[prev in list] [next in list] [prev in thread] [next in thread]
List: trousers-users
Subject: Re: [TrouSerS-users] nvram storage and sealing to PCRs
From: Richard <rmaciel () linux ! vnet ! ibm ! com>
Date: 2014-01-28 12:11:58
Message-ID: 52E79E8E.5020706 () linux ! vnet ! ibm ! com
[Download RAW message or body]
Well, looks like the TPM chip is the guilty one here. If you take a look
at the tcsd log, near the part labeled as tddl (from TPM and to TPM),
it'll show you information that'll be sent to the HW itself and the
answer that tcsd got back. Note that, when you read nvram index 3, the
TPM was supposed to complain about the wrong PCR values, but it doesn't.
I'm curious now what will happen if you use the following command
tpm_nvinfo -i 4
Note I didn't put the password option here.
Em 27-01-2014 18:14, Andreas Thienemann escreveu:
> Hi Richard,
>
> alright. Trying this. trousers is compiled with --enable-debug and I'm
> getting the following:
>
> [root@nuc ~]# tpm_nvinfo -i 3
> LOG_DEBUG TSPI rpc/tcstp/rpc.c:359 Sending TSP packet to host localhost.
> LOG_DEBUG TSPI rpc/tcstp/rpc.c:374 Connecting to 127.0.0.1
> LOG_DEBUG TSPI rpc/tcstp/rpc_context.c:44 RPC_OpenContext_TP: Received
> TCS Context: 0xa00e3e00
> LOG_DEBUG TSPI rpc/tcstp/rpc_caps_tpm.c:40 RPC_GetTPMCapability_TP: TCS
> Context: 0xa00e3e00
> NVRAM index : 0x00000003 (3)
> LOG_DEBUG TSPI rpc/tcstp/rpc_caps_tpm.c:40 RPC_GetTPMCapability_TP: TCS
> Context: 0xa00e3e00
> PCR read selection:
> PCRs : 4, 5, 8, 9, 12, 14
> Localities : ALL
> Hash : 51522172b46ed13a34ca45f445472291c9675ef5
> PCR write selection:
> Localities : ALL
> Permissions : 0x00000004 (AUTHWRITE)
> bReadSTClear : FALSE
> bWriteSTClear : FALSE
> bWriteDefine : FALSE
> Size : 32 (0x20)
>
> LOG_DEBUG TSPI rpc/tcstp/rpc_context.c:60 RPC_CloseContext_TP: TCS
> Context: 0xa00e3e00
> LOG_RETERR TSPI tspi_context.c:113: 0x126
> [root@nuc ~]#
>
> The tcsd output for this is as follows:
>
> [root@nuc dev]# tcsd -f
> TCSD tcsd_conf.c:94 platform_class_list_append:
> platform_class_list_append start:
> TCSD tcsd_conf.c:126 platform_class_list_append: Platform Class Added.
> TCSD TCS ps/ps_utils.c:511 init_disk_cache: found 1 valid key(s) on
> disk.
>
> TCSD TCS tcsi_caps_tpm.c:43 Entering Get Cap
> To TPM: 00 C1 00 00 00 12 00 00 00 65 00 00 00 1A 00 00
> To TPM: 00 00
> TCSD TDDL tddl.c:171 Calling write to driver
> TCSD TDDL tddl.c:188 ioctl: (25) Inappropriate ioctl for device
> TCSD TDDL tddl.c:189 Falling back to Read/Write device support.
