Hello,I am trying to use StrongSwan client and server to verify PCR values of a
TPM .I followed steps outlined on your wiki regarding setting up IMA. I have it
working to the point , where, client is sending all the PCRs values from file
/sys/kernel/security/tpm0/ascii_bios_measurementsto the server and these are
getting registered in the attestation database (sqlite3 on server ) . Also
installed strongTNC and marked the device as Trusted. All good so far but the
device report in strongTNC UI displays "28 BIOS evidence measurements are ok;
Invalid TPM Quote signature received"Looking through the server log i see
message "received PCR Composite does not match constructed one" . Server
returns from here and logs message Invalid TPM Quote signature received" .I do
see that all the 28 Bios measurements registered on the server are matching
with the one from Client. But PCR composite calculated on the server does not
match with the one presented from Client. I verified and both Server and Client
are using same Hash Also which is SHA1 and using "quote2" . Please suggest what
could be wrong.
-V
_______________________________________________
Users mailing list
[email protected]
https://lists.strongswan.org/mailman/listinfo/users
