[tpm2] tpm2_quote - unexpected TPM commands - from where?

[tpm2] tpm2_quote - unexpected TPM commands - from where?

[Kenneth Goldman]

[-- Attachment #1: Type: text/plain, Size: 1749 bytes --]



The application is running a quote with this (python wrapped) command:

['tpm2_quote', '-c', '/var/lib/keylime/secure/tmpptoera_c', '-l',
'sha256:15,16,22', '-q', '645442426a4c3456786a4b767465424432357659', '-m',
'/tmp/tmprc17whih', '-s', '/tmp/tmp9vlpv1k2', '-o', '/tmp/tmpd3tl0nxn',
'-g', 'sha256', '-p', 'T5dKvXj1wGIFbp5brLUz']

Even with the implicit HMAC session, I would expect

startauthsession 02000000
loadcontext 80000000 (the quote key)
quote with session 02000000 and key 80000000
flushcontext 80000000
flushcontext 02000000

I see this.  Is there something wrong with the call, is there a lot more
implicit in the quote tool, or is abrmd doing a lot of extra calls?

1 - It keeps loading and flushing the key and the session.
2 - It contextsave the key a few times, but it was already context saved
before the command started
3 - There's an unexpected getcapability, and a really unexpected readpublic
4 - A PCR read at the end

StartAuthSession: 02000000			OK
ContextSave: 02000000				???
ContextLoad: 80000000				OK
ContextSave: 80000000				???
FlushContext: 80000000				really unexpected
GetCapability: 00000005				unexpected
ContextLoad: 80000000				??? because of the flushcontext
ReadPublic: objectHandle 80000000		really unexpected
ContextSave: 80000000				???
FlushContext: 80000000				really unexpected
ContextLoad: 80000000				??? because of the flushcontext
ContextLoad: 02000000				??? because of the save
Quote with Session 0 handle 02000000		OK
	signHandle 80000000
ContextSave: 02000000				???
ContextSave: 80000000				???
FlushContext: 80000000				OK
PCR_Read:					unexpected
FlushContext: 02000000				OK

--
Ken Goldman   kgoldman(a)us.ibm.com
914-945-2415 (862-2415)

[-- Attachment #2: attachment.htm --]
[-- Type: text/html, Size: 3071 bytes --]