRK_UUID = TSS_UUID_SRK; > UINT32 pcrs[8] = {0, 1, 2, 3, 4, 5, 6, 7}; > Tspi_Context_Create(&hContext); > /* Connect to the local TCS provider */ > Tspi_Context_Connect(hContext, NULL); > Tspi_Context_GetTpmObject(hContext, &hTPM); > keySetup(&hContext); > printf( > "%u is load error\n", > Tspi_Context_LoadKeyByUUID(hContext, TSS_PS_TYPE_SYSTEM, > thisID, &hKey)); > sealFile(&hContext, &hTPM, "test.txt", hKey, pcrs, 8); > unsealFile(&hContext, "test.txt", hKey); > Tspi_Context_FreeMemory(hContext, NULL); > result = Tspi_Context_Close(hContext); > if (result == TSS_SUCCESS) { > printf("succesfully close context\n"); > } else { > return 0; > } > return 0; > } > > > int keySetup(TSS_HCONTEXT *hContext) { > > TSS_UUID SRK_UUID = TSS_UUID_SRK; > TSS_UUID thisID = {9}; > TSS_FLAG initFlags; > TSS_HKEY hSRK, hKey, temp; > TSS_HPOLICY hPolicy; > initFlags = TSS_KEY_TYPE_STORAGE | TSS_KEY_SIZE_2048 | > TSS_KEY_NO_AUTHORIZATION | TSS_KEY_NOT_MIGRATABLE; > > /* Load the new key’s parent key, the Storage Root Key */ > Tspi_Context_LoadKeyByUUID(*hContext, TSS_PS_TYPE_SYSTEM, SRK_UUID, > &hSRK); > /* Create the software key object */ > Tspi_Context_CreateObject(*hContext, TSS_OBJECT_TYPE_RSAKEY, > initFlags, > &hKey); > Tspi_Key_CreateKey(hKey, hSRK, 0); > Tspi_Context_UnregisterKey(*hContext, TSS_PS_TYPE_SYSTEM, thisID, > &temp); > printf("%u is register error\n", > Tspi_Context_RegisterKey(*hContext, hKey, > TSS_PS_TYPE_SYSTEM, thisID, > TSS_PS_TYPE_SYSTEM, SRK_UUID)); > return 0; > } > _______________________________________________ > TrouSerS-users mailing list > Tro...@li... > https://lists.sourceforge.net/lists/listinfo/trousers-users |
From: Debora V. B. <de...@li...> - 2020-01-23 09:56:24
|
On Sat, 2019-12-28 at 10:33 +0000, Sam Jenkins via TrouSerS-users wrote: > Hi, > I've been trying to link against the tpm-tools library for a project > im working on and have run into some difficulties. I've compiled and > installed it all successfully, however, when I try to link against it > in a make file, provided below, I get an error. > CXXFLAGS += - I/usr/local/include > LDFLAGS += -L/usr/local/lib > test: test.c > gcc -o test test.c > this successfully finds the file, however it gives me an error with > the following. > /sir/local/include/tpm_tools/tpm_unseal.h:40:49: error: unknown type > name 'BOOL' int tpmUnsealFile(char*, unsigned char**, int* BOOL) > > I'm not really sure I understand why this is occurring, given that > the file that the errors is supposedly in was created by successfully > running make_install, but any advice to fix this would be greatly > appreciated. > > Thanks, > Sam Jenkins. > _______________________________________________ > TrouSerS-users mailing list > Tro...@li... > https://lists.sourceforge.net/lists/listinfo/trousers-users Hi Sam, I saw that you posted a different issue to the list in January. Does that mean that this issue is now resolved for you? Thanks, Debbie |
From: Sam J. <sam...@go...> - 2020-01-04 10:03:49
|
Hi there, I've been trying to setup a short program to seal and unseal a file using the TSPI library, and seem to have run into a wall, when I try to load the key in by uuid I keep getting an error of 12556, which from what I've looked up, is TSS_E_INVALID_OBJECT_INITFLAG But I havn't been able to fix it by changing round the object flags etc. I'll post my code below up to the point where the error's occuring, any help would be much appreciated. int main(int argc, const char argv[]) { TSS_HCONTEXT hContext; TSS_RESULT result; TSS_HTPM hTPM = 0; TSS_UUID thisID = {9}; TSS_HKEY hKey, hSRK; TSS_UUID SRK_UUID = TSS_UUID_SRK; UINT32 pcrs[8] = {0, 