tpm2-software.github.io icon indicating copy to clipboard operation
tpm2-software.github.io copied to clipboard

Published 20 hours ago verified publisher icon tpm2-software

Disk encryption example does not work (version 5.5)

Open pouriya opened this issue 10 months ago • 0 comments

Hi. I copied all of commands from this section and pasted into a file tpm.sh:

#! /bin/sh
set -xe
mkdir -p tpm
cd tpm

dd if=/dev/urandom bs=1 count=32 status=none > pass.secret
tpm2_startauthsession -V -S session.ctx
tpm2_policypcr -V -Q -S session.ctx -l sha256:0 -L set2.pcr.policy
tpm2_flushcontext -V session.ctx
openssl genrsa -out signing_key_private.pem 2048
openssl rsa -in signing_key_private.pem -out signing_key_public.pem -pubout
tpm2_loadexternal -V -G rsa -C o -u signing_key_public.pem -c signing_key.ctx -n signing_key.name
tpm2_startauthsession -V -S session.ctx
tpm2_policyauthorize -V -S session.ctx -L authorized.policy -n signing_key.name -i set2.pcr.policy
tpm2_flushcontext -V session.ctx
cat pass.secret | tpm2_create -V -g sha256 -u auth_pcr_seal_key.pub -r auth_pcr_seal_key.priv -i- -C prim.ctx -L authorized.policy
tpm2_evictcontrol -C o -c 0x81010001
tpm2_load -Q -C prim.ctx -u auth_pcr_seal_key.pub -r auth_pcr_seal_key.priv -n auth_pcr_seal_key.name -c auth_pcr_seal_key.ctx
tpm2_evictcontrol -c auth_pcr_seal_key.ctx 0x81010001 -C o
openssl dgst -sha256 -sign signing_key_private.pem -out set2.pcr.signature set2.pcr.policy
tpm2_loadexternal -G rsa -C o -u signing_key_public.pem -c signing_key.ctx -n signing_key.name
tpm2_verifysignature -c signing_key.ctx -g sha256 -m set2.pcr.policy -s set2.pcr.signature -t verification.tkt -f rsassa
tpm2_startauthsession --policy-session -S session.ctx
tpm2_policypcr -l sha256:0 -S session.ctx
tpm2_policyauthorize -S session.ctx -i set2.pcr.policy -n signing_key.name -t verification.tkt
tpm2_unseal -p session:session.ctx -c 0x81010001
tpm2_flushcontext session.ctx

# clean up
cd -
ls -lash tpm/*
rm -rf tpm

After running the file, I get the following error:

+ mkdir -p tpm
+ cd tpm
+ dd if=/dev/urandom bs=1 count=32 status=none
+ tpm2_startauthsession -V -S session.ctx
INFO on line: "399" in file: "lib/tpm2_session.c": Saved session: ESYS_TR(0x40418487)
INFO on line: "247" in file: "lib/files.c": Save TPMS_CONTEXT->savedHandle: 0x3000000
+ tpm2_policypcr -V -Q -S session.ctx -l sha256:0 -L set2.pcr.policy
INFO on line: "419" in file: "lib/files.c": Assuming tpm context file
INFO on line: "350" in file: "lib/files.c": load: TPMS_CONTEXT->savedHandle: 0x3000000
INFO on line: "309" in file: "lib/tpm2_session.c": Restored session: ESYS_TR(0x40418487) attrs(0x1)
INFO on line: "399" in file: "lib/tpm2_session.c": Saved session: ESYS_TR(0x40418487)
INFO on line: "247" in file: "lib/files.c": Save TPMS_CONTEXT->savedHandle: 0x3000000
+ tpm2_flushcontext -V session.ctx
INFO on line: "419" in file: "lib/files.c": Assuming tpm context file
INFO on line: "350" in file: "lib/files.c": load: TPMS_CONTEXT->savedHandle: 0x3000000
INFO on line: "309" in file: "lib/tpm2_session.c": Restored session: ESYS_TR(0x40418487) attrs(0x1)
+ openssl genrsa -out signing_key_private.pem 2048
+ openssl rsa -in signing_key_private.pem -out signing_key_public.pem -pubout
writing RSA key
+ tpm2_loadexternal -V -G rsa -C o -u signing_key_public.pem -c signing_key.ctx -n signing_key.name
INFO on line: "247" in file: "lib/files.c": Save TPMS_CONTEXT->savedHandle: 0x80000000
name: 000b9b187c67859171866a9b725383a2eec3f595e992ce16647082d2a7edc85f1f10
+ tpm2_startauthsession -V -S session.ctx
INFO on line: "399" in file: "lib/tpm2_session.c": Saved session: ESYS_TR(0x40418487)
INFO on line: "247" in file: "lib/files.c": Save TPMS_CONTEXT->savedHandle: 0x3000000
+ tpm2_policyauthorize -V -S session.ctx -L authorized.policy -n signing_key.name -i set2.pcr.policy
INFO on line: "419" in file: "lib/files.c": Assuming tpm context file
INFO on line: "350" in file: "lib/files.c": load: TPMS_CONTEXT->savedHandle: 0x3000000
INFO on line: "309" in file: "lib/tpm2_session.c": Restored session: ESYS_TR(0x40418487) attrs(0x1)
cdb3c0eda5a0b2bd2e706f30d8326b3fa85cb9167c8e6ec3f0feaa392458005a
INFO on line: "399" in file: "lib/tpm2_session.c": Saved session: ESYS_TR(0x40418487)
INFO on line: "247" in file: "lib/files.c": Save TPMS_CONTEXT->savedHandle: 0x3000000
+ tpm2_flushcontext -V session.ctx
INFO on line: "419" in file: "lib/files.c": Assuming tpm context file
INFO on line: "350" in file: "lib/files.c": load: TPMS_CONTEXT->savedHandle: 0x3000000
INFO on line: "309" in file: "lib/tpm2_session.c": Restored session: ESYS_TR(0x40418487) attrs(0x1)
+ + tpm2_create -V -g sha256 -u auth_pcr_seal_key.pub -r auth_pcr_seal_key.priv -i- -C prim.ctx -L authorized.policy
cat pass.secret
INFO on line: "44" in file: "lib/tpm2_capability.c": GetCapability: capability: 0x0, property: 0x0
ERROR on line: "863" in file: "lib/tpm2_util.c": Incorrect handle value, got: "prim.ctx", expected expected [o|p|e|n|l] or a handle number
ERROR on line: "184" in file: "lib/object.c": Unable to read as BIO file
ERROR on line: "293" in file: "lib/object.c": Unable to fetch public/private portions of TSS PRIVKEY
ERROR on line: "387" in file: "lib/object.c": Cannot make sense of object context "prim.ctx"
ERROR on line: "274" in file: "tools/tpm2_tool.c": Unable to run tpm2_creat

pouriya avatar Aug 01 '23 10:08 pouriya