Frank Ansari
Frank Ansari
I have tested this but when I try to reprovision I get error messages: ``` [fansari@bat setup]$ tss2_provision WARNING:esys:src/tss2-esys/api/Esys_CreatePrimary.c:400:Esys_CreatePrimary_Finish() Received TPM Error Authorize /HE "Endorsement Hierarchy": WARNING:esys:src/tss2-esys/api/Esys_EvictControl.c:330:Esys_EvictControl_Finish() Received TPM Error...
I have cleared the TPM and started again. I have setup keys and also the RSA primary key as discussed. Now trying to delete an reprovision: ``` tss2_delete -p /...
I have reprovisioned the TPM and now I try this command: ``` tpm2_dictionarylockout -Tdevice:/dev/tpmrm0 --setup-parameters --max-tries=9999 --clear-lockout WARNING:esys:src/tss2-esys/api/Esys_DictionaryAttackLockReset.c:288:Esys_DictionaryAttackLockReset_Finish() Received TPM Error ERROR:esys:src/tss2-esys/api/Esys_DictionaryAttackLockReset.c:98:Esys_DictionaryAttackLockReset() Esys Finish ErrorCode (0x00000921) ERROR: Esys_DictionaryAttackLockReset(0x921) - tpm:warn(2.0):...
I think the answer is that I have to run this tpm2_dictionarylockout command before I do the provisioning. This works. Now tpm2_clear gives a different error message: ``` [fansari@bat provision]$...
This seems to work - at least I get no error. But what is the effect? I still see the key list with "tss2_list" and the entries in /var/lib/tpm2-tss are...
So far I could not get around this "wrong order" error. Yes - I use separate passwords for owner, endorsement and lockout.
This has worked. To summarize this: as long as I have a backup of my user keystore I can recreate my keys. But this is only true as long as...
I am unsure how exactly this should be done. I found this: https://github.com/tpm2-software/tpm2-tools/issues/1773 I did these steps: ``` openssl genrsa -out private.pem 2048 openssl rsa -in private.pem -outform pem -pubout...
The tpm2-abrmd is running but I could not figure out what is wrong with the FAPI stuff. I have noticed a FAPI error in anothter context: https://github.com/tpm2-software/tpm2-tools/issues/3111 But so far...
I have bought this module: https://www.amazon.de/gp/product/B09P8899H3 Only thing working so far is SSH key. This FAPI stuff is still a riddle to me. There is only this error described in...