> From TPM: 00 C4 00 00 00 1E 00 00 00 00 00 00 00 10 00 30
> From TPM: 01 02 0D 0C 00 02 03 53 54 4D 20 00 01 50
> TCSD TCS tcsi_caps_tpm.c:43 Entering Get Cap
> To TPM: 00 C1 00 00 00 16 00 00 00 65 00 00 00 01 00 00
> To TPM: 00 04 00 00 00 B4
> TCSD TDDL tddl.c:171 Calling write to driver
> From TPM: 00 C4 00 00 00 0F 00 00 00 00 00 00 00 01 00
> TCSD TCS tcsi_caps_tpm.c:43 Entering Get Cap
> To TPM: 00 C1 00 00 00 16 00 00 00 65 00 00 00 01 00 00
> To TPM: 00 04 00 00 00 B6
> TCSD TDDL tddl.c:171 Calling write to driver
> From TPM: 00 C4 00 00 00 0F 00 00 00 00 00 00 00 01 00
> TCSD TCS tcsi_caps_tpm.c:43 Entering Get Cap
> To TPM: 00 C1 00 00 00 16 00 00 00 65 00 00 00 05 00 00
> To TPM: 00 04 00 00 01 01
> TCSD TDDL tddl.c:171 Calling write to driver
> From TPM: 00 C4 00 00 00 12 00 00 00 00 00 00 00 04 00 00
> From TPM: 00 18
> TCSD TCS tcsi_caps_tpm.c:43 Entering Get Cap
> To TPM: 00 C1 00 00 00 16 00 00 00 65 00 00 00 05 00 00
> To TPM: 00 04 00 00 01 02
> TCSD TDDL tddl.c:171 Calling write to driver
> From TPM: 00 C4 00 00 00 12 00 00 00 00 00 00 00 04 00 00
> From TPM: 00 01
> TCSD TCS tcsi_caps_tpm.c:43 Entering Get Cap
> To TPM: 00 C1 00 00 00 16 00 00 00 65 00 00 00 05 00 00
> To TPM: 00 04 00 00 01 04
> TCSD TDDL tddl.c:171 Calling write to driver
> From TPM: 00 C4 00 00 00 12 00 00 00 00 00 00 00 04 00 00
> From TPM: 00 0B
> TCSD TCS tcsi_caps_tpm.c:43 Entering Get Cap
> To TPM: 00 C1 00 00 00 16 00 00 00 65 00 00 00 05 00 00
> To TPM: 00 04 00 00 01 03
> TCSD TDDL tddl.c:171 Calling write to driver
> From TPM: 00 C4 00 00 00 12 00 00 00 00 00 00 00 04 53 54
> From TPM: 4D 20
> TCSD TCS tcsi_caps_tpm.c:43 Entering Get Cap
> To TPM: 00 C1 00 00 00 16 00 00 00 65 00 00 00 05 00 00
> To TPM: 00 04 00 00 01 0D
> TCSD TDDL tddl.c:171 Calling write to driver
> From TPM: 00 C4 00 00 00 12 00 00 00 00 00 00 00 04 00 00
> From TPM: 00 0B
> TCSD TCS tcs_caps.c:138 get_max_auths reports 11 auth contexts found
> TCSD TCS tcsi_caps_tpm.c:43 Entering Get Cap
> To TPM: 00 C1 00 00 00 12 00 00 00 65 00 00 00 07 00 00
> To TPM: 00 00
> TCSD TDDL tddl.c:171 Calling write to driver
> From TPM: 00 C4 00 00 00 10 00 00 00 00 00 00 00 02 00 00
> TCSD svrside.c:309 trousers 0.3.11.2: TCSD up and running.
> TCSD svrside.c:326 accepted socket 6
> TCSD tcsd_threads.c:232 total_recv_size 28, buf_size 1024, recd_so_far
> 28
> TCSD tcsd_threads.c:284 Rx'd packet
> TCSD TCS rpc/tcstp/rpc.c:580 Dispatching ordinal 1 (OpenContext)
> TCSD TCS rpc/tcstp/rpc_context.c:37 tcs_wrap_OpenContext: thread
> 140580887299840
> TCSD TCS rpc/tcstp/rpc_context.c:53 New context is 0xa00e3e00
> TCSD tcsd_threads.c:313 Sending 0x26 bytes back
> TCSD tcsd_threads.c:232 total_recv_size 44, buf_size 1024, recd_so_far
> 28
