Nicolas Oliver

icon indicating an email [email protected]

icon company Intel Corporation icon location Hillsboro, Oregon

Results 46 comments of Nicolas Oliver

keylime_agent: Read EK Cert fail with authorization failure in Hyper-V vTPM

Find some information about the vTPM below. I have no tpm2_nvlist command. This is an standard HyperV VM. Using "Second Generation" to boot in UEFI Mode Secure Boot is enabled...

keylime_agent: Read EK Cert fail with authorization failure in Hyper-V vTPM

``` [test@fedora-server ~]$ tpm2_nvreadpublic 0x1c00002: name: 000b474101b463956bd38d0ee97be0c20508090a32408749c0d7e80c010bb31d9aa2 hash algorithm: friendly: sha256 value: 0xB attributes: friendly: authwrite|ownerread|authread|no_da|platformcreate value: 0x4000642 size: 1536 0x1c08001: name: 000b164fa3559862b9e7e5365677bd23d29c5500d518eb2e3f33b7bdcf2047a1b715 hash algorithm: friendly: sha256 value: 0xB attributes:...

keylime_agent: Read EK Cert fail with authorization failure in Hyper-V vTPM

After running `sudo keylime_agent`, I can't read the handle, even with the keylime password ```shell [test@fedora-server ~]$ tpm2_nvread -P keylime 0x1c00002 WARNING:esys:src/tss2-esys/api/Esys_NV_Read.c:315:Esys_NV_Read_Finish() Received TPM Error ERROR:esys:src/tss2-esys/api/Esys_NV_Read.c:105:Esys_NV_Read() Esys Finish ErrorCode (0x000009a2)...

keylime_agent: Read EK Cert fail with authorization failure in Hyper-V vTPM

I harcoded this changes in the agent ```python # Read the RSA EK cert from NVRAM (DER format) if tools_version == "3.2": retDict = self.__run("tpm2_nvread -x 0x1c00002 -s %s -f...

keylime_agent: Read EK Cert fail with authorization failure in Hyper-V vTPM

Following up with this: 1. It seems like the Hyper-V vTPM is misbehaving. It does not allow you to read a nv index with a size greater than 1024 after...

"'pip' doesn't support graphs error" with versions 1.730.0 and 1.849.0

``` root@3cea445c32d0:~/workspace# snyk monitor --file=Pipfile Monitoring /root/workspace... 'pip' doesn't support graphs. root@3cea445c32d0:~/workspace# snyk --version 1.1044.0 ```

docker build does not respect proxy settings (image pull failure) but docker pull works fine

I was aware of this issue for a while now. But it became too annoying with Docker DevEnvironments. The devenv feature is kind-of GUI only (I had a bunch of...

docker build does not respect proxy settings (image pull failure) but docker pull works fine

@Ali-Flt my comment was for docker dev environments, which is another place where this problem shows up. Based from the docs at https://docs.docker.com/engine/reference/commandline/cli/#environment-variables, the variables needs to be capitalized, so...

Support for TPM 2.0 Authorized Policies

Also reported in Red Hat Bugzilla https://bugzilla.redhat.com/show_bug.cgi?id=1762421

Support for TPM 2.0 Authorized Policies

The [bugzilla issue](https://bugzilla.redhat.com/show_bug.cg?id=1762421) was closed with status "CLOSED NEXTRELEASE" There is [another version of clevis-pin-tpm2](https://github.com/fedora-iot/clevis-pin-tpm2) that seems to implement TPM2.0 Authorized Policies