I am using trouSerS 0.3.10 and have an Infineon TPM running 1.2 on an embedded Linux system.
I have a system where I use tpm-luks scripts to retrieve a LUKS key from TPM NVRAM and decrypt the root partition (while running in initramfs). This uses the tpm_nvread command. On top of this I added code to create a AIK, unregister any previous AIK (into a throwaway key handle), and register the new AIK. Also I have another program to activate the AIK (first loading the AIK by UUID then call the Tspi_TPM_ActivateIdentity command. This works well... Until I reboot the computer with this TPM. The tpm_nvread command complains it cannot decrypt the file. It's that message about PCR does not match or something. It seems I have to do a pkill -9 tcsd and then a tcsd -f & prior to rebooting so that the tpm_nvread succeeds. I wonder if anyone can explain why this is necessary. The PCRs don't seem to be changed. Somehow I suspect the AIK creation does something funny with the PCRs. thanks Bill ------------------------------------------------------------------------------ New Year. New Location. New Benefits. New Data Center in Ashburn, VA. GigeNET is offering a free month of service with a new server in Ashburn. Choose from 2 high performing configs, both with 100TB of bandwidth. Higher redundancy.Lower latency.Increased capacity.Completely compliant. www.gigenet.com _______________________________________________ TrouSerS-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/trousers-users
