David Challener
2016-08-24 16:56:58 UTC
Some weird behavior.
I want to make an NV index that is only writeable with owner auth, and only
readable with NV index auth.
tpm_nvdefine -i 68997 -p AUTHREAD -p OWNERWRITE -a Password -o
OwnerPassword -r 0 -r 1
doesn't do it. Anyone can read the index. It appears the second -p
OWNERWRITE overwrites the permissions set in -p AUTHREAD (silently).
tpm_nvdefine -i 68997 -p AUTHREAD|OWNERWRITE -a Password -o OwnerPassword
-r 0 -r 1
doesn't do it. it doesn't like this command.
So I went to trousers and tried to define it there.
It won't let me define it if I have Tspi_SetATtribUint32(hNVStore,
TSSATTRIB_NV_PERMISSIONS, 0, TPM_NV_PER_OWNERWRITE | TPM_NV_PER_AUTHREAD);
I can have one or the other, but not both.
What gives?
I want to make an NV index that is only writeable with owner auth, and only
readable with NV index auth.
tpm_nvdefine -i 68997 -p AUTHREAD -p OWNERWRITE -a Password -o
OwnerPassword -r 0 -r 1
doesn't do it. Anyone can read the index. It appears the second -p
OWNERWRITE overwrites the permissions set in -p AUTHREAD (silently).
tpm_nvdefine -i 68997 -p AUTHREAD|OWNERWRITE -a Password -o OwnerPassword
-r 0 -r 1
doesn't do it. it doesn't like this command.
So I went to trousers and tried to define it there.
It won't let me define it if I have Tspi_SetATtribUint32(hNVStore,
TSSATTRIB_NV_PERMISSIONS, 0, TPM_NV_PER_OWNERWRITE | TPM_NV_PER_AUTHREAD);
I can have one or the other, but not both.
What gives?