Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Disk encryption example does not work (version 5.5) #77

Open
pouriya opened this issue Aug 1, 2023 · 0 comments
Open

Disk encryption example does not work (version 5.5) #77

pouriya opened this issue Aug 1, 2023 · 0 comments

Comments

@pouriya
Copy link

pouriya commented Aug 1, 2023

Hi. I copied all of commands from this section and pasted into a file tpm.sh:

#! /bin/sh
set -xe
mkdir -p tpm
cd tpm

dd if=/dev/urandom bs=1 count=32 status=none > pass.secret
tpm2_startauthsession -V -S session.ctx
tpm2_policypcr -V -Q -S session.ctx -l sha256:0 -L set2.pcr.policy
tpm2_flushcontext -V session.ctx
openssl genrsa -out signing_key_private.pem 2048
openssl rsa -in signing_key_private.pem -out signing_key_public.pem -pubout
tpm2_loadexternal -V -G rsa -C o -u signing_key_public.pem -c signing_key.ctx -n signing_key.name
tpm2_startauthsession -V -S session.ctx
tpm2_policyauthorize -V -S session.ctx -L authorized.policy -n signing_key.name -i set2.pcr.policy
tpm2_flushcontext -V session.ctx
cat pass.secret | tpm2_create -V -g sha256 -u auth_pcr_seal_key.pub -r auth_pcr_seal_key.priv -i- -C prim.ctx -L authorized.policy
tpm2_evictcontrol -C o -c 0x81010001
tpm2_load -Q -C prim.ctx -u auth_pcr_seal_key.pub -r auth_pcr_seal_key.priv -n auth_pcr_seal_key.name -c auth_pcr_seal_key.ctx
tpm2_evictcontrol -c auth_pcr_seal_key.ctx 0x81010001 -C o
openssl dgst -sha256 -sign signing_key_private.pem -out set2.pcr.signature set2.pcr.policy
tpm2_loadexternal -G rsa -C o -u signing_key_public.pem -c signing_key.ctx -n signing_key.name
tpm2_verifysignature -c signing_key.ctx -g sha256 -m set2.pcr.policy -s set2.pcr.signature -t verification.tkt -f rsassa
tpm2_startauthsession --policy-session -S session.ctx
tpm2_policypcr -l sha256:0 -S session.ctx
tpm2_policyauthorize -S session.ctx -i set2.pcr.policy -n signing_key.name -t verification.tkt
tpm2_unseal -p session:session.ctx -c 0x81010001
tpm2_flushcontext session.ctx

# clean up
cd -
ls -lash tpm/*
rm -rf tpm

After running the file, I get the following error:

+ mkdir -p tpm
+ cd tpm
+ dd if=/dev/urandom bs=1 count=32 status=none
+ tpm2_startauthsession -V -S session.ctx
INFO on line: "399" in file: "lib/tpm2_session.c": Saved session: ESYS_TR(0x40418487)
INFO on line: "247" in file: "lib/files.c": Save TPMS_CONTEXT->savedHandle: 0x3000000
+ tpm2_policypcr -V -Q -S session.ctx -l sha256:0 -L set2.pcr.policy
INFO on line: "419" in file: "lib/files.c": Assuming tpm context file
INFO on line: "350" in file: "lib/files.c": load: TPMS_CONTEXT->savedHandle: 0x3000000
INFO on line: "309" in file: "lib/tpm2_session.c": Restored session: ESYS_TR(0x40418487) attrs(0x1)
INFO on line: "399" in file: "lib/tpm2_session.c": Saved session: ESYS_TR(0x40418487)
INFO on line: "247" in file: "lib/files.c": Save TPMS_CONTEXT->savedHandle: 0x3000000
+ tpm2_flushcontext -V session.ctx
INFO on line: "419" in file: "lib/files.c": Assuming tpm context file
INFO on line: "350" in file: "lib/files.c": load: TPMS_CONTEXT->savedHandle: 0x3000000
INFO on line: "309" in file: "lib/tpm2_session.c": Restored session: ESYS_TR(0x40418487) attrs(0x1)
+ openssl genrsa -out signing_key_private.pem 2048
+ openssl rsa -in signing_key_private.pem -out signing_key_public.pem -pubout
writing RSA key
+ tpm2_loadexternal -V -G rsa -C o -u signing_key_public.pem -c signing_key.ctx -n signing_key.name
INFO on line: "247" in file: "lib/files.c": Save TPMS_CONTEXT->savedHandle: 0x80000000
name: 000b9b187c67859171866a9b725383a2eec3f595e992ce16647082d2a7edc85f1f10
+ tpm2_startauthsession -V -S session.ctx
INFO on line: "399" in file: "lib/tpm2_session.c": Saved session: ESYS_TR(0x40418487)
INFO on line: "247" in file: "lib/files.c": Save TPMS_CONTEXT->savedHandle: 0x3000000
+ tpm2_policyauthorize -V -S session.ctx -L authorized.policy -n signing_key.name -i set2.pcr.policy
INFO on line: "419" in file: "lib/files.c": Assuming tpm context file
INFO on line: "350" in file: "lib/files.c": load: TPMS_CONTEXT->savedHandle: 0x3000000
INFO on line: "309" in file: "lib/tpm2_session.c": Restored session: ESYS_TR(0x40418487) attrs(0x1)
cdb3c0eda5a0b2bd2e706f30d8326b3fa85cb9167c8e6ec3f0feaa392458005a
INFO on line: "399" in file: "lib/tpm2_session.c": Saved session: ESYS_TR(0x40418487)
INFO on line: "247" in file: "lib/files.c": Save TPMS_CONTEXT->savedHandle: 0x3000000
+ tpm2_flushcontext -V session.ctx
INFO on line: "419" in file: "lib/files.c": Assuming tpm context file
INFO on line: "350" in file: "lib/files.c": load: TPMS_CONTEXT->savedHandle: 0x3000000
INFO on line: "309" in file: "lib/tpm2_session.c": Restored session: ESYS_TR(0x40418487) attrs(0x1)
+ + tpm2_create -V -g sha256 -u auth_pcr_seal_key.pub -r auth_pcr_seal_key.priv -i- -C prim.ctx -L authorized.policy
cat pass.secret
INFO on line: "44" in file: "lib/tpm2_capability.c": GetCapability: capability: 0x0, property: 0x0
ERROR on line: "863" in file: "lib/tpm2_util.c": Incorrect handle value, got: "prim.ctx", expected expected [o|p|e|n|l] or a handle number
ERROR on line: "184" in file: "lib/object.c": Unable to read as BIO file
ERROR on line: "293" in file: "lib/object.c": Unable to fetch public/private portions of TSS PRIVKEY
ERROR on line: "387" in file: "lib/object.c": Cannot make sense of object context "prim.ctx"
ERROR on line: "274" in file: "tools/tpm2_tool.c": Unable to run tpm2_creat
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@pouriya