... so I changed the check from PCR > 15 to PCR >19 and it works as intended e.g. I can read that index only with the correct PCR, not with other...
Is there a real reason behind this or is it from the time when TPMs only had 16 PCRs and the last one was for debug? Should it be bumped to PCR > 23 now? Jan > On 09 May 2016, at 13:35, Jan Schermer <[email protected]> wrote: > > Hello, > I want to seal data (a passphrase) to PCR >15. > > # tpm_nvdefine -i 1 -s 6 p -r 18 -w 18 --permissions="AUTHWRITE" -z > Cannot seal NVRAM area to PCR > 15 > > Why is this not possible? I want to seal to Intel TXT generated PCRs and this > doesn't sound right... should I recompile with this check commented out and > try? > > How to get around it? Do I have to use tpm_sealdata (for example) which does > not have this limitation but requires a blob and a SRK? I'd like to avoid > that if at all possible. > > In case I need to use tpm_sealdata, how much is system.data going to differ > between various systems and when? Will a simple one work for this one purpose > assuming I don't have more keys than the default one? > > Thanks > > Jan ------------------------------------------------------------------------------ Find and fix application performance issues faster with Applications Manager Applications Manager provides deep performance insights into multiple tiers of your business applications. It resolves application problems quickly and reduces your MTTR. Get your free trial! https://ad.doubleclick.net/ddm/clk/302982198;130105516;z _______________________________________________ TrouSerS-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/trousers-users
