I don't see anything wrong with what you're trying to do. Can you switch from the hardware TPM to the SW TPM?
You can then get a trace of the TPM internals. This would tell you whether the problem is in the tools, in the TSS, or perhaps even in the TPM. I can't imagine debugging any application with the HW TPM, but of course I wrote the SW TPM. :-) On 1/26/2014 3:18 PM, Andreas Thienemann wrote: > Hi, > > I've been trying to create a NVRAM area I can keep a key in which is > sealed to certain PCRs. > > If I have the following setting, I am being asked for the nvram password > before being able to read the nvram area. > > [root@foo ~]# tpm_nvinfo -i 2 > NVRAM index : 0x00000002 (2) > PCR read selection: > PCRs : 4, 5, 8, 9, 12, 14 > Localities : ALL > Hash : 51522172b46ed13a34ca45f445472291c9675ef5 > PCR write selection: > Localities : ALL > Permissions : 0x0040004 (AUTHREAD|AUTHWRITE) > bReadSTClear : FALSE > bWriteSTClear : FALSE > bWriteDefine : FALSE > Size : 32 (0x20) > > [root@foo ~]# > > If my PCRs change I am unable to access this nvram area with my nvram > password. So far so good. > > I am now trying to have access to this nvram area without having to type > in any passwords as long as the PCR registers are the same. > > When defining the permission as only AUTHWRITE I do have access to the > nvnram area without a password but it seems to me that the nvram area is > not sealed anymore. If the PCRs change, I can still read out the data > from the nvram area which shouldn't be the case. > > [root@foo ~]# tpm_nvread -i 2 > /dev/null > [root@foo ~]# echo $? > 0 > [root@foo ~]# tpm_nvinfo -i 2 > NVRAM index : 0x00000002 (2) > PCR read selection: > PCRs : 4, 5, 8, 9, 12, 14 > Localities : ALL > Hash : 51522172b46ed13a34ca45f445472291c9675ef5 > PCR write selection: > Localities : ALL > Permissions : 0x00000004 (AUTHWRITE) > bReadSTClear : FALSE > bWriteSTClear : FALSE > bWriteDefine : FALSE > Size : 32 (0x20) > > [root@foo ~]# > > Any idea how to achieve what I want? > ------------------------------------------------------------------------------ CenturyLink Cloud: The Leader in Enterprise Cloud Services. Learn Why More Businesses Are Choosing CenturyLink Cloud For Critical Workloads, Development Environments & Everything In Between. Get a Quote or Start a Free Trial Today. http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk _______________________________________________ TrouSerS-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/trousers-users