1, 2, 3, 4, 5, 6, 7}; Tspi_Context_Create(&hContext); /* Connect to the local TCS provider */ Tspi_Context_Connect(hContext, NULL); Tspi_Context_GetTpmObject(hContext, &hTPM); keySetup(&hContext); printf( "%u is load error\n", Tspi_Context_LoadKeyByUUID(hContext, TSS_PS_TYPE_SYSTEM, thisID, &hKey)); sealFile(&hContext, &hTPM, "test.txt", hKey, pcrs, 8); unsealFile(&hContext, "test.txt", hKey); Tspi_Context_FreeMemory(hContext, NULL); result = Tspi_Context_Close(hContext); if (result == TSS_SUCCESS) { printf("succesfully close context\n"); } else { return 0; } return 0; } int keySetup(TSS_HCONTEXT *hContext) { TSS_UUID SRK_UUID = TSS_UUID_SRK; TSS_UUID thisID = {9}; TSS_FLAG initFlags; TSS_HKEY hSRK, hKey, temp; TSS_HPOLICY hPolicy; initFlags = TSS_KEY_TYPE_STORAGE | TSS_KEY_SIZE_2048 | TSS_KEY_NO_AUTHORIZATION | TSS_KEY_NOT_MIGRATABLE; /* Load the new key’s parent key, the Storage Root Key */ Tspi_Context_LoadKeyByUUID(*hContext, TSS_PS_TYPE_SYSTEM, SRK_UUID, &hSRK); /* Create the software key object */ Tspi_Context_CreateObject(*hContext, TSS_OBJECT_TYPE_RSAKEY, initFlags, &hKey); Tspi_Key_CreateKey(hKey, hSRK, 0); Tspi_Context_UnregisterKey(*hContext, TSS_PS_TYPE_SYSTEM, thisID, &temp); printf("%u is register error\n", Tspi_Context_RegisterKey(*hContext, hKey, TSS_PS_TYPE_SYSTEM, thisID, TSS_PS_TYPE_SYSTEM, SRK_UUID)); return 0; } |
From: Sam J. <sam...@go...> - 2019-12-28 10:34:01
|
Hi, I've been trying to link against the tpm-tools library for a project im working on and have run into some difficulties. I've compiled and installed it all successfully, however, when I try to link against it in a make file, provided below, I get an error. CXXFLAGS += - I/usr/local/include LDFLAGS += -L/usr/local/lib test: test.c gcc -o test test.c this successfully finds the file, however it gives me an error with the following. /sir/local/include/tpm_tools/tpm_unseal.h:40:49: error: unknown type name 'BOOL' int tpmUnsealFile(char*, unsigned char**, int* BOOL) I'm not really sure I understand why this is occurring, given that the file that the errors is supposedly in was created by successfully running make_install, but any advice to fix this would be greatly appreciated. Thanks, Sam Jenkins. |
From: Ken G. <kgo...@us...> - 2019-12-06 14:11:52
|
On 12/6/2019 2:50 AM, Kyoungwon Kim wrote: > One more thing: after installing trousers and ownership has been taken, > I tried to run tpm_getpubek and now it's showing me this error message: > Tspi_TPM_GetPubEndorsementKey failed: 0x00000008 - layer=tpm, code=0008 > (8), The TPM target command has been disabled This is likely because the tool is using ReadPubek and the command is disabled by the readPubek flag false. takeownership sets readPubek false. After takeownership, owner auth is needed to read the EK. Use the OwnerReadInternalPub command. > then, > Tspi_TPM_GetPubEndorsementKey failed: 0x00000803 - layer=tpm, code=0803 > (2051), TPM is defending against dictionary attacks and is in some > time-out period If that's happening, perhaps the tool tries both commands and you're not specifying the correct owner auth. I believe that trousers has tracing capability. Can you post the actual commands that the tool is sending to the TPM. |
From: Ken G. <kgo...@us...> - 2019-12-06 14:04:27
|
