Hi, I'm wondering if I misunderstood the way the NVRAM permissions work or if it's missing implementation... I thought by defining a NVRAM area with AUTHREAD|AUTHWRITE or OWNERREAD|OWNERWRITE I would need the supplied NVRAM or ownerpassword respectively to read and write to that defined area. But during my tests it was possible to read and write to it without any passwords:
root@debian:~# tpm_nvinfo --version tpm_nvinfo version: 1.3.8 root@debian:~# tpm_nvinfo NVRAM index : 0x10000001 (268435457) PCR read selection: Localities : ALL PCR write selection: Localities : ALL Permissions : 0x00001002 (WRITEALL|OWNERWRITE) bReadSTClear : FALSE bWriteSTClear : FALSE bWriteDefine : FALSE Size : 20 (0x14) root@debian:~# tpm_nvdefine -l debug -i 2 -s 32 -p 'AUTHREAD|AUTHWRITE' -a nvpass -o test permissions = 0x00040004 Tspi_Context_Create success Tspi_Context_Connect success Tspi_Context_GetTpmObject success Tspi_Context_CreateObject success Tspi_GetPolicyObject success Tspi_Policy_SetSecret success Tspi_Context_CreateObject success Tspi_Policy_SetSecret success Tspi_NV_DefineSpace success Successfully created NVRAM area at index 0x2 (2). Tspi_Context_FreeMemory success Tspi_Context_Close success root@debian:~# tpm_nvdefine -l debug -i 3 -s 32 -p 'OWNERREAD|OWNERWRITE' -o test permissions = 0x00020002 Tspi_Context_Create success Tspi_Context_Connect success Tspi_Context_GetTpmObject success Tspi_Context_CreateObject success Tspi_GetPolicyObject success Tspi_Policy_SetSecret success Tspi_NV_DefineSpace success Successfully created NVRAM area at index 0x3 (3). Tspi_Context_FreeMemory success Tspi_Context_Close success root@debian:~# tpm_nvwrite -l debug -i 2 -d testcontent Tspi_Context_Create success Tspi_Context_Connect success Tspi_Context_GetTpmObject success Tspi_Context_CreateObject success Tspi_TPM_GetCapability success Trspi_UnloadBlob_NV_DATA_PUBLIC success Tspi_NV_WriteValue success Successfully wrote 11 bytes at offset 0 to NVRAM index 0x2 (2). Tspi_Context_FreeMemory success Tspi_Context_Close success root@debian:~# root@debian:~# tpm_nvwrite -l debug -i 3 -d testcontent Tspi_Context_Create success Tspi_Context_Connect success Tspi_Context_GetTpmObject success Tspi_Context_CreateObject success Tspi_TPM_GetCapability success Trspi_UnloadBlob_NV_DATA_PUBLIC success Tspi_NV_WriteValue success Successfully wrote 11 bytes at offset 0 to NVRAM index 0x3 (3). Tspi_Context_FreeMemory success Tspi_Context_Close success root@debian:~# tpm_nvread -l debug -i 2 Tspi_Context_Create success Tspi_Context_Connect success Tspi_Context_GetTpmObject success Tspi_Context_CreateObject success Tspi_TPM_GetCapability success Trspi_UnloadBlob_NV_DATA_PUBLIC success Tspi_NV_ReadValue success 00000000 74 65 73 74 63 6f 6e 74 65 6e 74 ff ff ff ff ff testcontent 00000010 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff Tspi_Context_FreeMemory success Tspi_Context_Close success root@debian:~# tpm_nvread -l debug -i 3 Tspi_Context_Create success Tspi_Context_Connect success Tspi_Context_GetTpmObject success Tspi_Context_CreateObject success Tspi_TPM_GetCapability success Trspi_UnloadBlob_NV_DATA_PUBLIC success Tspi_NV_ReadValue success 00000000 74 65 73 74 63 6f 6e 74 65 6e 74 ff ff ff ff ff testcontent 00000010 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff Tspi_Context_FreeMemory success Tspi_Context_Close success root@debian:~# tpm_nvinfo NVRAM index : 0x10000001 (268435457) PCR read selection: Localities : ALL PCR write selection: Localities : ALL Permissions : 0x00001002 (WRITEALL|OWNERWRITE) bReadSTClear : FALSE bWriteSTClear : FALSE bWriteDefine : FALSE Size : 20 (0x14) NVRAM index : 0x00000003 (3) PCR read selection: Localities : ALL PCR write selection: Localities : ALL Permissions : 0x00020002 (OWNERREAD|OWNERWRITE) bReadSTClear : FALSE bWriteSTClear : FALSE bWriteDefine : FALSE Size : 32 (0x20) NVRAM index : 0x00000002 (2) PCR read selection: Localities : ALL PCR write selection: Localities : ALL Permissions : 0x00040004 (AUTHREAD|AUTHWRITE) bReadSTClear : FALSE bWriteSTClear : FALSE bWriteDefine : FALSE Size : 32 (0x20) root@debian:~# Can someone please explain this behavior to me? Thanks a lot, Frank ------------------------------------------------------------------------------ "Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE Instantly run your Selenium tests across 300+ browser/OS combos. Get unparalleled scalability from the best Selenium testing platform available Simple to use. Nothing to install. Get started now for free." http://p.sf.net/sfu/SauceLabs _______________________________________________ TrouSerS-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/trousers-users
