My generic recommendation is to debug first with a SW TPM. This permits you to look inside the device as it is processing.
This one (which I wrote) has extensive tracing. It interfaces easily with trousers through a socket. I can often find someone's error just by looking at the trace. https://sourceforge.net/projects/ibmswtpm/ ~~ For this specific issue, it feels like the PCRs you're sealing to are not the same as the ones that change when BIOS changes. On 7/1/2015 4:41 AM, David Hobach wrote: > Dear all, > > can you please provide some hints about TPM debugging and/or trousers > debugging? > > My problem is pretty straightforward: > > I use Qubes OS which uses trousers and hence a TPM to measure boot > integrity by displaying a secret passphrase using tpm_sealdata/unsealdata. > > Regardless of what BIOS changes I did though tpm_unsealdata still > displays my secret passphrase. Switching between kernels also doesn't > make my secret passphrase disappear. > > So all in all I'd like to find out why it's that way. > > Further details were also discussed at > https://groups.google.com/forum/#!topic/qubes-users/xNIiSyJQD0E (last > message should contain all info). ------------------------------------------------------------------------------ Don't Limit Your Business. Reach for the Cloud. GigeNET's Cloud Solutions provide you with the tools and support that you need to offload your IT needs and focus on growing your business. Configured For All Businesses. Start Your Cloud Today. https://www.gigenetcloud.com/ _______________________________________________ TrouSerS-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/trousers-users
