Stefan Berger

Reading from `0x1c00002` with `keylime` as password works, right?

Since version 2.1 of the TCG specification 'TCG EK Credential Profile' there's a table there now that indicates what attibutes should be set; pdf page 50: https://trustedcomputinggroup.org/wp-content/uploads/TCG_IWG_EKCredentialProfile_v2p3_r2_pub.pdf ``` TPMA_NV_PPWRITE =...

It looks like the 'written' attribute is not even set, so the NVRAM location may be empty.

Yes, for software TPM you have to trust the underlying host and admin(s): https://github.com/stefanberger/swtpm/wiki#securitytrust-model-of-the-software-tpm

I don't know much about Windows on aarch64. Maybe someone in the QEMU or edk2 community can help.

You could post the log your are getting. **Maybe** something is visible there. You are using a recent QEMU and EDK2 (EDK2 from QEMU?), right?

You could try to add running `swtpm_setup` like in the following commands so that the vTPM has platform and EK certificates, though I would not expect this to solve what...

regarding the log: The log ends with a bunch of PCR_Extends. The PCR_Extends seem to even touch PCRs 10-14, which is a bit unusual. What I am missing also is...

Does EDK2 let you into a menu and is there some sort of TPM 2 support visible in one of those menu items? Can you try to run Linux and...

We only support the TIS on QEMU for aarch64. So my guess would be that `modprobe tpm_tis` should activate the TPM driver on aarch64 as well. Otherwise maybe there's another...