Menu
▾
▴
Re: [TrouSerS-users] TSS_E_BAD_PARAMETER problem in getting the values from the PCR's
|
From: Hal F. <hal...@gm...> - 2007-03-30 21:24:59
|
Here is a short article I wrote in January about the PcrComposite object. I can't point to it in the archive because it is garbled there. The Tspi_PcrComposite object is a little confusing. Tspi_PcrComposite_SetPcrValue does not actually change the TPM PCRs. It only changes the data in the Tspi_PcrComposite object. Also, Tspi_PcrComposite_GetPcrValue does not read the TPM PCRs, it only returns the data stored in the Tspi_PcrComposite object. You can do Tspi_PcrComposite_SetPcrValue before calling Tspi_Data_Seal. Then the data will be sealed to those values which you specified for the PCRs. This means that the TPM will only Unseal the data if the PCR values at that time match the values that were specified by Tspi_PcrComposite_SetPcrValue. It works the same way for Tspi_Key_CreateKey and Tspi_Key_WrapKey. You can specify PCR values using Tspi_PcrComposite_SetPcrValue and then the TPM will only use the key later if the PCR values at that time match what was specified when the key was created. The other function that uses the PCRs is Tspi_TPM_Quote. For this one you should use Tspi_PcrComposite_SelectPcrIndex to specify all the PCRs you want included in the Quote signature. You should not use Tspi_PcrComposite_SetPcrValue here, because the TPM will only Quote the current PCR values. After calling Tspi_TPM_Quote, you can call Tspi_PcrComposite_GetPcrValue to find out what PCR values were actually included in the Quote signature. You need to do this because of a possible "race condition": another process could be changing the PCRs and even if you read the PCRs immediately before or after the Quote, they could have changed from what they were during the Quote. These are the only functions* which use Tspi_PcrComposite objects. The main point to keep in mind is that such an object is not directly related to the actual TPM PCRs. Rather it represents a set of possible PCR values which might match the actual PCR values in the future or in the past. Hal * P.S. I am only familiar with the TSS 1.1 spec, there may be additional PCR functions in 1.2. |