> TCSD tcsd_threads.c:277 recv_chunk_size 16 recd_so_far 28
> TCSD tcsd_threads.c:284 Rx'd packet
> TCSD TCS rpc/tcstp/rpc.c:580 Dispatching ordinal 46 (GetCapability)
> TCSD TCS rpc/tcstp/rpc_caps_tpm.c:47 tcs_wrap_GetCapability: thread
> 140580887299840d context a00e3e00
> TCSD TCS tcsi_caps_tpm.c:43 Entering Get Cap
> To TPM: 00 C1 00 00 00 12 00 00 00 65 00 00 00 0D 00 00
> To TPM: 00 00
> TCSD TDDL tddl.c:171 Calling write to driver
> From TPM: 00 C4 00 00 00 26 00 00 00 00 00 00 00 18 10 00
> From TPM: 00 01 00 00 00 02 50 00 00 03 00 00 00 03 00 00
> From TPM: 00 04 00 00 00 05
> TCSD tcsd_threads.c:313 Sending 0x3A bytes back
> TCSD tcsd_threads.c:232 total_recv_size 48, buf_size 1024, recd_so_far
> 28
> TCSD tcsd_threads.c:277 recv_chunk_size 20 recd_so_far 28
> TCSD tcsd_threads.c:284 Rx'd packet
> TCSD TCS rpc/tcstp/rpc.c:580 Dispatching ordinal 46 (GetCapability)
> TCSD TCS rpc/tcstp/rpc_caps_tpm.c:47 tcs_wrap_GetCapability: thread
> 140580887299840d context a00e3e00
> TCSD TCS tcsi_caps_tpm.c:43 Entering Get Cap
> To TPM: 00 C1 00 00 00 16 00 00 00 65 00 00 00 11 00 00
> To TPM: 00 04 00 00 00 03
> TCSD TDDL tddl.c:171 Calling write to driver
> From TPM: 00 C4 00 00 00 55 00 00 00 00 00 00 00 47 00 18
> From TPM: 00 00 00 03 00 03 30 53 00 1F 51 52 21 72 B4 6E
> From TPM: D1 3A 34 CA 45 F4 45 47 22 91 C9 67 5E F5 00 03
> From TPM: 00 00 00 1F 00 00 00 00 00 00 00 00 00 00 00 00
> From TPM: 00 00 00 00 00 00 00 00 00 17 00 00 00 04 00 00
> From TPM: 00 00 00 00 20
> TCSD tcsd_threads.c:313 Sending 0x69 bytes back
> TCSD tcsd_threads.c:232 total_recv_size 33, buf_size 1024, recd_so_far
> 28
> TCSD tcsd_threads.c:277 recv_chunk_size 5 recd_so_far 28
> TCSD tcsd_threads.c:284 Rx'd packet
> TCSD TCS rpc/tcstp/rpc.c:580 Dispatching ordinal 2 (CloseContext)
> TCSD TCS rpc/tcstp/rpc_context.c:71 tcs_wrap_CloseContext: thread
> 140580887299840 context a00e3e00
> TCSD TCS tcsi_context.c:39 Closing context A00E3E00
> TCSD TCS tcsi_context.c:51 Context A00E3E00 closed
> TCSD tcsd_threads.c:313 Sending 0x1C bytes back
> TCSD TCS rpc/tcstp/rpc.c:68 Socket connection closed.
> TCSD tcsd_threads.c:325 Thread exiting.
>
>
>
> Reading from the nvram area:
>
> [root@nuc ~]# tpm_nvread -i 3
> LOG_DEBUG TSPI rpc/tcstp/rpc.c:359 Sending TSP packet to host localhost.
> LOG_DEBUG TSPI rpc/tcstp/rpc.c:374 Connecting to 127.0.0.1
> LOG_DEBUG TSPI rpc/tcstp/rpc_context.c:44 RPC_OpenContext_TP: Received
> TCS Context: 0xa00eb401
> LOG_DEBUG TSPI rpc/tcstp/rpc_caps_tpm.c:40 RPC_GetTPMCapability_TP: TCS
> Context: 0xa00eb401
> LOG_DEBUG TSPI rpc/tcstp/rpc_nv.c:182 RPC_NV_ReadValue_TP: TCS Context:
> 0xa00eb401
> LOG_DEBUG TSPI rpc/tcstp/rpc_nv.c:191 RPC_NV_ReadValue_TP: SetData
> privAuth
>
> LOG_DEBUG TSPI rpc/tcstp/rpc_nv.c:197 RPC_NV_ReadValue_TP: Send data.
>
> LOG_DEBUG TSPI rpc/tcstp/rpc_nv.c:202 RPC_NV_ReadValue_TP: result=0
> LOG_DEBUG TSPI rpc/tcstp/rpc_nv.c:205 RPC_NV_ReadValue_TP: getData
> outputSize
> LOG_DEBUG TSPI rpc/tcstp/rpc_nv.c:223 RPC_NV_ReadValue_TP: getData
> rgbDataRead (pulDataLength=32)
> LOG_DEBUG TSPI rpc/tcstp/rpc_nv.c:233 RPC_NV_ReadValue_TP: result=0
> 00000000 31 32 33 34 35 36 37 38 39 30 31 32 33 34 35 36
> 1234567890123456
> 00000010 37 38 39 30 31 32 33 34 35 36 37 38 39 30 31 32
> 7890123456789012
> LOG_DEBUG TSPI rpc/tcstp/rpc_context.c:60 RPC_CloseContext_TP: TCS
> Context: 0xa00eb401
> LOG_RETERR TSPI tspi_context.c:113: 0x126
> [root@nuc ~]#
>
> Server is showing the following:
> TCSD svrside.c:326 accepted socket 7
> TCSD tcsd_threads.c:232 total_recv_size 28, buf_size 1024, recd_so_far
> 28
> TCSD tcsd_threads.c:284 Rx'd packet
> TCSD TCS rpc/tcstp/rpc.c:580 Dispatching ordinal 1 (OpenContext)
> TCSD TCS rpc/tcstp/rpc_context.c:37 tcs_wrap_OpenContext: thread
> 140580887299840
> TCSD TCS rpc/tcstp/rpc_context.c:53 New context is 0xa00eb401
> TCSD tcsd_threads.c:313 Sending 0x26 bytes back
> TCSD tcsd_threads.c:232 total_recv_size 48, buf_size 1024, recd_so_far
> 28
> TCSD tcsd_threads.c:277 recv_chunk_size 20 recd_so_far 28
> TCSD tcsd_threads.c:284 Rx'd packet
> TCSD TCS rpc/tcstp/rpc.c:580 Dispatching ordinal 46 (GetCapability)
> TCSD TCS rpc/tcstp/rpc_caps_tpm.c:47 tcs_wrap_GetCapability: thread
> 140580887299840d context a00eb401
> TCSD TCS tcsi_caps_tpm.c:43 Entering Get Cap
> To TPM: 00 C1 00 00 00 16 00 00 00 65 00 00 00 11 00 00
> To TPM: 00 04 00 00 00 03
> TCSD TDDL tddl.c:171 Calling write to driver
> From TPM: 00 C4 00 00 00 55 00 00 00 00 00 00 00 47 00 18
> From TPM: 00 00 00 03 00 03 30 53 00 1F 51 52 21 72 B4 6E
> From TPM: D1 3A 34 CA 45 F4 45 47 22 91 C9 67 5E F5 00 03
> From TPM: 00 00 00 1F 00 00 00 00 00 00 00 00 00 00 00 00
> From TPM: 00 00 00 00 00 00 00 00 00 17 00 00 00 04 00 00
> From TPM: 00 00 00 00 20
> TCSD tcsd_threads.c:313 Sending 0x69 bytes back
> TCSD tcsd_threads.c:232 total_recv_size 49, buf_size 1024, recd_so_far
> 28
> TCSD tcsd_threads.c:277 recv_chunk_size 21 recd_so_far 28
> TCSD tcsd_threads.c:284 Rx'd packet
> TCSD TCS rpc/tcstp/rpc.c:580 Dispatching ordinal 90 (NVReadValue)
> TCSD TCS rpc/tcstp/rpc.c:243 Data type of TCS packet element 4 doesn't
> match.
> TCSD TCS tcsi_nv.c:160 TCSP_NV_ReadValue_Internal: Enter
> TCSD TCS tcsi_nv.c:173 req_mgr_submit_req (oldOffset=22)
> To TPM: 00 C1 00 00 00 16 00 00 00 CF 00 00 00 03 00 00
> To TPM: 00 00 00 00 00 20
> TCSD TDDL tddl.c:171 Calling write to driver
> From TPM: 00 C4 00 00 00 2E 00 00 00 00 00 00 00 20 31 32
> From TPM: 33 34 35 36 37 38 39 30 31 32 33 34 35 36 37 38
> From TPM: 39 30 31 32 33 34 35 36 37 38 39 30 31 32
> TCSD TCS tcsi_nv.c:178 UnloadBlob (paramSize=46) result=0
> TCSD TCS tcsi_nv.c:184 Leaving NVReadValue with result:0
> TCSD tcsd_threads.c:313 Sending 0x43 bytes back
> TCSD tcsd_threads.c:232 total_recv_size 33, buf_size 1024, recd_so_far
> 28
> TCSD tcsd_threads.c:277 recv_chunk_size 5 recd_so_far 28
> TCSD tcsd_threads.c:284 Rx'd packet
> TCSD TCS rpc/tcstp/rpc.c:580 Dispatching ordinal 2 (CloseContext)
> TCSD TCS rpc/tcstp/rpc_context.c:71 tcs_wrap_CloseContext: thread
> 140580887299840 context a00eb401
> TCSD TCS tcsi_context.c:39 Closing context A00EB401
> TCSD TCS tcsi_context.c:51 Context A00EB401 closed
> TCSD tcsd_threads.c:313 Sending 0x1C bytes back
> TCSD TCS rpc/tcstp/rpc.c:68 Socket connection closed.
