Discussion:
[TrouSerS-users] Sealing data with TPM's Tspi_Data_Seal() API;
Pritha Ganguly
2017-04-24 09:00:21 UTC
Permalink
Hello,

I am working on the ATMEL TPM(1.2) device on an embedded platform.

I wanted to perform the sealing operation with the help of PCR 16 of the
TPM. There seems to be an issue with the TPM that I'm using in which the
lower PCRs are not getting reset after reboot. Hence I have used PCR 16 for
my testing.

The Tspi_Data_Seal() function is giving an error saying, "Wrong PCR Value".
Please find the error log below :
...................................................................................................................................
..
(Line 118,main)Asking TPM to create the key returned 0x 0. Success.
(Line 121,main)Load key in TPM returned 0x 0. Success.
(Line 124,main)Create encrypted data object returned 0x 0. Success.
(Line 127,main)Create Data object for PCR returned 0x 0. Success.
(Line 130,main)PCR 16 read returned 0x 0. Success.
(Line 133,main)Extend hashed data into PCR 16 returned 0x 0. Success.
(Line 136,main)Set the digest for PCR 16 returned 0x 0. Success.
(Line 139,main)Sealing hashed data with PCR 16 returned 0x 18. Wrong
PCR value.
....................................................................................................................................

PCR-16 is for debugging purposes so I didn't expect to get this error. It
would be really helpful if anybody could shed some light on the mistake
that I made while sealing.

Thanks and Regards,
Pritha Ganguly.
Ken Goldman
2017-04-25 16:07:51 UTC
Permalink
Post by Pritha Ganguly
Hello,
I am working on the ATMEL TPM(1.2) device on an embedded platform.
I suggest that you use a software TPM for development, and only move to
a hardware TPM after it's working. This TPM does extensive tracing, and
you can of course also set breakpoints and see where the error occurs.

https://sourceforge.net/projects/ibmswtpm/

Does the seal (not the unseal) work with PCR 0? If so, you may have a
versioning issue, because early TPMs only had 16 PCRs.

If the PCRs are not going back to zero after a reboot, you have bigger
problems.
Pritha Ganguly
2017-05-01 03:47:46 UTC
Permalink
Hello all,

I was able to extend onto PCR 16. While creating the PCR object, I used the
"TSS_PCRS_STRUCT_INFO_LONG" flag and it worked.
I extracted the sealed blob and stored it in a file. After sealing, I did
not change the contents of PCR 16 by the extend operation.
Now the Unseal() function is failing with the message "Wrong PCR Value".
what could be the reason for this error message?

Thanks and Regards,
Pritha.
You could just get some working code from the net and modify it. Look up
Programming with trousers.
On Mon, Apr 24, 2017 at 5:00 AM, Pritha Ganguly <
Post by Pritha Ganguly
Hello,
I am working on the ATMEL TPM(1.2) device on an embedded platform.
I wanted to perform the sealing operation with the help of PCR 16 of the
TPM. There seems to be an issue with the TPM that I'm using in which the
lower PCRs are not getting reset after reboot. Hence I have used PCR 16 for
my testing.
The Tspi_Data_Seal() function is giving an error saying, "Wrong PCR
............................................................
.......................................................................
..
(Line 118,main)Asking TPM to create the key returned 0x 0. Success.
(Line 121,main)Load key in TPM returned 0x 0. Success.
(Line 124,main)Create encrypted data object returned 0x 0. Success.
(Line 127,main)Create Data object for PCR returned 0x 0. Success.
(Line 130,main)PCR 16 read returned 0x 0. Success.
(Line 133,main)Extend hashed data into PCR 16 returned 0x 0. Success.
(Line 136,main)Set the digest for PCR 16 returned 0x 0. Success.
(Line 139,main)Sealing hashed data with PCR 16 returned 0x 18. Wrong
PCR value.
............................................................
........................................................................
PCR-16 is for debugging purposes so I didn't expect to get this error. It
would be really helpful if anybody could shed some light on the mistake
that I made while sealing.
Thanks and Regards,
Pritha Ganguly.
------------------------------------------------------------
------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
TrouSerS-users mailing list
https://lists.sourceforge.net/lists/listinfo/trousers-users
Loading...