[tpm2] Re: trying duplication and then rsa_en/decrypt

[tpm2] Re: trying duplication and then rsa_en/decrypt

[Imran Desai]

[-- Attachment #1: Type: text/plain, Size: 93 bytes --]

I have opened an issue in the tracker https://github.com/tpm2-software/tpm2-tools/issues/2037

[tpm2] Re: trying duplication and then rsa_en/decrypt

[Roberts, William C]

[-- Attachment #1: Type: text/plain, Size: 3893 bytes --]



> -----Original Message-----
> From: ted.h.kim(a)oracle.com [mailto:ted.h.kim(a)oracle.com]
> Sent: Thursday, May 21, 2020 11:19 AM
> To: Roberts, William C <william.c.roberts(a)intel.com>
> Cc: Desai, Imran <imran.desai(a)intel.com>; tpm2(a)lists.01.org
> Subject: Re: [tpm2] Re: trying duplication and then rsa_en/decrypt
> 
> William,
> 
> Thanks for your reply.
> 
> On 5/21/20 8:08 AM, Roberts, William C wrote:
> >> -----Original Message-----
> >> From: ted.h.kim(a)oracle.com [mailto:ted.h.kim(a)oracle.com]
> >> Sent: Wednesday, May 20, 2020 7:38 PM
> >> To: Desai, Imran <imran.desai(a)intel.com>
> >> Cc: tpm2(a)lists.01.org
> >> Subject: [tpm2] Re: trying duplication and then rsa_en/decrypt
> >>
> >> Imran,
> >>
> >> The fix worked -- Thank you.
> >>
> >> One other suggestion would be to add "userwithauth" to the
> >> tpm2_create commands in the man page examples for tpm2_duplicate(1)
> >> and tpm2_policyduplicationselect(1). This would make the duplicated
> >> keys in those examples more useful.
> > That patch I had to revert, a similar fix will come out, but we must
> > not turn down userwith when someone:
> > - doesn't provide attributes via -a
> > - doesn't provide a password
> > - does provide a policy
> >
> > If someone specifies a policy and no password without explicitly
> > providing the attributes, they likely want the authorization to the
> > object to be controlled via policy, not policy and an empty password. So when
> the tool is choosing attributes that's how it needs to do it.
> > So for your example, you'll have to specify userwithauth and then we
> > will update the manpage to reflect this.
> >
> > Note that your creating an object with no real auth value (empty
> > password), so keep that in mind.
> 
> understand, looking forward to the final fix
> 
> 
> >> Since I am on the 4.1.X branch, should I expect this fix to roll out with 4.1.3 ?
> > Why not just bump versions? Everything on 4.X is backwards compat, nothing
> breaks.
> > You may need to bump your tss version, but again, backwards compat,
> > should just Work.
> 
> I will eventually do that.
> 
> But for the moment, I don't have the time. I know using tpm2-tools-4.2.X
> requires tpm2-tss-2.4.x which for my environment has some missing
> dependencies which I have yet to resolve.

No worries, we should be able to do a backport fix for you. We have a milestone here:
https://github.com/tpm2-software/tpm2-tools/milestone/20

Hopefully Monday we can cut RC0 and then a week form that have a full release.


> 
> Thanks,
> -ted
> 
> 
> >> Thanks,
> >> -ted
> >>
> >> On 5/20/20 1:49 PM, ted.h.kim(a)oracle.com wrote:
> >>> Imran,
> >>>
> >>> Okay, I will try it out.
> >>>
> >>> Also thanks for the pointer to the example on duplicating objects
> >>> between TPMs.
> >>>
> >>> Thanks,
> >>> -ted
> >>>
> >>> On 5/20/20 12:44 PM, Imran Desai wrote:
> >>>> I have a PR fixing this issue. If you want to try your script with
> >>>> this branch, it is here:
> >>>> https://urldefense.com/v3/__https://github.com/tpm2-software/tpm2-t
> >>>> oo
> >>>> ls/pull/2038__;!!GqivPVa7Brio!JgE6G26n2bbDPLYBuJ2jf-Buv9U53CDF_b_5y
> >>>> 43
> >>>> EAj8Q9hiybuldt1D8ZH_RPlQ$
> >>>> _______________________________________________
> >>>> tpm2 mailing list -- tpm2(a)lists.01.org To unsubscribe send an email
> >>>> to tpm2-leave(a)lists.01.org
> >>>> %(web_page_url)slistinfo%(cgiext)s/%(_internal_name)s
> >> --
> >> Ted H. Kim, PhD
> >> ted.h.kim(a)oracle.com
> >> +1 310-258-7515
> >>
> >> _______________________________________________
> >> tpm2 mailing list -- tpm2(a)lists.01.org To unsubscribe send an email
> >> to tpm2-leave(a)lists.01.org
> >> %(web_page_url)slistinfo%(cgiext)s/%(_internal_name)s
> 
> --
> Ted H. Kim, PhD
> ted.h.kim(a)oracle.com
> +1 310-258-7515
> 

