* [tpm2] [TPM][tpm2_tools] Why tpm2_nvreadlock can't work normally with the attribute "policyread|policywrite|read_stclear"?
@ 2019-09-26 7:39 Zhao, Shirley
0 siblings, 0 replies; 2+ messages in thread
From: Zhao, Shirley @ 2019-09-26 7:39 UTC (permalink / raw)
To: tpm2
[-- Attachment #1: Type: text/plain, Size: 1041 bytes --]
Hi, all,
I want to define a NV index with attribute "policyread|policywrite|read_stclear", but get error when tpm2_nvreadlock.
Only set the attribute as "policyread|policywrite|ownerwrite|ownerread|read_stclear", tpm2_nvreadlock can work normally.
The following is the steps:
$ tpm2_nvdefine -x 0x1500018 -a 0x40000001 -s 64 -L pcr.policy -t "policyread|policywrite|read_stclear"
$ tpm2_nvwrite -x 0x1500018 -a 0x1500018 -L sha256:7 -o 0 test.bin
$ tpm2_nvread -x 0x1500018 -a 0x1500018 -L sha256:7
$ tpm2_nvreadlock -x 0x1500018 -a 0x1500018
ERROR on line: "82" in file: "tools/tpm2_nvreadlock.c": Failed to lock NVRAM area at index 0x1500018
ERROR on line: "81" in file: "./lib/log.h": Tss2_Sys_NV_ReadLock(0x12F) - tpm:error(2.0): authValue or authPolicy is not available for selected entity
ERROR on line: "166" in file: "tools/tpm2_tool.c": Unable to run tpm2_nvreadlock
Seems tpm2_nvreadlock can't accept the policy option, right?
If so, is there any plan to support policy?
Thanks a lot.
- Shirley
[-- Attachment #2: attachment.html --]
[-- Type: text/html, Size: 6047 bytes --]
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [tpm2] [TPM][tpm2_tools] Why tpm2_nvreadlock can't work normally with the attribute "policyread|policywrite|read_stclear"?
@ 2019-09-26 8:35 Jonas Witschel
0 siblings, 0 replies; 2+ messages in thread
From: Jonas Witschel @ 2019-09-26 8:35 UTC (permalink / raw)
To: tpm2
[-- Attachment #1: Type: text/plain, Size: 766 bytes --]
Hi Shirley,
On 2019-09-26 09:39, Zhao, Shirley wrote:
> Seems tpm2_nvreadlock can't accept the policy option, right?
> If so, is there any plan to support policy?
tpm2-tools 4 supports an authorisation value for tpm2_nvreadlock, so
your example would be
tpm2_createpolicy --policy-pcr --pcr-list sha256:7 --policy pcr.policy
tpm2_nvdefine --size 64 --attributes
'policyread|policywrite|read_stclear' --policy pcr.policy 0x1500018
tpm2_nvwrite --auth pcr:sha256:7 --input test.bin 0x1500018
tpm2_nvread --auth pcr:sha256:7 0x1500018
tpm2_nvreadlock --auth pcr:sha256:7 0x1500018
Keep in mind that the new version changed many option names, so other
scripts that you might have will probably need to be updated as well.
Best regards,
Jonas
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2019-09-26 8:35 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-09-26 7:39 [tpm2] [TPM][tpm2_tools] Why tpm2_nvreadlock can't work normally with the attribute "policyread|policywrite|read_stclear"? Zhao, Shirley
2019-09-26 8:35 Jonas Witschel
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.