Imran Desai
Imran Desai
> One question though: > Currently, if !tool.cmdline.contextfile then the tool will auto-select a filename and store stuff, see > > https://github.com/tpm2-software/tpm2-tools/blob/6163942372cd9da7ed6687730d0d814ded56df1b/tools/tpm2_createprimary.c#L135-L137 > > > So the question is, whether...
Add --auto-flush to tools and an environment variable "export TPM2_TOOLS_AUTOFLUSH=true|false" could resolve this. We don't want to make the default behavior to flush, as that can break scripts and workflows.
@JuergenReppSIT If there is a need to create multiple objects then I'd have to load the parent each time. Although, I can see why it can also be useful to...
I believe a Startup(clear) or TPM2_CC_Clear would return PCRs to empty auth. Auth can be (re)established under platform hierarchy authorization - Normally, platform auth closes very early in boot. RC_AUTH...
For integration testing need to implement #3333 and #3334
@whooo, @stefanberger it appears that PCR index 20, 21, 22 are in the authorization set for swtpm. Is that right?
> > @whooo, @stefanberger it appears that PCR index 20, 21, 22 are in the authorization set for swtpm. Is that right? > > That's what it is now. Per...
> When I look at the below document Table 6 then my interpretation is that the patch I applied was a bugfix... which breaks backwards compatibility. > > https://trustedcomputinggroup.org/wp-content/uploads/PC-Client-Specific-Platform-TPM-Profile-for-TPM-2p0-v1p05p_r14_pub.pdf It...
It is only available as a [long-option](https://github.com/tpm2-software/tpm2-tools/blob/master/tools/tpm2_getcap.c#L830:#L844) to avoid confusing '-i' as input used elsewhere in all other tools. Yes it needs a [fix](https://github.com/tpm2-software/tpm2-tools/blob/master/lib/tpm2_capability.c#L117:#L119).
Define with attribute TPMA_NV_POLICY_DELETE. You can have a policy set to policy secret to point to owner hierarchy auth.