[tpm2] Re: trying duplication and then rsa_en/decrypt

[ted.h.kim]

[-- Attachment #1: Type: text/plain, Size: 3115 bytes --]

William,

Thanks for your reply.

On 5/21/20 8:08 AM, Roberts, William C wrote:
>> -----Original Message-----
>> From: ted.h.kim(a)oracle.com [mailto:ted.h.kim(a)oracle.com]
>> Sent: Wednesday, May 20, 2020 7:38 PM
>> To: Desai, Imran <imran.desai(a)intel.com>
>> Cc: tpm2(a)lists.01.org
>> Subject: [tpm2] Re: trying duplication and then rsa_en/decrypt
>>
>> Imran,
>>
>> The fix worked -- Thank you.
>>
>> One other suggestion would be to add "userwithauth" to the tpm2_create
>> commands in the man page examples for tpm2_duplicate(1) and
>> tpm2_policyduplicationselect(1). This would make the duplicated keys in those
>> examples more useful.
> That patch I had to revert, a similar fix will come out, but we must not turn down userwith
> when someone:
> - doesn't provide attributes via -a
> - doesn't provide a password
> - does provide a policy
>
> If someone specifies a policy and no password without explicitly providing the attributes,
> they likely want the authorization to the object to be controlled via policy, not policy and
> an empty password. So when the tool is choosing attributes that's how it needs to do it.
> So for your example, you'll have to specify userwithauth and then we will update the
> manpage to reflect this.
>
> Note that your creating an object with no real auth value (empty password), so keep that in
> mind.

understand, looking forward to the final fix


>> Since I am on the 4.1.X branch, should I expect this fix to roll out with 4.1.3 ?
> Why not just bump versions? Everything on 4.X is backwards compat, nothing breaks.
> You may need to bump your tss version, but again, backwards compat, should just
> Work.

I will eventually do that.

But for the moment, I don't have the time. I know using tpm2-tools-4.2.X 
requires tpm2-tss-2.4.x which for my environment has some missing 
dependencies which I have yet to resolve.

Thanks,
-ted


>> Thanks,
>> -ted
>>
>> On 5/20/20 1:49 PM, ted.h.kim(a)oracle.com wrote:
>>> Imran,
>>>
>>> Okay, I will try it out.
>>>
>>> Also thanks for the pointer to the example on duplicating objects
>>> between TPMs.
>>>
>>> Thanks,
>>> -ted
>>>
>>> On 5/20/20 12:44 PM, Imran Desai wrote:
>>>> I have a PR fixing this issue. If you want to try your script with
>>>> this branch, it is here:
>>>> https://urldefense.com/v3/__https://github.com/tpm2-software/tpm2-too
>>>> ls/pull/2038__;!!GqivPVa7Brio!JgE6G26n2bbDPLYBuJ2jf-Buv9U53CDF_b_5y43
>>>> EAj8Q9hiybuldt1D8ZH_RPlQ$
>>>> _______________________________________________
>>>> tpm2 mailing list -- tpm2(a)lists.01.org To unsubscribe send an email
>>>> to tpm2-leave(a)lists.01.org
>>>> %(web_page_url)slistinfo%(cgiext)s/%(_internal_name)s
>> --
>> Ted H. Kim, PhD
>> ted.h.kim(a)oracle.com
>> +1 310-258-7515
>>
>> _______________________________________________
>> tpm2 mailing list -- tpm2(a)lists.01.org
>> To unsubscribe send an email to tpm2-leave(a)lists.01.org
>> %(web_page_url)slistinfo%(cgiext)s/%(_internal_name)s

