I think you're right. But it's surprising because anyone using Intel TXT would need this (assuming they don't go tpm_sealdata way or some custom app...)
Anyway I patched it, tried it, works fine (tpm_nvinfo displays the right info and I tested all scenarios I could think of that could be broken). Some devs around that can make the change upstream, or should I resend to -tech? Jan > On 09 May 2016, at 22:25, Ken Goldman <[email protected]> wrote: > > On 5/9/2016 7:35 AM, Jan Schermer wrote: >> Hello, I want to seal data (a passphrase) to PCR >15. >> >> # tpm_nvdefine -i 1 -s 6 p -r 18 -w 18 --permissions="AUTHWRITE" -z >> Cannot seal NVRAM area to PCR > 15 >> >> Why is this not possible? I want to seal to Intel TXT generated PCRs >> and this doesn't sound right... should I recompile with this check >> commented out and try? > > Are there any code comments that explain why PCR > 15 is being rejected? > > The only rationale I can think of is that this is left over from TPM > 1.1b, which I recall only had 16 PCRs. > > > > > ------------------------------------------------------------------------------ > Mobile security can be enabling, not merely restricting. Employees who > bring their own devices (BYOD) to work are irked by the imposition of MDM > restrictions. Mobile Device Manager Plus allows you to control only the > apps on BYO-devices by containerizing them, leaving personal data untouched! > https://ad.doubleclick.net/ddm/clk/304595813;131938128;j > _______________________________________________ > TrouSerS-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/trousers-users ------------------------------------------------------------------------------ Mobile security can be enabling, not merely restricting. Employees who bring their own devices (BYOD) to work are irked by the imposition of MDM restrictions. Mobile Device Manager Plus allows you to control only the apps on BYO-devices by containerizing them, leaving personal data untouched! https://ad.doubleclick.net/ddm/clk/304595813;131938128;j _______________________________________________ TrouSerS-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/trousers-users
