I'm trying to use an AIK to certify a bind key. If I specify no PCR values for
the key (passing hPcrComposite => 0 to Tspi_Key_CreateKey), everything is OK,
however if I specify any PCR values (even if only for PCRs < 16),
Tspi_Key_CertifyKey fails with "Error while certifying key: Error code:
Locality is incorrect for attempted operation (0x3D)".
If I restrict a bind key to some PCR values (even for PCR values >= 16), I can
bind and unbind with it fine; it's just certifying that fails.. I'm creating
bind keys with initFlags TSS_KEY_TYPE_BIND | TSS_KEY_SIZE_2048 |
TSS_KEY_STRUCT_KEY12,
and the PCR composite objects with TSS_PCRS_STRUCT_INFO_LONG. I also do:
Tspi_PcrComposite_SetPcrLocality(hPCRs,
TPM_LOC_ZERO | TPM_LOC_ONE | TPM_LOC_TWO
| TPM_LOC_THREE | TPM_LOC_FOUR).
TPM is Infineon 1.2.1.2.
Trousers version is 0.3.5git.
Any idea what causes this?
Thanks in advance.
------------------------------------------------------------------------------
Get a FREE DOWNLOAD! and learn more about uberSVN rich system,
user administration capabilities and model configuration. Take
the hassle out of deploying and managing Subversion and the
tools developers use with it. http://p.sf.net/sfu/wandisco-d2d-2
_______________________________________________
TrouSerS-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/trousers-users
