* Re: [tpm2] tpm2_nvwrite failing
@ 2018-03-15 22:03 Roberts, William C
0 siblings, 0 replies; 2+ messages in thread
From: Roberts, William C @ 2018-03-15 22:03 UTC (permalink / raw)
To: tpm2
[-- Attachment #1: Type: text/plain, Size: 3872 bytes --]
You're using the owner hierarchy for authorization, where
as you want to use the nv index for authorization.
So when you write and read, your -a needs to match your -x value.
This worked for me:
#!/bin/sh
echo "my nv daat" > /tmp/idfile
NVRAM=0x1800005
HIERACHY=0x40000001
PCRS=sha256:0,1,2,3
PCRVALUE=/tmp/pcrvalue
POLICY=/tmp/policy
echo "Releasing NVRAM - this might fail, but this is OK"
tpm2_nvrelease -x $NVRAM -a $HIERACHY
echo "Constructing policy"
tpm2_pcrlist -Q -L $PCRS -o $PCRVALUE
tpm2_createpolicy -P -L $PCRS -F $PCRVALUE -f $POLICY
echo "Defining area"
tpm2_nvdefine -x $NVRAM -a $HIERACHY -s 64 -L $POLICY -t "policywrite|policyread"
#tpm2_nvdefine -x $NVRAM -a $HIERACHY -s 64 -t "policyread|policywrite"
echo "Writing ID"
cat /tmp/idfile | tpm2_nvwrite -x $NVRAM -a $NVRAM -L $PCRS -F $PCRVALUE
#cat /tmp/idfile | tpm2_nvwrite -x $NVRAM -a $HIERACHY
echo "Reading ID - first attempt should fail if the policy works"
tpm2_nvread -x $NVRAM -a $NVRAM
echo "Reading ID - second attempt should work"
tpm2_nvread -x $NVRAM -a $NVRAM -L $PCRS -F $PCRVALUE
--- EOF ----
As far as nv.sh failures, I don't see them on the simulator. So I would need more information
to understand what the issue you might be.
From: tpm2 [mailto:tpm2-bounces(a)lists.01.org] On Behalf Of Ian Oliver
Sent: Tuesday, March 13, 2018 6:06 AM
To: tpm2(a)lists.01.org
Subject: [tpm2] tpm2_nvwrite failing
Hi
Using 1.3-rc2 of tpm2_tools
We're seeing tpm2_nvwrite fail with policies, both in the nv.sh test file and when run manually
Here's the script which basically follows nv.sh. NB: the file /tmp/idfile exists and contains data!
#!/bin/sh
NVRAM=0x1800005
HIERACHY=0x40000001
PCRS=sha256:0,1,2,3
PCRVALUE=/tmp/pcrvalue
POLICY=/tmp/policy
echo "Releasing NVRAM - this might fail, but this is OK"
tpm2_nvrelease -x $NVRAM -a $HIERACHY
echo "Constructing policy"
tpm2_pcrlist -Q -L $PCRS -o $PCRVALUE
tpm2_createpolicy -P -L $PCRS -F $PCRVALUE -f $POLICY
echo "Defining area"
tpm2_nvdefine -x $NVRAM -a $HIERACHY -s 64 -L $POLICY -t "policyread|policywrite"
#tpm2_nvdefine -x $NVRAM -a $HIERACHY -s 64 -t "policyread|policywrite"
echo "Writing ID"
cat /tmp/idfile | tpm2_nvwrite -x $NVRAM -a $HIERACHY -L $PCRS -F $PCRVALUE
#cat /tmp/idfile | tpm2_nvwrite -x $NVRAM -a $HIERACHY
echo "Reading ID - first attempt should fail if the policy works"
tpm2_nvread -x $NVRAM -a $HIERACHY
tpm2_nvread -x $NVRAM -a $HIERACHY -L $PCRS -F $PCRVALUE
Specifically:
15$tpm2_nvrelease -x 0x1800005 -a 0x40000001
16$tpm2_pcrlist -Q -L sha256:0,1,2,3 -o /tmp/pcrvalue
17$tpm2_createpolicy -P -L sha256:0,1,2,3 -F /tmp/pcrvalue -f /tmp/policy
18$tpm2_nvdefine -x 0x1800005 -a 0x40000001 -s 64 -L /tmp/policy -t "policyread|policywrite"
19$tpm2_nvlist
0x1800005:
hash algorithm:
friendly: sha256
value: 0xB
attributes:
friendly: policywrite|policyread
value: 0x8000800
size: 64
authorization policy: 60DF98CF0931EE42B5372DBC49E7B1966559A62A159B12C90556240D37E2D938
20$echo -n "test" | tpm2_nvwrite -x 0x1800005 -a 0x40000001 -L sha256:0,1,2,3 -F /tmp/pcrvalue
ERROR: Failed to write NV area at index 0x1800005 (25165829) offset 0x0. Error:0x12f
21$cat /tmp/idfile | tpm2_nvwrite -x 0x1800005 -a 0x40000001 -L sha256:0,1,2,3 -F /tmp/pcrvalue
ERROR: Failed to write NV area at index 0x1800005 (25165829) offset 0x0. Error:0x12f
22$tpm2_rc_decode 0x12f
error layer
hex: 0x0
identifier: TSS2_TPM_ERROR_LEVEL
description: Error produced by the TPM
format 0 error code
hex: 0x2f
name: TPM_RC_AUTH_UNAVAILABLE
description: authValue or authPolicy is not available for selected entity.
t.
