User Activity

  • Posted a comment on discussion General Discussion on IBM's TPM 2.0 TSS

    This is a good point. I'm contacting the TPM WG to understand the rationale and the co-author who I think wrote that section of the book. However, I suspect that you have to put it in an NV index and nvread and loadexternal when you want to use it. Even if the TPM design is wrong, I suspect it's too late to change it.

  • Posted a comment on discussion General Discussion on IBM's TPM 2.0 TSS

    I now reproduced the error. I have an idea, but I have to confirm my theory with Nuvoton. As you noticed, Nuvoton and Infineon work differently. I suggest this fix, tested with both TPMs: int b5 = (publicArea->parameters.rsaDetail.exponent != 0) && (publicArea->parameters.rsaDetail.exponent != 0x010001); I'll put in the next release. Thanks for the report.

  • Posted a comment on discussion General Discussion on IBM's TPM 2.0 TSS

    The TPM recommends exponent 0 for interoperability. The TPM MAY accept 65537. When you created the key, I suspect that you specified exponent 65537. If so, can you retry with exponent 0? If that works, I would use exponent 0. 65537 works for Nuvoton, but it's a MAY, so it's not guaranteed to be interoperable. If my suspicion is correct, I would leave the TSS code as is. It gave early detection of an interoperability problem.

  • Posted a comment on discussion General Discussion on IBM's Software TPM 2.0

    My guess is that you missed this from the wiki and the documentation: Use OpenSSL 1.0.x, not 1.1.x, which is a major API departure from previous versions.

  • Posted a comment on discussion General Discussion on IBM's Software TPM 2.0

    Let me know what version of gcc you're using and I'll try to test. Each new compiler version seems to detect slightly different warnings. What's happening is there are variables that are unused in some build configurations. We use x=x; to surpress false "variable unused" warnings. However, you're compiler complains that x is uninitialized. ~~ For this particular case, comment out NOT_REFERENCED(dfResult); and move DRBG_SEED dfResult; into the #else path. ~~ However, I fear that this is one of many...

  • Posted a comment on discussion General Discussion on IBM's TPM 2.0 TSS

    This means that your TPM does not support (implement) TPM2_EncryptDecrypt. For PC Client TPMs (the usual implementation), this command is optional. TPMs often don't implement it because of export and import controls. The data sheet from your TPM manufacturer will tell you which commands are implemented. Or you can use getcapability with the capability TPM_CAP_COMMANDS.

  • Posted a comment on discussion General Discussion on IBM's TPM 2.0 TSS

    Welcome to the TPM world. Feel free to ask questions. Have you read the manual section 4.9 Command Line Utilities, where it discusses TPM_ENCRYPT_SESSIONS? This is likely to be the issue. If not, post again.

  • Posted a comment on discussion General Discussion on IBM's TPM 2.0 TSS

    The symmetric algorithm and key size are that of the parent storage key. So you modify them by using a different parent. There is no default. It's defined when you create the parent.

View All

Personal Data

Username:
kagoldman
Joined:
2010-04-30 19:27:53

Projects

Skills

  • No skills entered.

Personal Tools