-- 
Ted H. Kim, PhD
ted.h.kim(a)oracle.com
+1 310-258-7515

[tpm2] Re: trying duplication and then rsa_en/decrypt

[Roberts, William C]

[-- Attachment #1: Type: text/plain, Size: 2639 bytes --]



> -----Original Message-----
> From: ted.h.kim(a)oracle.com [mailto:ted.h.kim(a)oracle.com]
> Sent: Wednesday, May 20, 2020 7:38 PM
> To: Desai, Imran <imran.desai(a)intel.com>
> Cc: tpm2(a)lists.01.org
> Subject: [tpm2] Re: trying duplication and then rsa_en/decrypt
> 
> Imran,
> 
> The fix worked -- Thank you.
> 
> One other suggestion would be to add "userwithauth" to the tpm2_create
> commands in the man page examples for tpm2_duplicate(1) and
> tpm2_policyduplicationselect(1). This would make the duplicated keys in those
> examples more useful.

That patch I had to revert, a similar fix will come out, but we must not turn down userwith
when someone:
- doesn't provide attributes via -a
- doesn't provide a password
- does provide a policy

If someone specifies a policy and no password without explicitly providing the attributes,
they likely want the authorization to the object to be controlled via policy, not policy and
an empty password. So when the tool is choosing attributes that's how it needs to do it.
So for your example, you'll have to specify userwithauth and then we will update the
manpage to reflect this.

Note that your creating an object with no real auth value (empty password), so keep that in
mind.

> 
> Since I am on the 4.1.X branch, should I expect this fix to roll out with 4.1.3 ?

Why not just bump versions? Everything on 4.X is backwards compat, nothing breaks.
You may need to bump your tss version, but again, backwards compat, should just
Work.

> 
> Thanks,
> -ted
> 
> On 5/20/20 1:49 PM, ted.h.kim(a)oracle.com wrote:
> > Imran,
> >
> > Okay, I will try it out.
> >
> > Also thanks for the pointer to the example on duplicating objects
> > between TPMs.
> >
> > Thanks,
> > -ted
> >
> > On 5/20/20 12:44 PM, Imran Desai wrote:
> >> I have a PR fixing this issue. If you want to try your script with
> >> this branch, it is here:
> >> https://urldefense.com/v3/__https://github.com/tpm2-software/tpm2-too
> >> ls/pull/2038__;!!GqivPVa7Brio!JgE6G26n2bbDPLYBuJ2jf-Buv9U53CDF_b_5y43
> >> EAj8Q9hiybuldt1D8ZH_RPlQ$
> >> _______________________________________________
> >> tpm2 mailing list -- tpm2(a)lists.01.org To unsubscribe send an email
> >> to tpm2-leave(a)lists.01.org
> >> %(web_page_url)slistinfo%(cgiext)s/%(_internal_name)s
> >
> --
> Ted H. Kim, PhD
> ted.h.kim(a)oracle.com
> +1 310-258-7515
> 
> _______________________________________________
> tpm2 mailing list -- tpm2(a)lists.01.org
> To unsubscribe send an email to tpm2-leave(a)lists.01.org
> %(web_page_url)slistinfo%(cgiext)s/%(_internal_name)s

[tpm2] Re: trying duplication and then rsa_en/decrypt

[ted.h.kim]

[-- Attachment #1: Type: text/plain, Size: 1191 bytes --]

Imran,

The fix worked -- Thank you.

One other suggestion would be to add "userwithauth" to the tpm2_create 
commands in the man page examples for tpm2_duplicate(1) and 
tpm2_policyduplicationselect(1). This would make the duplicated keys in 
those examples more useful.

Since I am on the 4.1.X branch, should I expect this fix to roll out 
with 4.1.3 ?

Thanks,
-ted

On 5/20/20 1:49 PM, ted.h.kim(a)oracle.com wrote:
> Imran,
>
> Okay, I will try it out.
>
> Also thanks for the pointer to the example on duplicating objects 
> between TPMs.
>
> Thanks,
> -ted
>
> On 5/20/20 12:44 PM, Imran Desai wrote:
>> I have a PR fixing this issue. If you want to try your script with 
>> this branch, it is here: 
>> https://urldefense.com/v3/__https://github.com/tpm2-software/tpm2-tools/pull/2038__;!!GqivPVa7Brio!JgE6G26n2bbDPLYBuJ2jf-Buv9U53CDF_b_5y43EAj8Q9hiybuldt1D8ZH_RPlQ$
>> _______________________________________________
>> tpm2 mailing list -- tpm2(a)lists.01.org
>> To unsubscribe send an email to tpm2-leave(a)lists.01.org
>> %(web_page_url)slistinfo%(cgiext)s/%(_internal_name)s
>
-- 
Ted H. Kim, PhD
ted.h.kim(a)oracle.com
+1 310-258-7515

[tpm2] Re: trying duplication and then rsa_en/decrypt

[ted.h.kim]

[-- Attachment #1: Type: text/plain, Size: 720 bytes --]

Imran,

Okay, I will try it out.