> TCSD tcsd_threads.c:325 Thread exiting.
>
>
> And now the index 4 with AUTHREAD|AUTHWRITE where the sealing seems to
> work:
>
> [root@nuc ~]# tpm_nvread -i 4 -p
> LOG_DEBUG TSPI rpc/tcstp/rpc.c:359 Sending TSP packet to host localhost.
> LOG_DEBUG TSPI rpc/tcstp/rpc.c:374 Connecting to 127.0.0.1
> LOG_DEBUG TSPI rpc/tcstp/rpc_context.c:44 RPC_OpenContext_TP: Received
> TCS Context: 0xa00e0802
> Enter NVRAM access password:
> LOG_DEBUG TSPI rpc/tcstp/rpc_caps_tpm.c:40 RPC_GetTPMCapability_TP: TCS
> Context: 0xa00e0802
> LOG_DEBUG TSPI rpc/tcstp/rpc_caps_tpm.c:40 RPC_GetTPMCapability_TP: TCS
> Context: 0xa00e0802
> LOG_DEBUG TSPI rpc/tcstp/rpc_caps_tpm.c:40 RPC_GetTPMCapability_TP: TCS
> Context: 0xa00e0802
> LOG_DEBUG TSPI rpc/tcstp/rpc_auth.c:37 RPC_OIAP_TP: TCS Context:
> 0xa00e0802
> LOG_DEBUG TSPI obj_policy.c:230 Got a secret:
> 88 43 D7 F9 24 16 21 1D E9 EB B9 63 FF 4C E2 81
> 25 93 28 78
> LOG_DEBUG TSPI rpc/tcstp/rpc_nv.c:250 RPC_NV_ReadValueAuth_TP: TCS
> Context: 0xa00e0802
> LOG_DEBUG TSPI rpc/tcstp/rpc_nv.c:298 RPC_NV_ReadValueAuth_TP: result=24
> Tspi_NV_ReadValue failed: 0x00000018 - layer=tpm, code=0018 (24), Wrong
> PCR value
> LOG_DEBUG TSPI rpc/tcstp/rpc_context.c:60 RPC_CloseContext_TP: TCS
> Context: 0xa00e0802
> LOG_RETERR TSPI tspi_context.c:113: 0x126
> [root@nuc ~]#
>
>
> tcsd shows the following:
>
> TCSD svrside.c:326 accepted socket 6
> TCSD tcsd_threads.c:232 total_recv_size 28, buf_size 1024, recd_so_far
> 28
> TCSD tcsd_threads.c:284 Rx'd packet
> TCSD TCS rpc/tcstp/rpc.c:580 Dispatching ordinal 1 (OpenContext)
> TCSD TCS rpc/tcstp/rpc_context.c:37 tcs_wrap_OpenContext: thread
> 140580887299840
> TCSD TCS rpc/tcstp/rpc_context.c:53 New context is 0xa00e0802
> TCSD tcsd_threads.c:313 Sending 0x26 bytes back
> TCSD tcsd_threads.c:232 total_recv_size 48, buf_size 1024, recd_so_far
> 28
> TCSD tcsd_threads.c:277 recv_chunk_size 20 recd_so_far 28
> TCSD tcsd_threads.c:284 Rx'd packet
> TCSD TCS rpc/tcstp/rpc.c:580 Dispatching ordinal 46 (GetCapability)
> TCSD TCS rpc/tcstp/rpc_caps_tpm.c:47 tcs_wrap_GetCapability: thread
> 140580887299840d context a00e0802
> TCSD TCS tcsi_caps_tpm.c:43 Entering Get Cap
> To TPM: 00 C1 00 00 00 16 00 00 00 65 00 00 00 11 00 00
> To TPM: 00 04 00 00 00 04
> TCSD TDDL tddl.c:171 Calling write to driver
> From TPM: 00 C4 00 00 00 55 00 00 00 00 00 00 00 47 00 18
> From TPM: 00 00 00 04 00 03 30 53 00 1F 51 52 21 72 B4 6E
> From TPM: D1 3A 34 CA 45 F4 45 47 22 91 C9 67 5E F5 00 03
> From TPM: 00 00 00 1F 00 00 00 00 00 00 00 00 00 00 00 00
> From TPM: 00 00 00 00 00 00 00 00 00 17 00 04 00 04 00 00
> From TPM: 00 00 00 00 20
> TCSD tcsd_threads.c:313 Sending 0x69 bytes back
> TCSD tcsd_threads.c:232 total_recv_size 44, buf_size 1024, recd_so_far
> 28
> TCSD tcsd_threads.c:277 recv_chunk_size 16 recd_so_far 28
> TCSD tcsd_threads.c:284 Rx'd packet
> TCSD TCS rpc/tcstp/rpc.c:580 Dispatching ordinal 46 (GetCapability)
> TCSD TCS rpc/tcstp/rpc_caps_tpm.c:47 tcs_wrap_GetCapability: thread
> 140580887299840d context a00e0802
> TCSD TCS tcsi_caps_tpm.c:43 Entering Get Cap
> To TPM: 00 C1 00 00 00 12 00 00 00 65 00 00 00 0D 00 00
> To TPM: 00 00
> TCSD TDDL tddl.c:171 Calling write to driver
> From TPM: 00 C4 00 00 00 26 00 00 00 00 00 00 00 18 10 00
> From TPM: 00 01 00 00 00 02 50 00 00 03 00 00 00 03 00 00
> From TPM: 00 04 00 00 00 05
> TCSD tcsd_threads.c:313 Sending 0x3A bytes back
> TCSD tcsd_threads.c:232 total_recv_size 48, buf_size 1024, recd_so_far
> 28
> TCSD tcsd_threads.c:277 recv_chunk_size 20 recd_so_far 28
> TCSD tcsd_threads.c:284 Rx'd packet
> TCSD TCS rpc/tcstp/rpc.c:580 Dispatching ordinal 46 (GetCapability)
> TCSD TCS rpc/tcstp/rpc_caps_tpm.c:47 tcs_wrap_GetCapability: thread
> 140580887299840d context a00e0802
> TCSD TCS tcsi_caps_tpm.c:43 Entering Get Cap
> To TPM: 00 C1 00 00 00 16 00 00 00 65 00 00 00 11 00 00
> To TPM: 00 04 00 00 00 04
> TCSD TDDL tddl.c:171 Calling write to driver
> From TPM: 00 C4 00 00 00 55 00 00 00 00 00 00 00 47 00 18
> From TPM: 00 00 00 04 00 03 30 53 00 1F 51 52 21 72 B4 6E
> From TPM: D1 3A 34 CA 45 F4 45 47 22 91 C9 67 5E F5 00 03
> From TPM: 00 00 00 1F 00 00 00 00 00 00 00 00 00 00 00 00
> From TPM: 00 00 00 00 00 00 00 00 00 17 00 04 00 04 00 00
> From TPM: 00 00 00 00 20
> TCSD tcsd_threads.c:313 Sending 0x69 bytes back
> TCSD tcsd_threads.c:232 total_recv_size 33, buf_size 1024, recd_so_far
> 28
> TCSD tcsd_threads.c:277 recv_chunk_size 5 recd_so_far 28
> TCSD tcsd_threads.c:284 Rx'd packet
> TCSD TCS rpc/tcstp/rpc.c:580 Dispatching ordinal 23 (OIAP)
> TCSD TCS rpc/tcstp/rpc_auth.c:44 tcs_wrap_OIAP: thread 140580887299840
> context a00e0802
> TCSD TCS tcsi_auth.c:40 Entering TCSI_OIAP
> To TPM: 00 C1 00 00 00 0A 00 00 00 0A
> TCSD TDDL tddl.c:171 Calling write to driver
> From TPM: 00 C4 00 00 00 22 00 00 00 00 02 AE 13 DE 12 C5
> From TPM: 90 94 62 78 7D D0 A3 F0 1A 0E B0 10 30 75 7D E8
> From TPM: 6D 45
> TCSD TCS tcs_auth_mgr.c:383 added auth for TCS a00e0802 TPM 2ae13de
> TCSD tcsd_threads.c:313 Sending 0x36 bytes back
> TCSD tcsd_threads.c:232 total_recv_size 94, buf_size 1024, recd_so_far
> 28
> TCSD tcsd_threads.c:277 recv_chunk_size 66 recd_so_far 28
> TCSD tcsd_threads.c:284 Rx'd packet
> TCSD TCS rpc/tcstp/rpc.c:580 Dispatching ordinal 91 (NVReadValueAuth)
> TCSD TCS tcsi_nv.c:202 TCSP_NV_ReadValueAuth_Internal: Enter
> TCSD TCS tcsi_nv.c:212 req_mgr_submit_req (oldOffset=67)
> To TPM: 00 C2 00 00 00 43 00 00 00 D0 00 00 00 04 00 00
> To TPM: 00 00 00 00 00 20 02 AE 13 DE 91 73 72 73 CD 93
> To TPM: C0 87 E8 ED C3 FE D4 7A 31 E8 24 6D BB C1 00 8D
> To TPM: 00 40 DF DD 54 7C 94 34 64 77 3F B9 09 79 20 83
> To TPM: 1E A4 19
> TCSD TDDL tddl.c:171 Calling write to driver
> From TPM: 00 C4 00 00 00 0A 00 00 00 18
> LOG_RETERR TPM tcsi_nv.c:216: 0x18
> TCSD TCS tcsi_nv.c:217 UnloadBlob (paramSize=10) result=24
> TCSD TCS tcsi_nv.c:223 Leaving NVReadValueAuth with result:24
> To TPM: 00 C1 00 00 00 12 00 00 00 BA 02 AE 13 DE 00 00
> To TPM: 00 02
> TCSD TDDL tddl.c:171 Calling write to driver
> From TPM: 00 C4 00 00 00 0A 00 00 00 03
> LOG_RETERR TPM tcsi_admin.c:464: 0x3
> TCSD TCS tcs_auth_mgr.c:289 TPM_TerminateHandle returned 3
> TCSD TCS tcs_auth_mgr.c:118 no threads need to be signaled.
> TCSD tcsd_threads.c:313 Sending 0x1C bytes back
> TCSD tcsd_threads.c:232 total_recv_size 33, buf_size 1024, recd_so_far
> 28
> TCSD tcsd_threads.c:277 recv_chunk_size 5 recd_so_far 28
> TCSD tcsd_threads.c:284 Rx'd packet
> TCSD TCS rpc/tcstp/rpc.c:580 Dispatching ordinal 2 (CloseContext)
> TCSD TCS rpc/tcstp/rpc_context.c:71 tcs_wrap_CloseContext: thread
> 140580887299840 context a00e0802
> TCSD TCS tcsi_context.c:39 Closing context A00E0802
> TCSD TCS tcsi_context.c:51 Context A00E0802 closed
> TCSD tcsd_threads.c:313 Sending 0x1C bytes back
> TCSD TCS rpc/tcstp/rpc.c:68 Socket connection closed.
> TCSD tcsd_threads.c:325 Thread exiting.
>
> Does this help you or do you need anything else?
>
> cheers,
> andreas
>
>
> Am 27.1.2014 19:27, schrieb Richard:
>> Another suggestion: compile TrouSerS with debug support, run it in
>> foreground and paste the debug messages you got when executing the
>> nvread operation.
>>
>> Em 27-01-2014 15:59, Andreas Thienemann escreveu:
>>> Hi Ken,
>>>
>>> Am 27.1.2014 18:41, schrieb Ken Goldman:
>>>
>>>> I don't see anything wrong with what you're trying to do.
>>> Good. That was my first worry that I had misunderstood one of the
>>> essentials...
>>>
>>>> Can you switch from the hardware TPM to the SW TPM?
>>>>
>>>> You can then get a trace of the TPM internals. This would tell you
>>>> whether the problem is in the tools, in the TSS, or perhaps even in
>>>> the
>>>> TPM.
>>>>
>>>> I can't imagine debugging any application with the HW TPM, but of
>>>> course
>>>> I wrote the SW TPM. :-)
>>> I haven't tried swtpm yet but let me give it a try.
>>>
>>> I'll be back with some results in a bit.
>>>
>>> cheers,
>>> andreas
>>>
>>>> On 1/26/2014 3:18 PM, Andreas Thienemann wrote:
>>>>> Hi,
>>>>>
>>>>> I've been trying to create a NVRAM area I can keep a key in which is
>>>>> sealed to certain PCRs.
>>>>>
>>>>> If I have the following setting, I am being asked for the nvram
>>>>> password
>>>>> before being able to read the nvram area.