On 12/6/2019 2:50 AM, Kyoungwon Kim wrote: > > I have an amd64 ubuntu 16.04 machine with hardware TPM. > I'm very new to TPM and all related libraries and services. > > I tried to run testsuite after downloading trousers from > https://launchpad.net/ubuntu/xenial/amd64/trousers/0.3.13-4 > > Then I noticed that a bunch of results would get TPM_E_DEFEND_LOCK_RUNNING, > which is the code for this error: "TPM is defending against dictionary > attacks and is in some time-out period." > > I have taken the ownership with tpm_takeownership and then specified the > owner and srk secrets in tcg/include/common.h. > I also tried the following: > > export TESTSUITE_OWNER_SECRET="my owner secret" > > export TESTSUITE_SRK_SECRET="my srk secret" > > But I'm getting the same result. The test that I would like to get a > successful result is Tspi_TPM_CreateIdentity. If you send more than a small number of incorrect passwords, the TPM will block commands for a time. This protects against a dictionary attack on the password. So, somehow you are sending bad authorization. At a higher level, are you sure that the TSS test suite is intended to run against a hardware TPM? Perhaps try some basic commands before trying the test suite. |
From: Kyoungwon K. <wo...@uc...> - 2019-12-06 08:21:22
|
Hello, I have an amd64 ubuntu 16.04 machine with hardware TPM. I'm very new to TPM and all related libraries and services. I tried to run testsuite after downloading trousers from https://launchpad.net/ubuntu/xenial/amd64/trousers/0.3.13-4 Then I noticed that a bunch of results would get TPM_E_DEFEND_LOCK_RUNNING, which is the code for this error: "TPM is defending against dictionary attacks and is in some time-out period." I have taken the ownership with tpm_takeownership and then specified the owner and srk secrets in tcg/include/common.h. I also tried the following: export TESTSUITE_OWNER_SECRET="my owner secret" export TESTSUITE_SRK_SECRET="my srk secret" But I'm getting the same result. The test that I would like to get a successful result is Tspi_TPM_CreateIdentity. One more thing: after installing trousers and ownership has been taken, I tried to run tpm_getpubek and now it's showing me this error message: Tspi_TPM_GetPubEndorsementKey failed: 0x00000008 - layer=tpm, code=0008 (8), The TPM target command has been disabled then, Tspi_TPM_GetPubEndorsementKey failed: 0x00000803 - layer=tpm, code=0803 (2051), TPM is defending against dictionary attacks and is in some time-out period Could someone guide me on how I could solve this issue? I don't have Windows running on my machine. I would like to use TPM in the Linux directly. Thank you in advance to all of you out there. |
From: Ken G. <kgo...@us...> - 2019-10-24 13:01:15
|
On 10/23/2019 8:10 PM, Kyoungwon Kim wrote: > Also, is it possible to directly work directly with the TPM driver from > another driver instead of using the TSS? If it is possible, could you > please share a website, where I could start looking into this? You probably mean, "... from another middleware instead of using the TSS." A driver does not normally call another driver. If so: Any application, middleware, or another TSS can call the TPM device driver directly. Trousers is not required. This has sample code for the most used TPM 1.2 commands: https://sourceforge.net/projects/ibmtpm20tss/ However: The Linux TPM 1.2 device driver is single process - one open() at a time. The trousers tcsd includes a resource manager that schedules multiple processes using the TPM. If you don't use tcsd, you are single process unless you write a resource manager. The Linux device driver for TPM 2.0 includes a resource manager. No tcsd is required. |
From: Kyoungwon K. <wo...@uc...> - 2019-10-24 01:20:03
|