Also thanks for the pointer to the example on duplicating objects 
between TPMs.

Thanks,
-ted

On 5/20/20 12:44 PM, Imran Desai wrote:
> I have a PR fixing this issue. If you want to try your script with this branch, it is here: https://urldefense.com/v3/__https://github.com/tpm2-software/tpm2-tools/pull/2038__;!!GqivPVa7Brio!JgE6G26n2bbDPLYBuJ2jf-Buv9U53CDF_b_5y43EAj8Q9hiybuldt1D8ZH_RPlQ$
> _______________________________________________
> tpm2 mailing list -- tpm2(a)lists.01.org
> To unsubscribe send an email to tpm2-leave(a)lists.01.org
> %(web_page_url)slistinfo%(cgiext)s/%(_internal_name)s

-- 
Ted H. Kim, PhD
ted.h.kim(a)oracle.com
+1 310-258-7515

[tpm2] Re: trying duplication and then rsa_en/decrypt

[Imran Desai]

[-- Attachment #1: Type: text/plain, Size: 145 bytes --]

I have a PR fixing this issue. If you want to try your script with this branch, it is here: https://github.com/tpm2-software/tpm2-tools/pull/2038

[tpm2] Re: trying duplication and then rsa_en/decrypt

[Imran Desai]

[-- Attachment #1: Type: text/plain, Size: 256 bytes --]

Yes, that looks odd. Can you please file an issue in the tpm2-tools. Also, there is a full example of a key being duplicated, imported between the TPMs and then used for signing here --> https://github.com/tpm2-software/tpm2-tools/wiki/Duplicating-Objects.

[tpm2] Re: trying duplication and then rsa_en/decrypt

[ted.h.kim]

[-- Attachment #1: Type: text/plain, Size: 3899 bytes --]

Imran,

I tried this, but I noticed something that I think is odd.

I added the userwithauth:
# tpm2_create -C src_o.ctx -g sha256 -G rsa -r dupkey.priv -u dupkey.pub \
      -L policydupselect.dat  \
      -a "sensitivedataorigin|sign|decrypt|userwithauth" -c dupkey.ctx -Q

but it does not show up in the readpublic (which is below).

Is this a bug?

FWIW, I am on the 4.1.X branch (just before 4.1.2 came out).
Do I need the 4.1.2 changes?

Thanks,
-ted


  # more dupkey.rp-txt
  key: dupkey.ctx
  name: 000b6894c94c68dd0d379b80c6417130e620e9da317b0033b1cddd1ab542c5a592e6
  qualified name: 
000bb9be4705c017f1bf8b238b5f53c87487b4a73c86b8345abfdc671014ab5567ff
  name-alg:
    value: sha256
    raw: 0xb
  attributes:
    value: sensitivedataorigin|decrypt|sign
    raw: 0x60020
  type:
    value: rsa
    raw: 0x1
  exponent: 0x0
  bits: 2048
  scheme:
    value: null
    raw: 0x10
  scheme-halg:
    value: (null)
    raw: 0x0
  sym-alg:
    value: null
    raw: 0x10
  sym-mode:
    value: (null)
    raw: 0x0
  sym-keybits: 0
  rsa: 
cf42bc7b2063618a8e74d9179f263d0b71be412780d09d5f2e876714f5597fe797c97226473
  d2f4b23e3ded77af61c6959ae708e3d59e965f928750a56db367fa6f687ab8a107ac7e89b76fb1aa
  1cb09008e1d239fe874937e292b447970ab464466ab293df3e473c839dbce360efe92c5bb20eac66
  0714e6a7f7f7ce0646eb9a16e2fe80ba148c4bdb591fec14aed763d70f59cfa4d91dbc1515cfe296
  4452a897cea0c958d8da3615003a6b1b08318a6ddf8f9181923ba6eb7fc127a6d9a9148bdd60f3b4
  663ae246f5216f15f3d5a78b6e69b06e9ce5fbd9d62cf461e088a35da3d41930179839e9984e8976
  de8f0a3ecda87812c53771603dca3ffabac01
  authorization policy: 
389e01e8e7605646e8586acc5270ff210125d040d152c348266c99c441
  84f4d2



On 5/20/20 11:03 AM, ted.h.kim(a)oracle.com wrote:
> Hi Imran,
>
> Thanks for your reply.
>
> I had two cases, but for now, let's talk about the one in the 
> tpm2_policyduplicationselect(1) man page. I did the exact steps listed 
> there in the example. Then after the duplication, I did an import and 
> load, as follows:
>
> # tpm2_import -Q -C dst_n.ctx -i new_dupkey.priv -u dupkey.pub \
>     -s dupseed.dat -r imported.priv -L policydupselect.dat
>
> # tpm2_load -Q -C dst_n.ctx -r imported.priv -u dupkey.pub -c 
> imported.ctx
>
> I then tried to do tpm2_rsa_en/decrypt with imported.ctx. The decrypt 
> is where the policy errors came up.
>
>
> But as you point out below the "userwithauth" attribute is not part of 
> the example in that man page. So let me try again with that attribute 
> added. IIRC, the readpublic on the duplicated/imported key did 
> reference a policy, which I could not figure out how to satisfy. Will 
> get back to you shortly after trying again.
>
> Thanks,
> -ted
>
>
> On 5/20/20 10:31 AM, Imran Desai wrote:
>> Hi Ted,
>>
>> Based on what you said you want to accomplish and your 
>> above-mentioned references, I have a hunch that you have the keys set 
>> up incorrectly.
>> Can you please,
>> 1. Try to create a key with "userwithauth" set in the step in your 
>> script that references policy_duplication man page as in here: 
>> "tpm2_create -C src_o.ctx -g sha256 -G rsa -r dupkey.priv -u 
>> dupkey.pub \
>> -L policydupselect.dat  -a 
>> "sensitivedataorigin|sign|decrypt|userwithauth" -c dupkey.ctx -Q"
>> 2. Share your exact steps/ script that you implemented.
>> 3. Share the key properties of the parent and child object you 
>> created. You can use tpm2_readpublic command to dump the key properties.
>>
>> Thanks
>> _______________________________________________
>> tpm2 mailing list -- tpm2(a)lists.01.org
>> To unsubscribe send an email to tpm2-leave(a)lists.01.org
>> %(web_page_url)slistinfo%(cgiext)s/%(_internal_name)s
>
-- 
Ted H. Kim, PhD
ted.h.kim(a)oracle.com
+1 310-258-7515

[tpm2] Re: trying duplication and then rsa_en/decrypt

[ted.h.kim]

[-- Attachment #1: Type: text/plain, Size: 1952 bytes --]

Hi Imran,

Thanks for your reply.

I had two cases, but for now, let's talk about the one in the 
tpm2_policyduplicationselect(1) man page. I did the exact steps listed 
there in the example. Then after the duplication, I did an import and 
load, as follows:

# tpm2_import -Q -C dst_n.ctx -i new_dupkey.priv -u dupkey.pub \
     -s dupseed.dat -r imported.priv -L policydupselect.dat

# tpm2_load -Q -C dst_n.ctx -r imported.priv -u dupkey.pub -c imported.ctx

I then tried to do tpm2_rsa_en/decrypt with imported.ctx. The decrypt is 
where the policy errors came up.


But as you point out below the "userwithauth" attribute is not part of 
the example in that man page. So let me try again with that attribute 
added. IIRC, the readpublic on the duplicated/imported key did reference 
a policy, which I could not figure out how to satisfy. Will get back to 
you shortly after trying again.

