hi - decided to create a new tread since its another issue now - instead of PCR8 as i tried previously, this time i tried to seal PCR17 instead, and i had to use TSS_PCRS_STRUCT_INFO_LONG flag as advised in a previous forum post.
1) using the modified testsuites code for unseal (which worked for PCR8), i tried to seal and then unseal the encrypted blob to PCR17 and it returned me a TPM_BAD_LOCALITY (0x3D) as the return value for tpm_unseal (which is not stated in the specs for TPM_Unseal). if i deliberately seal to a wrong PCR value, it will return the TPM_WRONGPCRVAL error code, which was what i expected. 2) If i try to unseal using the unseal (the first case is using the tspi_data_unseal(), in this case, i am in locality 3 sending parameters for a TPM_Unseal directly to the TPM ) i had written myself, i get the same error. The error log for (1) as follows, the log for (2) is the about same too, except that it is not generated from tcsd and it has different OIAP session nonces: TCSD TCS tcsi_seal.c:103 Entering Unseal TCSD TCS tcsi_seal.c:112 Auth used TCSD TCS tcs_key_mem_cache.c:159 ensureKeyIsLoaded: 0x40000000 TCSD TCS tcs_key_mem_cache.c:708 mc_get_slot_by_handle: TCSD mem_cached handle: 0x40000000 TCSD TCS tcs_key_mem_cache.c:167 keySlot is 40000000 TCSD TCS tcs_key_mem_cache.c:865 mc_update_time_stamp: TCSD mem_cached handle: 0x40000000 TCSD TCS tcs_key_mem_cache.c:192 ensureKeyIsLoaded: Exit To TPM: 00 C3 00 00 01 AA 00 00 00 18 40 00 00 00 00 16 To TPM: 00 00 00 00 00 36 00 06 01 00 00 03 00 00 00 00 To TPM: 03 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 To TPM: 00 00 00 00 00 00 00 00 08 A7 34 68 E0 11 85 51 To TPM: 86 80 B2 41 5B B9 59 07 CE 71 1D 9D 00 00 01 00 To TPM: 3D BB 49 46 F1 19 A8 D1 AA 26 DF CA 32 6C B6 B4 To TPM: 30 9E 82 38 6C 83 96 C0 68 87 09 2B 5E 0B 8C 29 To TPM: 96 B9 6A 12 D0 D3 9A BB D9 4B 23 35 07 40 04 5F To TPM: E8 5C 19 8B 7B 5D DF 7F A5 DC 71 69 D8 53 CB DF To TPM: 76 23 EF 9A 9F F9 8C 71 29 60 3D 89 9F 90 A7 53 To TPM: 59 32 CC 93 BA 51 EE 6F 11 E8 BC B0 49 55 40 83 To TPM: C6 31 A6 17 6F A2 10 4B FA E2 F0 C7 FA E0 D9 C4 To TPM: E9 4C 40 4B 1E 99 BC 42 3B AE 29 8B 0F 09 EB 68 To TPM: 82 1D F1 20 17 5C B4 C3 2F CC 93 7F 86 82 CA 1A To TPM: EC BB 50 3B F0 5F 75 6F 90 DB 47 7F 53 A9 E9 4B To TPM: 6F D2 AF 12 E7 0A 6B B3 62 B5 50 C7 47 C5 4F 3F To TPM: 00 AA F0 06 E0 D2 B3 5A 0A 90 86 34 4C 37 82 68 To TPM: DE 14 FA F3 96 63 62 FC C1 5B 8C 55 10 BD E4 85 To TPM: C7 17 13 B3 3C 4A 53 52 A5 53 FB F3 9C 76 94 07 To TPM: 13 59 B4 F9 C0 28 97 D2 0B 1A 87 7D 33 91 99 76 To TPM: 46 10 3E 54 26 1F 68 48 AD 80 99 6A 18 43 2B 43 To TPM: 8D DC 09 D7 7F 0F 0D CA ED 7A 80 C4 D9 6A C9 23 To TPM: 49 07 CF F9 88 B7 73 50 00 12 46 ED 03 FE 70 79 To TPM: BD 51 7E 56 F4 78 00 60 D6 56 0B 45 35 78 31 65 To TPM: 22 E7 1D 81 E5 F4 36 35 D7 00 4F AD 0E 82 55 83 To TPM: 9E 1C 28 98 90 00 D0 3B 0F D1 AE FA 78 F3 4C 4C To TPM: E6 A2 3F 88 0F A8 50 85 B7 FC TCSD TDDL tddl.c:105 Calling write to driver >From TPM: 00 C4 00 00 00 0A 00 00 00 3D --------------- did anyone try to seal and unseal to PCR17 and it works? thank you - adrian On Fri, Dec 4, 2009 at 5:43 PM, adrian golding <[email protected]>wrote: > hi, > > thank you hal and i manage to find the correct auth values for the SRK as > well as my sealed blob, as adviced by your posts 2 years ago in this mailing > list to run the seal and unseal from testsuites and read the debug output. > but theres just one (hopefully, last) bit to unseal: > > right now, i am sealing some data using a modified testsuite sealing > example, sealing to PCR8 (which is 0x00 all the time) using the SRK. > however, when i tried to unseal the sealed blob at a different locality, i > get the a TIS_READ_ERROR 0x00, and a TPM_WRONGPCRVAL (0x18) (PCR values does > not match) error if i used the TSS_PCRS_STRUCT_DEFAULT (0x00) or > TSS_PCRS_STRUCT_INFO flag. but i printed out my PCR8 and its at 0x00. then > i realised locality is also checked during an unseal to match the locality > during seal. my unseal is at locality 3 during after SKINIT instruction is > being called while my seal is done before SKINIT (not locality 3). > > On another occasion, i got a TPM_BAD_LOCALITY, which i think was created by > using TSS_PCRS_STRUCT_INFO_LONG flag instead, but i couldn't replicate it. > > i am assuming that by reaching these checks, my auth values for the key and > the sealed data are both correct since this is the last check to be done as > stated in the specs. > > i looked at the part 1 of the specifications (Design Principles) and there > is a section on PCR Grand Unification Theory and it said something about > sealing for another configuration. How do i seal it for an unseal at a > different locality to take place? If not, what can i set/unset to ignore > locality during the seal operation? > > thanks a lot! - adrian > >
------------------------------------------------------------------------------ Return on Information: Google Enterprise Search pays you back Get the facts. http://p.sf.net/sfu/google-dev2dev
_______________________________________________ TrouSerS-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/trousers-users