To whom it may concern, Hello, my name is Kyoungwon Kim and I'm a graduate student at UCI. I'm working on a project that potentially uses TPM in x86 Linux machine. I already purchased the add-on TPM and changed the BIOS settings. I was very happy that it would successfully enable TPM. However, I realized that I can utilize TPM capabilities through TrouSerS and found out that so far it only works on i386. Have there been any updates regarding this? Is it impossible to use TPM features on x86 machines? Also, is it possible to directly work directly with the TPM driver from another driver instead of using the TSS? If it is possible, could you please share a website, where I could start looking into this? Thank you in advance for your help. Sincerely, Kyoungwon Kim |
From: Ricky T. <ric...@gm...> - 2019-07-19 13:53:28
|
*Component:: tpm-tools.x86_64 1.3.9-6.fc30 @fedora* *Enhancement request:* hi, starting automatically service* tcsd *in order to avoid the error reported at sourceforge <https://sourceforge.net/p/trousers/mailman/message/3991381/> which I was as well about to post. For now installing * tpm-tools* does not enable it by default; It then has to be enabled relying on tool *systemctl*. Regards |
From: Ken G. <kgo...@us...> - 2019-06-12 22:12:05
|
I'm not a Trousers user, but I know the TPM side. If you think it's a failure in the TPM interaction, send me the TPM side trace and I'll look at it. kgo...@us... On 6/10/2019 12:31 PM, Xiao Yang wrote: > Hi, > > tpmtoken_setpasswd got the following error when using tpm-emulator: > > # tpmtoken_setpasswd > Enter your TPM user password: > A new TPM user password is needed. The password must be between 4 and 8 > characters in length. > Enter new password: > Confirm password: > C_SetPIN failed: 0x00000006 (6) > > Is there anyone knows how to fix the issue? > > Best Regards, > > Xiao Yang > > > > |
From: Swamy J-S <swa...@in...> - 2019-06-11 11:33:51
|
Hi, I have written an application for signing some data. Earlier I was using Openssl 1.0.2n, where everything was working fine. Now I upgraded to Openssl 1.1.0g and made changes in my code as required. Here i have to send CSR to my server. Before that i have some "CSR content with hash" and i am using "TSPI_HASH_SIGN" function. But problem is, this function will again hash my "content with hash". So when i send CSR to server then it says that Signature Verification failed(I have attched my CSR picture here.) My code is as below: Tspi_Context_CreateObject(HConText, TSS_OBJECT_TYPE_HASH, TSS_HASH_SHA256, &H_Hash); Tspi_Hash_UpdateHashValue(H_Hash,datalen,data); Tspi_Hash_Sign(H_Hash, KeY_Signing, &Signature_Length, &Signature_Data); Is there any other method or API, so that I can send my "content with hash" to sign only(without hashing again)? |
From: Xiao Y. <ice...@16...> - 2019-06-10 16:31:31
|
Hi, tpmtoken_setpasswd got the following error when using tpm-emulator: # tpmtoken_setpasswd Enter your TPM user password: A new TPM user password is needed. The password must be between 4 and 8 characters in length. Enter new password: Confirm password: C_SetPIN failed: 0x00000006 (6) Is there anyone knows how to fix the issue? Best Regards, Xiao Yang |
From: Ken G. <kgo...@us...> - 2019-02-11 14:47:58
|
On 2/10/2019 1:32 PM, Andreas Dröscher wrote: > Hi David > > Thank you for your efforts. I will try Ken’s implementation > (https://sourceforge.net/projects/ibmswtpm/) and report back. Those old TPM 1.2 tools were mostly just demo code. I have the beginnings of a new set, as part of a combined TPM 1.2 / TPM 2.0 TSS. The 2.0 tools are quite complete, but the TPM 1.2 tools just have the minimal support for remote attestation. https://sourceforge.net/projects/ibmtpm20tss/ If the new tools don't have what you need, I can enhance them upon request. Note that the combined TSS supports much more than the command line tools, but it's also not complete yet. |