Thanks,
-ted


On 5/20/20 10:31 AM, Imran Desai wrote:
> Hi Ted,
>
> Based on what you said you want to accomplish and your above-mentioned references, I have a hunch that you have the keys set up incorrectly.
> Can you please,
> 1. Try to create a key with "userwithauth" set in the step in your script that references policy_duplication man page as in here: "tpm2_create -C src_o.ctx -g sha256 -G rsa -r dupkey.priv -u dupkey.pub \
> -L policydupselect.dat  -a "sensitivedataorigin|sign|decrypt|userwithauth" -c dupkey.ctx -Q"
> 2. Share your exact steps/ script that you implemented.
> 3. Share the key properties of the parent and child object you created. You can use tpm2_readpublic command to dump the key properties.
>
> Thanks
> _______________________________________________
> tpm2 mailing list -- tpm2(a)lists.01.org
> To unsubscribe send an email to tpm2-leave(a)lists.01.org
> %(web_page_url)slistinfo%(cgiext)s/%(_internal_name)s

-- 
Ted H. Kim, PhD
ted.h.kim(a)oracle.com
+1 310-258-7515

[tpm2] Re: trying duplication and then rsa_en/decrypt

[Imran Desai]

[-- Attachment #1: Type: text/plain, Size: 673 bytes --]

Hi Ted, 

Based on what you said you want to accomplish and your above-mentioned references, I have a hunch that you have the keys set up incorrectly. 
Can you please,
1. Try to create a key with "userwithauth" set in the step in your script that references policy_duplication man page as in here: "tpm2_create -C src_o.ctx -g sha256 -G rsa -r dupkey.priv -u dupkey.pub \
-L policydupselect.dat  -a "sensitivedataorigin|sign|decrypt|userwithauth" -c dupkey.ctx -Q"
2. Share your exact steps/ script that you implemented.
3. Share the key properties of the parent and child object you created. You can use tpm2_readpublic command to dump the key properties.

Thanks

[tpm2] Re: trying duplication and then rsa_en/decrypt

[Roberts, William C]

[-- Attachment #1: Type: text/plain, Size: 2149 bytes --]

+ Imran,

Can you help him out?
Also, can you add to the manpages so theirs examples of using the duplicated key?


> -----Original Message-----
> From: ted.h.kim(a)oracle.com [mailto:ted.h.kim(a)oracle.com]
> Sent: Tuesday, May 19, 2020 8:10 PM
> To: tpm2(a)lists.01.org
> Subject: [tpm2] trying duplication and then rsa_en/decrypt
> 
> Folks,
> 
> Sorry for what is probably an obvious question ...
> 
> I tried the examples in the tpm2_duplicate(1) and
> tpm2_policyduplicationselect(1) man pages. Afterwards, I just wanted to try out
> the duplicated keys. So I tried tpm2_rsaencrypt followed by tpm2_rsadecrypt.
> But when doing the latter, I got:
> 
> WARNING:esys:src/tss2-
> esys/api/Esys_RSA_Decrypt.c:305:Esys_RSA_Decrypt_Finish()
> Received TPM Error
> ERROR:esys:src/tss2-esys/api/Esys_RSA_Decrypt.c:102:Esys_RSA_Decrypt()
> Esys Finish ErrorCode (0x0000012f)
> ERROR: Esys_RSA_Decrypt(0x12F) - tpm:error(2.0): authValue or authPolicy is not
> available for selected entity
> ERROR: Unable to run tpm2_rsadecrypt
> 
> 
> Which I guess means I didn't satisfy the policy for the object. But if I try to run
> tpm2_startauthsession like those man page examples show, I get this error:
> 
> WARNING:esys:src/tss2-
> esys/api/Esys_RSA_Decrypt.c:305:Esys_RSA_Decrypt_Finish()
> Received TPM Error
> ERROR:esys:src/tss2-esys/api/Esys_RSA_Decrypt.c:102:Esys_RSA_Decrypt()
> Esys Finish ErrorCode (0x000009a4)
> ERROR: Esys_RSA_Decrypt(0x9A4) - tpm:session(1):the commandCode in the
> policy is not the commandCode of the command or the command code in a policy
> command references a command that is not implemented
> ERROR: Unable to run tpm2_rsadecrypt
> 
> 
> And so, I am confused now about what I need to do to get these duplicated keys
> to work with tpm2_rsadecrypt.
> 
> 
> Thanks,
> -ted
> 
> 
> 
> --
> Ted H. Kim, PhD
> ted.h.kim(a)oracle.com
> +1 310-258-7515
> 
> _______________________________________________
> tpm2 mailing list -- tpm2(a)lists.01.org
> To unsubscribe send an email to tpm2-leave(a)lists.01.org
> %(web_page_url)slistinfo%(cgiext)s/%(_internal_name)s