Ian
--
Dr. Ian Oliver
===============================
Privacy Engineering: via Amazon
Twitter: @i_j_oliver
^ permalink raw reply [flat|nested] 2+ messages in thread
* [tpm2] tpm2_nvwrite failing
@ 2018-03-13 13:06 Ian Oliver
0 siblings, 0 replies; 2+ messages in thread
From: Ian Oliver @ 2018-03-13 13:06 UTC (permalink / raw)
To: tpm2
[-- Attachment #1: Type: text/plain, Size: 2454 bytes --]
Hi
Using 1.3-rc2 of tpm2_tools
We're seeing tpm2_nvwrite fail with policies, both in the nv.sh test file
and when run manually
Here's the script which basically follows nv.sh. NB: the file /tmp/idfile
exists and contains data!
#!/bin/sh
NVRAM=0x1800005
HIERACHY=0x40000001
PCRS=sha256:0,1,2,3
PCRVALUE=/tmp/pcrvalue
POLICY=/tmp/policy
echo "Releasing NVRAM - this might fail, but this is OK"
tpm2_nvrelease -x $NVRAM -a $HIERACHY
echo "Constructing policy"
tpm2_pcrlist -Q -L $PCRS -o $PCRVALUE
tpm2_createpolicy -P -L $PCRS -F $PCRVALUE -f $POLICY
echo "Defining area"
tpm2_nvdefine -x $NVRAM -a $HIERACHY -s 64 -L $POLICY -t
"policyread|policywrite"
#tpm2_nvdefine -x $NVRAM -a $HIERACHY -s 64 -t "policyread|policywrite"
echo "Writing ID"
cat /tmp/idfile | tpm2_nvwrite -x $NVRAM -a $HIERACHY -L $PCRS -F $PCRVALUE
#cat /tmp/idfile | tpm2_nvwrite -x $NVRAM -a $HIERACHY
echo "Reading ID - first attempt should fail if the policy works"
tpm2_nvread -x $NVRAM -a $HIERACHY
tpm2_nvread -x $NVRAM -a $HIERACHY -L $PCRS -F $PCRVALUE
Specifically:
15$tpm2_nvrelease -x 0x1800005 -a 0x40000001
16$tpm2_pcrlist -Q -L sha256:0,1,2,3 -o /tmp/pcrvalue
17$tpm2_createpolicy -P -L sha256:0,1,2,3 -F /tmp/pcrvalue -f /tmp/policy
18$tpm2_nvdefine -x 0x1800005 -a 0x40000001 -s 64 -L /tmp/policy -t
"policyread|policywrite"
19$tpm2_nvlist
0x1800005:
hash algorithm:
friendly: sha256
value: 0xB
attributes:
friendly: policywrite|policyread
value: 0x8000800
size: 64
authorization policy:
60DF98CF0931EE42B5372DBC49E7B1966559A62A159B12C90556240D37E2D938
20$echo -n "test" | tpm2_nvwrite -x 0x1800005 -a 0x40000001 -L
sha256:0,1,2,3 -F /tmp/pcrvalue
ERROR: Failed to write NV area at index 0x1800005 (25165829) offset 0x0.
Error:0x12f
21$cat /tmp/idfile | tpm2_nvwrite -x 0x1800005 -a 0x40000001 -L
sha256:0,1,2,3 -F /tmp/pcrvalue
ERROR: Failed to write NV area at index 0x1800005 (25165829) offset 0x0.
Error:0x12f
22$tpm2_rc_decode 0x12f
error layer
hex: 0x0
identifier: TSS2_TPM_ERROR_LEVEL
description: Error produced by the TPM
format 0 error code
hex: 0x2f
name: TPM_RC_AUTH_UNAVAILABLE
description: authValue or authPolicy is not available for selected entity.
t.
Ian
--
*Dr. Ian Oliver*
===============================
Privacy Engineering: via Amazon <http://www.amazon.co.uk/dp/1497569710>
*Twitter: @i_j_oliver*
[-- Attachment #2: attachment.html --]
[-- Type: text/html, Size: 3294 bytes --]
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2018-03-15 22:03 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-03-15 22:03 [tpm2] tpm2_nvwrite failing Roberts, William C
-- strict thread matches above, loose matches on Subject: below --
2018-03-13 13:06 Ian Oliver
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.