Skip to content

Disk encryption example does not work (version 5.5) #77

New issue
New issue
Open
Open
Disk encryption example does not work (version 5.5)#77
@pouriya

Description

@pouriya
pouriya
opened on Aug 1, 2023

Hi. I copied all of commands from this section and pasted into a file tpm.sh:

#! /bin/sh
set -xe
mkdir -p tpm
cd tpm

dd if=/dev/urandom bs=1 count=32 status=none > pass.secret
tpm2_startauthsession -V -S session.ctx
tpm2_policypcr -V -Q -S session.ctx -l sha256:0 -L set2.pcr.policy
tpm2_flushcontext -V session.ctx
openssl genrsa -out signing_key_private.pem 2048
openssl rsa -in signing_key_private.pem -out signing_key_public.pem -pubout
tpm2_loadexternal -V -G rsa -C o -u signing_key_public.pem -c signing_key.ctx -n signing_key.name
tpm2_startauthsession -V -S session.ctx
tpm2_policyauthorize -V -S session.ctx -L authorized.policy -n signing_key.name -i set2.pcr.policy
tpm2_flushcontext -V session.ctx
cat pass.secret | tpm2_create -V -g sha256 -u auth_pcr_seal_key.pub -r auth_pcr_seal_key.priv -i- -C prim.ctx -L authorized.policy
tpm2_evictcontrol -C o -c 0x81010001
tpm2_load -Q -C prim.ctx -u auth_pcr_seal_key.pub -r auth_pcr_seal_key.priv -n auth_pcr_seal_key.name -c auth_pcr_seal_key.ctx
tpm2_evictcontrol -c auth_pcr_seal_key.ctx 0x81010001 -C o
openssl dgst -sha256 -sign signing_key_private.pem -out set2.pcr.signature set2.pcr.policy
tpm2_loadexternal -G rsa -C o -u signing_key_public.pem -c signing_key.ctx -n signing_key.name
tpm2_verifysignature -c signing_key.ctx -g sha256 -m set2.pcr.policy -s set2.pcr.signature -t verification.tkt -f rsassa
tpm2_startauthsession --policy-session -S session.ctx
tpm2_policypcr -l sha256:0 -S session.ctx
tpm2_policyauthorize -S session.ctx -i set2.pcr.policy -n signing_key.name -t verification.tkt
tpm2_unseal -p session:session.ctx -c 0x81010001
tpm2_flushcontext session.ctx

# clean up
cd -
ls -lash tpm/*
rm -rf tpm

After running the file, I get the following error:

+ mkdir -p tpm
+ cd tpm
+ dd if=/dev/urandom bs=1 count=32 status=none
+ tpm2_startauthsession -V -S session.ctx
INFO on line: "399" in file: "lib/tpm2_session.c": Saved session: ESYS_TR(0x40418487)
INFO on line: "247" in file: "lib/files.c": Save TPMS_CONTEXT->savedHandle: 0x3000000
+ tpm2_policypcr -V -Q -S session.ctx -l sha256:0 -L set2.pcr.policy
INFO on line: "419" in file: "lib/files.c": Assuming tpm context file
INFO on line: "350" in file: "lib/files.c": load: TPMS_CONTEXT->savedHandle: 0x3000000
INFO on line: "309" in file: "lib/tpm2_session.c": Restored session: ESYS_TR(0x40418487) attrs(0x1)
INFO on line: "399" in file: "lib/tpm2_session.c": Saved session: ESYS_TR(0x40418487)
INFO on line: "247" in file: "lib/files.c": Save TPMS_CONTEXT->savedHandle: 0x3000000
+ tpm2_flushcontext -V session.ctx
INFO on line: "419" in file: "lib/files.c": Assuming tpm context file
INFO on line: "350" in file: "lib/files.c": load: TPMS_CONTEXT->savedHandle: 0x3000000
INFO on line: "309" in file: "lib/tpm2_session.c": Restored session: ESYS_TR(0x40418487) attrs(0x1)
+ openssl genrsa -out signing_key_private.pem 2048
+ openssl rsa -in signing_key_private.pem -out signing_key_public.pem -pubout
writing RSA key
+ tpm2_loadexternal -V -G rsa -C o -u signing_key_public.pem -c signing_key.ctx -n signing_key.name
INFO on line: "247" in file: "lib/files.c": Save TPMS_CONTEXT->savedHandle: 0x80000000
name: 000b9b187c67859171866a9b725383a2eec3f595e992ce16647082d2a7edc85f1f10
+ tpm2_startauthsession -V -S session.ctx
INFO on line: "399" in file: "lib/tpm2_session.c": Saved session: ESYS_TR(0x40418487)
INFO on line: "247" in file: "lib/files.c": Save TPMS_CONTEXT->savedHandle: 0x3000000
+ tpm2_policyauthorize -V -S session.ctx -L authorized.policy -n signing_key.name -i set2.pcr.policy
INFO on line: "419" in file: "lib/files.c": Assuming tpm context file
INFO on line: "350" in file: "lib/files.c": load: TPMS_CONTEXT->savedHandle: 0x3000000
INFO on line: "309" in file: "lib/tpm2_session.c": Restored session: ESYS_TR(0x40418487) attrs(0x1)
cdb3c0eda5a0b2bd2e706f30d8326b3fa85cb9167c8e6ec3f0feaa392458005a
INFO on line: "399" in file: "lib/tpm2_session.c": Saved session: ESYS_TR(0x40418487)
INFO on line: "247" in file: "lib/files.c": Save TPMS_CONTEXT->savedHandle: 0x3000000
+ tpm2_flushcontext -V session.ctx
INFO on line: "419" in file: "lib/files.c": Assuming tpm context file
INFO on line: "350" in file: "lib/files.c": load: TPMS_CONTEXT->savedHandle: 0x3000000
INFO on line: "309" in file: "lib/tpm2_session.c": Restored session: ESYS_TR(0x40418487) attrs(0x1)
+ + tpm2_create -V -g sha256 -u auth_pcr_seal_key.pub -r auth_pcr_seal_key.priv -i- -C prim.ctx -L authorized.policy
cat pass.secret
INFO on line: "44" in file: "lib/tpm2_capability.c": GetCapability: capability: 0x0, property: 0x0
ERROR on line: "863" in file: "lib/tpm2_util.c": Incorrect handle value, got: "prim.ctx", expected expected [o|p|e|n|l] or a handle number
ERROR on line: "184" in file: "lib/object.c": Unable to read as BIO file
ERROR on line: "293" in file: "lib/object.c": Unable to fetch public/private portions of TSS PRIVKEY
ERROR on line: "387" in file: "lib/object.c": Cannot make sense of object context "prim.ctx"
ERROR on line: "274" in file: "tools/tpm2_tool.c": Unable to run tpm2_creat

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions