* [tpm2] OpenSSL 3 and TPM 2 vendor certs in NVRAM...
@ 2022-04-26 13:18 Sievert, James
0 siblings, 0 replies; only message in thread
From: Sievert, James @ 2022-04-26 13:18 UTC (permalink / raw)
To: tpm2
[-- Attachment #1: Type: text/plain, Size: 2276 bytes --]
Hi,
The TPM vendor has internal certificates stored at 0x1c0000a and 0x1c00002:
0x1c00002:
name: 000bec00c657a4e2724101954c2c9d51ddd45c825c3997ec0786c3afeb0f7fca3ec7
hash algorithm:
friendly: sha256
value: 0xB
attributes:
friendly: ppwrite|writedefine|ppread|ownerread|authread|no_da|written|platformcreate
value: 0x1200762
size: 1177
0x1c0000a:
name: 000b2571404112c8aae1cde797c438d921093fc89b74d44564c25c296aaa26a6f041
hash algorithm:
friendly: sha256
value: 0xB
attributes:
friendly: ppwrite|writedefine|ppread|ownerread|authread|no_da|written|platformcreate
value: 0x1200762
size: 781
I cannot retrieve them using openssl x509:
$ openssl x509 -provider tpm2 -provider default -in handle:0x1c0000a
WARNING:esys:src/tss2-esys/api/Esys_NV_Read.c:315:Esys_NV_Read_Finish() Received TPM Error
ERROR:esys:src/tss2-esys/api/Esys_NV_Read.c:105:Esys_NV_Read() Esys Finish ErrorCode (0x00000095)
Could not read certificate from handle:0x1c0000a
405C04A14E7F0000:error:4000000C:tpm2::cannot load key::-1:149 tpm:handle(unk):structure is the wrong size
Unable to load certificate
$ openssl x509 -provider tpm2 -provider default -in handle:0x1c00002
WARNING:esys:src/tss2-esys/api/Esys_NV_Read.c:315:Esys_NV_Read_Finish() Received TPM Error
ERROR:esys:src/tss2-esys/api/Esys_NV_Read.c:105:Esys_NV_Read() Esys Finish ErrorCode (0x00000095)
Could not read certificate from handle:0x1c00002
40DC7060527F0000:error:4000000C:tpm2::cannot load key::-1:149 tpm:handle(unk):structure is the wrong size
Unable to load certificate
This does work; however:
bsci(a)ip-10-132-42-225:~/test$ tpm2_nvread -C p -s 781 0x1c0000a |openssl x509 -in /dev/stdin -inform der -noout -text
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 756297432 (0x2d142ed8)
Signature Algorithm: ecdsa-with-SHA256
Issuer: C = DE, O = Infineon Technologies AG, OU = OPTIGA(TM) TPM2.0, CN = Infineon OPTIGA(TM) ECC Manufacturing CA 029
Validity
Not Before: Sep 29 02:49:58 2021 GMT
Not After : Sep 29 02:49:58 2036 GMT
...
Thanks.
[-- Attachment #2: attachment.htm --]
[-- Type: text/html, Size: 10755 bytes --]
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2022-04-26 13:18 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-04-26 13:18 [tpm2] OpenSSL 3 and TPM 2 vendor certs in NVRAM Sievert, James
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.