Another suggestion: compile TrouSerS with debug support, run it in foreground and paste the debug messages you got when executing the nvread operation.
Em 27-01-2014 15:59, Andreas Thienemann escreveu: > Hi Ken, > > Am 27.1.2014 18:41, schrieb Ken Goldman: > >> I don't see anything wrong with what you're trying to do. > Good. That was my first worry that I had misunderstood one of the > essentials... > >> Can you switch from the hardware TPM to the SW TPM? >> >> You can then get a trace of the TPM internals. This would tell you >> whether the problem is in the tools, in the TSS, or perhaps even in the >> TPM. >> >> I can't imagine debugging any application with the HW TPM, but of >> course >> I wrote the SW TPM. :-) > I haven't tried swtpm yet but let me give it a try. > > I'll be back with some results in a bit. > > cheers, > andreas > >> On 1/26/2014 3:18 PM, Andreas Thienemann wrote: >>> Hi, >>> >>> I've been trying to create a NVRAM area I can keep a key in which is >>> sealed to certain PCRs. >>> >>> If I have the following setting, I am being asked for the nvram >>> password >>> before being able to read the nvram area. >>> >>> [root@foo ~]# tpm_nvinfo -i 2 >>> NVRAM index : 0x00000002 (2) >>> PCR read selection: >>> PCRs : 4, 5, 8, 9, 12, 14 >>> Localities : ALL >>> Hash : 51522172b46ed13a34ca45f445472291c9675ef5 >>> PCR write selection: >>> Localities : ALL >>> Permissions : 0x0040004 (AUTHREAD|AUTHWRITE) >>> bReadSTClear : FALSE >>> bWriteSTClear : FALSE >>> bWriteDefine : FALSE >>> Size : 32 (0x20) >>> >>> [root@foo ~]# >>> >>> If my PCRs change I am unable to access this nvram area with my nvram >>> password. So far so good. >>> >>> I am now trying to have access to this nvram area without having to >>> type >>> in any passwords as long as the PCR registers are the same. >>> >>> When defining the permission as only AUTHWRITE I do have access to the >>> nvnram area without a password but it seems to me that the nvram area >>> is >>> not sealed anymore. If the PCRs change, I can still read out the data >>> from the nvram area which shouldn't be the case. >>> >>> [root@foo ~]# tpm_nvread -i 2 > /dev/null >>> [root@foo ~]# echo $? >>> 0 >>> [root@foo ~]# tpm_nvinfo -i 2 >>> NVRAM index : 0x00000002 (2) >>> PCR read selection: >>> PCRs : 4, 5, 8, 9, 12, 14 >>> Localities : ALL >>> Hash : 51522172b46ed13a34ca45f445472291c9675ef5 >>> PCR write selection: >>> Localities : ALL >>> Permissions : 0x00000004 (AUTHWRITE) >>> bReadSTClear : FALSE >>> bWriteSTClear : FALSE >>> bWriteDefine : FALSE >>> Size : 32 (0x20) >>> >>> [root@foo ~]# >>> >>> Any idea how to achieve what I want? >> >> >> ------------------------------------------------------------------------------ >> CenturyLink Cloud: The Leader in Enterprise Cloud Services. >> Learn Why More Businesses Are Choosing CenturyLink Cloud For >> Critical Workloads, Development Environments & Everything In Between. >> Get a Quote or Start a Free Trial Today. >> http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk >> _______________________________________________ >> TrouSerS-users mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/trousers-users > ------------------------------------------------------------------------------ > CenturyLink Cloud: The Leader in Enterprise Cloud Services. > Learn Why More Businesses Are Choosing CenturyLink Cloud For > Critical Workloads, Development Environments & Everything In Between. > Get a Quote or Start a Free Trial Today. > http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk > _______________________________________________ > TrouSerS-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/trousers-users > ------------------------------------------------------------------------------ CenturyLink Cloud: The Leader in Enterprise Cloud Services. Learn Why More Businesses Are Choosing CenturyLink Cloud For Critical Workloads, Development Environments & Everything In Between. Get a Quote or Start a Free Trial Today. http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk _______________________________________________ TrouSerS-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/trousers-users
