Hi, could you send me a log with debug levels (tnc = 2, imc = 3, pts = 3) on the client side and (tnc = 2, imv = 3, pts = 3) on the server side?
Best regards Andreas On 06/15/2016 09:58 PM, vk vk wrote: > > Hello, > I am trying to use StrongSwan client and server to verify PCR values of > a TPM . > I followed steps outlined on your wiki regarding setting up IMA. > I have it working to the point , where, client is sending all the PCRs > values from file /sys/kernel/security/tpm0/ascii_bios_measurements > to the server and these are getting registered in the attestation > database (sqlite3 on server ) . Also installed strongTNC and marked the > device as Trusted. All good so far but the device report in strongTNC UI > displays "28 BIOS evidence measurements are ok; Invalid TPM Quote > signature received" > Looking through the server log i see message "received PCR Composite > does not match constructed one" . Server returns from here and logs > message Invalid TPM Quote signature received" . > I do see that all the 28 Bios measurements registered on the server are > matching with the one from Client. But PCR composite calculated on the > server does not match with the one presented from Client. I verified and > both Server and Client are using same Hash Also which is SHA1 and using > "quote2" . > Please suggest what could be wrong. > > -V ====================================================================== Andreas Steffen [email protected] strongSwan - the Open Source VPN Solution! www.strongswan.org Institute for Internet Technologies and Applications University of Applied Sciences Rapperswil CH-8640 Rapperswil (Switzerland) ===========================================================[ITA-HSR]==
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
