Hi all,
I am new to TPM development with trousers and have been writing some test
cases for an internal project so I can lean the library and be confident we
are getting the expected behaviour.
One of the things we want to do is to Create a bind key locked to some PCR
states. But in my development environment I can't seem to get the expected
behaviour. The development environment is linux running a TPM emulator and
trousers.
What I was expecting was for the loading of the key to fail after I had
extended the PCR it was locked to. But it succeeds in loading and using the
key. I am probably doing something obviously wrong, but I can't see it.
The test case goes as follows :
SETUP:
Create Context
TEST:
Create TPM object from context.
Create SRK object and load it
Create PCRComposite object.
Create Key object
Read PCR 0
Set PCR 0 in PCRComposite object to Read value
//This is where I thought the Key is locked to the PCR index 0
Create Key from key object as child of SRK and locked to PCRComposite
ThrowOnError(Tspi_Key_CreateKey(keyHandle,SRKHandle,pcrCompositeHandle ))
Load key using SRK
Register the key in system storage with UUID
Use Key to bind and unbind some text data
Unload the key
Clear the key object
Clear the PCRComposite object
Clear the SRK object
Clear the TPM object
Clear the Context
Create new context
Create TPM object from context
Load the SRK
use the TPM object to extend PCR 0 twice
//it was my understanding that this would invalidate the key we had locked
to the previous value of PCR index 0
Load the key object using LoadbyUuid
//expect it to fail but it passes
Load key using SRK
//this also passes
Use Key to unbing previously bound data
//this also works.
TEARDOWN:
Free all context memory
Close context
If someone can point me at some sample code that locks a bind key to the A
PCR index value or has some insight into where I am going wrong I would be
very grateful.
Thanks in advance
Simon
------------------------------------------------------------------------------
New Year. New Location. New Benefits. New Data Center in Ashburn, VA.
GigeNET is offering a free month of service with a new server in Ashburn.
Choose from 2 high performing configs, both with 100TB of bandwidth.
Higher redundancy.Lower latency.Increased capacity.Completely compliant.
http://p.sf.net/sfu/gigenet
_______________________________________________
TrouSerS-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/trousers-users
