Thanks Rajiv. I will send you some recent logs. I have updated to trousers 0.3.6 and testsuite 0.3. I think I have found one small error in the TPM itself, which I will point out.
On Tue, Oct 12, 2010 at 8:26 AM, Rajiv Andrade <[email protected]> wrote: > Hi Luigi, sorry for the delay: > > On 06/10/2010, at 15:05, Luigi Semenzato wrote: > >> I am testing a TPM from manufacturer X (apologies for the secrecy). I >> am getting a few errors and I am not sure if the errors are in >> trousers, the TPM, or if the tests are wrong. >> >> The following tests are failing: >> >> Tspi_NV_DefineSpace04.c: this test fails with DefineSpace returning >> TSS_SUCCESS. Why should it return BAD_PARAMETER? It's using the >> correct owner authorization, as far as I can tell. >> > > TrouSerS shouldn't allow the definition of a NV space in case the NV AuthRead > or NV_AuthWrite flags were set and the secret itself wasn't, and should then > return BAD_PARAMETER in this case. This was fixed upstream in commit > a2a4aae2bd6de3b2127ec26fbe95c3f3378af7d9 however isn't included of 0.3.6. > >> Tspi_NV_DefineSpace11.c: this is supposed to fail with a BADINDEX >> error, because the D bit is set. However, trousers first consults the >> TPM, and if the space exists it returns a TSS_E_NV_AREA_EXIST error. >> Why is trousers doing this (and getting it wrong) instead of just >> passing the commands through? >> > > The TPM uses the same ordinal to define or release a NV area, it defines it > if the index isn't being used, and release it in case the index is indeed > being used. TrouSerS then retrieves the list of used indexes before > attempting to send the TPM this very ordinal, to make sure the user isn't > attempting to run such command on a defined index and then release it by > accident. However, yes, TrouSerS should check if the D bit is set, and then > return the proper error in this case, will fix this. Not sure I fully understand. I agree that running DefineSpace on an existing space will delete the existing space and create a new one (unless the size is 0) but I don't see why that should be trousers' concern. > >> Tspi_TPM_SetOperatorAuth-trans01.c: this test fails because >> SetOperatorAuth returns BAD_PRESENCE, but that seems correct from the >> spec. > > Sounds so, will check how to make this test consistent. > >> >> There are more failures but they are harder to analyze. Any interest >> in looking at them? >> > > Sure, please send out the testsuite log. > > Thanks, > Rajiv Andrade > Security Development > IBM Linux Technology Center > > ------------------------------------------------------------------------------ Beautiful is writing same markup. Internet Explorer 9 supports standards for HTML5, CSS3, SVG 1.1, ECMAScript5, and DOM L2 & L3. Spend less time writing and rewriting code and more time creating great experiences on the web. Be a part of the beta today. http://p.sf.net/sfu/beautyoftheweb _______________________________________________ TrouSerS-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/trousers-users
