NV index data is not deleted after TPM2_Clear and tpm_server restart

[Asaf Azarsky]

Using IBM TPM 2.0 TSS and SW TPM 2.0 I am trying to do the following:
powerup
startup
nvdefinespace -hi o -ha 01000000 -nalg sha256 +at ow +at or -sz 4
nvwrite -ha 01000000 -ic DONE
clear -hi l

All commands are successfully completed and I can read the string value "DONE" from NV
before clearing TPM.

Now if I kill tpm_server with calling TPM2_Shutdown and then restart it again, I am still
able to read the string value from the NV.

Shouldn't TPM_Clear permanently delete the NV data even if TPM2_Shutdown is not called?
Can I force TPM_Clear to clear NV with TPM2_Shutdown?

Thanks,
Asaf

[Ken Goldman]

The basic answer is, "Yes. TPM2_Clear chould delete NV indexes that were created using owner authorization." Your understanding is correct.

Several comments to help us debug.

1. Could you send the entire sequence of commands that causes the failure?
2. Could you try the "powerup" command (which power cycles the simulator) rather that killing tpm_server? Does it make a difference? I noticed that, on Linux, 'powerup' works correctly but killing and restarting the process does not permit 'startup -s'. I'm debugging.
3. After the clear, try "getcapability -cap 1 -pr 01000000". Is the NV index gone?
4. Are you on Linux, or another Unix? Is there a clear command that clears the screen. Does "clear -h" show the TSS help or clear the screen. Perhaps you need "./clear" or putting utils at the head of your path?

[Asaf Azarsky]

(2). If I try "powerup" rather than killing the problem doesn't exist, this case probably similar to calling shutdown.
(3). getcapability after "clear" returns: 0 handles as expected. I also tried calling "nvread" after "clear" which also fails with "TPM_RC_HANDLE - the handle is not correct for the use Handle number 1" , BUT in cases where I call any of this commands after "clear" the issue doesn't exists then, after the reboot.

I found out that the problem only exists if I kill "tpm_server" right after "clear", without executing anything else.

(1). Following is the entire sequence of commands:
<cycrh6-1:> ./tpm_server -rm</cycrh6-1:>

<cycrh6-2:> powerup
<cycrh6-2:> startup
<cycrh6-2:> nvdefinespace -hi o -ha 01000000 -nalg sha256 +at ow +at or -sz 4
<cycrh6-2:> nvwrite -ha 01000000 -ic DONE
<cycrh6-2:> clear -hi l</cycrh6-2:></cycrh6-2:></cycrh6-2:></cycrh6-2:></cycrh6-2:>

<cycrh6-1:> ^C
<cycrh6-1:> ./tpm_server</cycrh6-1:></cycrh6-1:>

<cycrh6-2:> powerup
<cycrh6-2:> startup
<cycrh6-2:> nvread -ha 01000000 -sz 4
nvread: data length 4
44 4f 4e 45</cycrh6-2:></cycrh6-2:></cycrh6-2:>

[Ken Goldman]

Thanks. I reproduced the error.

This is in the base TCG code. I suspect that it's not syncing the in memory state to NVChip after 'clear'. I posted to the TCG and hopefully will get a fix. In the meantime, you have a work around - do the powerup sequence rather than killing the TPM process.

[kazura utb]

This function is not syncing with NV memory.

NVMem.c: _plat__NvCommit(void)

Adding fflush(s_NVFile); to the line under 'fwrite' will work fine.