0x98e is: $ ./tpm2_rc_decode 0x98e error layer hex: 0x0 identifier: TSS2_TPM_RC_LAYER description: Error produced by the TPM format 1 error code hex: 0x0e identifier: TPM2_RC_AUTH_FAIL description: the authorization HMAC check failed and DA counter incremented session hex: 0x100 identifier: TPM2_RC_1 description: (null) SO it looks like you're not setting up the auth properly in the session. > -----Original Message----- > From: tpm2 [mailto:tpm2-bounces(a)lists.01.org] On Behalf Of Yasuhiro Hosoda > Sent: Wednesday, December 13, 2017 10:59 PM > To: tpm2(a)lists.01.org > Subject: [tpm2] tpm2-tss question > > MY name is Yasuhiro Hosoda. > > > I am developing a program using TSS1.0(Nov1.2016). > I encountered a problem with PolicySecret error 0x98e and need help. > My program uses tpmtest.cpp as a base of development. > The situation is as follows: > > 1 Create TPM Keys like this. > > EK > |-------- > |          | > MK       AK > | > SK > > 2 Execute PolicySecret twice using HMAC session. At first, it ends without error. > Then it ends with 0x98e For clarification, I print out the values of Virtual Handle > and Real Handle. > The value of Virtual/Real Handles differ at 2nd excution of the command. > (See NO 25/26 Below) > > I understand that the resource manager assigns Virtual Handle and my program > calculates HMAC using that handles. > On the other hand, TPM may calculate HMAC using Real Handle. > That is my hypothesis. > > Any suggestion about the usage of Session Handle? > > NO      Command           Virtual/Real Handle         LOC 1.    CreatePrimary(EK) > real=80000000, virtual=80000000 8381 2.    HierarchyChangeAuth1 8421 > 3.    HierarchyChangeAuth2 8431 4.    StartAuthSession(Policy) real=3000000, > virtual=3000000 8480 5.    PolicySecret(ENDORSEMENT) 8494 6.    Create(MK) 8515 > 7.    PolicySecret(ENDORSEMENT) 8529 8.    Load(MK) real=80000001, > virtual=80000001 8542 9.    Evict(MK) 8552 10.    Create(SK) 8590 11.    Load(SK) > real=80000001, virtual=80000002 8598 12.    PolicySecret(ENDORSEMENT) 8609 > 13.    Create(AK) 8635 14.    PolicySecret(ENDORSEMENT) 8645 15.    Load(AK) > real=80000001, virtual=80000003 8655 16.    FlushContext(POLICY) 8664 > 17.    StartAuthSession(POLICY) real=3000000, virtual=3000000 8668 > 18.    StartAuthSession(HMAC) real=2000001, virtual=2000001 8678 > 19.    ComputeCommandHMAC(LoadExternal) real=80000000, virtual=80000004 > 3706 20.    ComputeCommandHMAC(HMAC_Start) real=80000001, > virtual=80000005 3706 21.    PolicySecret(SK) 8711 22.    FlushContext(HMAC) 8717 > 23.    FlushContext(POLICY) 8724 24.    CertifyCreation(SK) 8738 > 25.    StartAuthSession(POLICY) real=3000000, virtual=3000001 8745 > 26.    StartAuthSession(HMAC) real=2000001, virtual=2000000 8754 > 27.    ComputeCommandHMAC(LoadExternal) real=80000000, virtual=80000005 > 8782 28.    ComputeCommandHMAC(HMAC_Start) real=80000001, > virtual=80000004 8782 29.    PolicySecret(SK) 8789 > > The whole  source program can be found here. > https://github.com/intel/tpm2-tss/files/1516612/tpmtest.cpp_0x98e_2.txt > > > Kind regards, > > -- > Yasuhiro Hosoda > > NTT Electronics Corporation (NEL) > Security Support Project > > > _______________________________________________ > tpm2 mailing list > tpm2(a)lists.01.org > https://lists.01.org/mailman/listinfo/tpm2