>>>>>
>>>>> [root@foo ~]# tpm_nvinfo -i 2
>>>>> NVRAM index : 0x00000002 (2)
>>>>> PCR read selection:
>>>>> PCRs : 4, 5, 8, 9, 12, 14
>>>>> Localities : ALL
>>>>> Hash : 51522172b46ed13a34ca45f445472291c9675ef5
>>>>> PCR write selection:
>>>>> Localities : ALL
>>>>> Permissions : 0x0040004 (AUTHREAD|AUTHWRITE)
>>>>> bReadSTClear : FALSE
>>>>> bWriteSTClear : FALSE
>>>>> bWriteDefine : FALSE
>>>>> Size : 32 (0x20)
>>>>>
>>>>> [root@foo ~]#
>>>>>
>>>>> If my PCRs change I am unable to access this nvram area with my
>>>>> nvram
>>>>> password. So far so good.
>>>>>
>>>>> I am now trying to have access to this nvram area without having to
>>>>> type
>>>>> in any passwords as long as the PCR registers are the same.
>>>>>
>>>>> When defining the permission as only AUTHWRITE I do have access to
>>>>> the
>>>>> nvnram area without a password but it seems to me that the nvram
>>>>> area
>>>>> is
>>>>> not sealed anymore. If the PCRs change, I can still read out the
>>>>> data
>>>>> from the nvram area which shouldn't be the case.
>>>>>
>>>>> [root@foo ~]# tpm_nvread -i 2 > /dev/null
>>>>> [root@foo ~]# echo $?
>>>>> 0
>>>>> [root@foo ~]# tpm_nvinfo -i 2
>>>>> NVRAM index : 0x00000002 (2)
>>>>> PCR read selection:
>>>>> PCRs : 4, 5, 8, 9, 12, 14
>>>>> Localities : ALL
>>>>> Hash : 51522172b46ed13a34ca45f445472291c9675ef5
>>>>> PCR write selection:
>>>>> Localities : ALL
>>>>> Permissions : 0x00000004 (AUTHWRITE)
>>>>> bReadSTClear : FALSE
>>>>> bWriteSTClear : FALSE
>>>>> bWriteDefine : FALSE
>>>>> Size : 32 (0x20)
>>>>>
>>>>> [root@foo ~]#
>>>>>
>>>>> Any idea how to achieve what I want?
>>>>
>>>> ------------------------------------------------------------------------------
>>>> CenturyLink Cloud: The Leader in Enterprise Cloud Services.
>>>> Learn Why More Businesses Are Choosing CenturyLink Cloud For
>>>> Critical Workloads, Development Environments & Everything In Between.
>>>> Get a Quote or Start a Free Trial Today.
>>>> http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk
>>>> _______________________________________________
>>>> TrouSerS-users mailing list
>>>> TrouSerS-users@lists.sourceforge.net
>>>> https://lists.sourceforge.net/lists/listinfo/trousers-users
>>> ------------------------------------------------------------------------------
>>> CenturyLink Cloud: The Leader in Enterprise Cloud Services.
>>> Learn Why More Businesses Are Choosing CenturyLink Cloud For
>>> Critical Workloads, Development Environments & Everything In Between.
>>> Get a Quote or Start a Free Trial Today.
>>> http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk
>>> _______________________________________________
>>> TrouSerS-users mailing list
>>> TrouSerS-users@lists.sourceforge.net
>>> https://lists.sourceforge.net/lists/listinfo/trousers-users
>>>
>>
>> ------------------------------------------------------------------------------
>> CenturyLink Cloud: The Leader in Enterprise Cloud Services.
>> Learn Why More Businesses Are Choosing CenturyLink Cloud For
>> Critical Workloads, Development Environments & Everything In Between.
>> Get a Quote or Start a Free Trial Today.
>> http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk
>> _______________________________________________
>> TrouSerS-users mailing list
>> TrouSerS-users@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/trousers-users
> ------------------------------------------------------------------------------
> CenturyLink Cloud: The Leader in Enterprise Cloud Services.
> Learn Why More Businesses Are Choosing CenturyLink Cloud For
> Critical Workloads, Development Environments & Everything In Between.
> Get a Quote or Start a Free Trial Today.
> http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk
> _______________________________________________
> TrouSerS-users mailing list
> TrouSerS-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/trousers-users
>
------------------------------------------------------------------------------
WatchGuard Dimension instantly turns raw network data into actionable
security intelligence. It gives you real-time visual feedback on key
security issues and trends. Skip the complicated setup - simply import
a virtual appliance and go from zero to informed in seconds.
http://pubads.g.doubleclick.net/gampad/clk?id=123612991&iu=/4140/ostg.clktrk
_______________________________________________
TrouSerS-users mailing list
TrouSerS-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/trousers-users
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic