Ubuntu 重新启动后,tpm2工具会密封未密封的数据
我正在尝试将一些数据密封到tpm2.0中,然后稍后将其解封,即使在系统重新启动后,我也应该能够解封数据 在tpm的瞬时内存中,我可以做到这一点,这很有效Ubuntu 重新启动后,tpm2工具会密封未密封的数据,ubuntu,tpm,Ubuntu,Tpm,我正在尝试将一些数据密封到tpm2.0中,然后稍后将其解封,即使在系统重新启动后,我也应该能够解封数据 在tpm的瞬时内存中,我可以做到这一点,这很有效 tpm2_pcrlist -L sha1:7 -o pcr.bin tpm2_createpolicy -P -L sha1:7 -F pcr.bin -f policy.digest tpm2_createprimary -H e -g sha256 -G rsa -C primary.context tpm2_create -g sha25
tpm2_pcrlist -L sha1:7 -o pcr.bin
tpm2_createpolicy -P -L sha1:7 -F pcr.bin -f policy.digest
tpm2_createprimary -H e -g sha256 -G rsa -C primary.context
tpm2_create -g sha256 -G keyedhash -u obj.pub -r obj.priv -c primary.context -L policy.digest -I- <<< "secret"
tpm2_load -c primary.context -u obj.pub -r obj.priv -n load.name -C load.context
tpm2_unseal -c load.context -L sha1:7
error layer
hex: 0x0
identifier: TSS2_TPM_ERROR_LEVEL
description: Error produced by the TPM
format 1 error code
hex: 0x1d
identifier: TPM_RC_POLICY_FAIL
description: a policy check failed
root@server# apt-cache show tpm2-tools
Package: tpm2-tools
Status: install ok installed
Priority: optional
Section: utils
Installed-Size: 1524
Maintainer: Mathieu Trudel-Lapierre <mathieu.trudel-lapierre@canonical.com>
Architecture: amd64
Version: 3.1.3-2
Depends: libc6 (>= 2.22), libcurl3-gnutls (>= 7.16.2), libssl1.1 (>= 1.1.0), libtss2-esys0
Description-en: TPM 2.0 utilities
This package contains a set of tools to use with TPM 2.0 chips,
for common tasks and features provided by the hardware; such as
for doing basic key management, attestation, encryption and signing.
Description-md5: 7dab290b7414623bbe70b4f8bc047903
Homepage: https://github.com/01org/tpm2.0-tools
Package: tpm2-tools
Priority: optional
Section: universe/utils
Installed-Size: 964
Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
Architecture: amd64
Version: 1.0.0+20160226.64b3334-0ubuntu2
Depends: libc6 (>= 2.14), libcurl3 (>= 7.16.2), libssl1.0.0 (>= 1.0.0), libtss2-0, libtss2-utils
Filename: pool/universe/t/tpm2-tools/tpm2-tools_1.0.0+20160226.64b3334-0ubuntu2_amd64.deb
Size: 90006
MD5sum: 2a5dd741bab5ba886508b87559d1151d
SHA1: 65c4f508b8643d808eb28e481dc660a68a0aba3d
SHA256: a8127c59b2ac7520f8f8993e9849f9dcc46486bced2f4b54c7fef56ac8e3b59e
Description-en: TPM 2.0 utilities
This package contains a set of tools to use with TPM 2.0 chips,
for common tasks and features provided by the hardware; such as
for doing basic key management, attestation, encryption and signing.
Description-md5: 7dab290b7414623bbe70b4f8bc047903
Homepage: https://github.com/01org/tpm2.0-tools
Bugs: https://bugs.launchpad.net/ubuntu/+filebug
Origin: Ubuntu
root@server#apt缓存显示tpm2工具
软件包:tpm2工具
状态:安装正常已安装
优先级:可选
章节:UTIL
安装尺寸:1524
维修人员:马修·特鲁德尔·拉皮尔尔
架构:amd64
版本:3.1.3-2
取决于:libc6(>=2.22)、libcurl3 gnutls(>=7.16.2)、libssl1.1(>=1.1.0)、libtss2-esys0
描述en:TPM 2.0实用程序
此软件包包含一组用于TPM 2.0芯片的工具,
用于硬件提供的常见任务和功能;比如
用于进行基本的密钥管理、认证、加密和签名。
Description-md5:7dab290b7414623bbe70b4f8bc047903
主页:https://github.com/01org/tpm2.0-tools
软件包:tpm2工具
优先级:可选
章节:通用/通用信息系统
安装尺寸:964
维护者:Ubuntu开发者
架构:amd64
版本:1.0.0+20160226.64b3334-0ubuntu2
取决于:libc6(>=2.14)、libcurl3(>=7.16.2)、libssl1.0.0(>=1.0.0)、libtss2-0、libtss2-utils
文件名:pool/universe/t/tpm2 tools/tpm2-tools_1.0.0+20160226.64b334-0ubuntu2_amd64.deb
尺寸:90006
MD5sum:2a5dd741bab5ba886508b87559d1151d
SHA1:65c4f508b8643d808eb28e481dc660a68a0aba3d
SHA256:a8127c59b2ac7520f8f8993e9849f9dcc46486bced2f4b54c7fef56ac8e3b59e
描述en:TPM 2.0实用程序
此软件包包含一组用于TPM 2.0芯片的工具,
用于硬件提供的常见任务和功能;比如
用于进行基本的密钥管理、认证、加密和签名。
Description-md5:7dab290b7414623bbe70b4f8bc047903
主页:https://github.com/01org/tpm2.0-tools
漏洞:https://bugs.launchpad.net/ubuntu/+文件错误
来源:Ubuntu
tpm2_createprimary -H e -g sha256 -G rsa -C primary.context
主要对象是瞬态的。我建议您尝试在加载tpm2_之前重新创建主对象
tpm2_createprimary -H e -g sha256 -G rsa -C primary.context
我想问题是将
-c-H-Stpm2\u收回控制OPTIONS
-A, --auth=AUTH: The authorization used to authorize the commands. Valid choices are:
o for TPM_RH_OWNER
p for TPM_RH_PLATFORM
-H, --handle=HANDLE: The handle of a loaded transient or a persistent object.
If the handle is for a transient object, then a handle that will be assigned to the persisted object must also be specified with the -S option.
If the handle is for a persistent object, then the -S does not need to be provided since the handle must be the same for both options.
-c, --context=OBJECT_CONTEXT_FILE: Filename for object context.
-S, --persistent=PERSISTENT_HANDLE: The persistent handle for the object handle specified via HANDLE.
-P, --pwda=AUTH_PASSWORD: authorization password, optional. Passwords should follow the "password formatting standards, see section "Password Formatting".
--persistent--context--handletpm2\u loadtpm2\u receivecontrol-c load.contexttpm2\u listpersistant我想问题在于,对于
tpm2\u executecontrol-c-H-SOPTIONS
-A, --auth=AUTH: The authorization used to authorize the commands. Valid choices are:
o for TPM_RH_OWNER
p for TPM_RH_PLATFORM
-H, --handle=HANDLE: The handle of a loaded transient or a persistent object.
If the handle is for a transient object, then a handle that will be assigned to the persisted object must also be specified with the -S option.
If the handle is for a persistent object, then the -S does not need to be provided since the handle must be the same for both options.
-c, --context=OBJECT_CONTEXT_FILE: Filename for object context.
-S, --persistent=PERSISTENT_HANDLE: The persistent handle for the object handle specified via HANDLE.
-P, --pwda=AUTH_PASSWORD: authorization password, optional. Passwords should follow the "password formatting standards, see section "Password Formatting".
--persistent--context--handletpm2\u loadtpm2\u receivecontrol-c load.contexttpm2\u listpersistant在创建策略之前和重新启动之后,您是否检查了tpm2_pcrlist是否为sha1:7提供了相同的结果?是的,它们是相同的。在创建策略之前和重新启动之后,您是否检查了tpm2_pcrlist是否为sha1:7提供了相同的结果?是的,它们是相同的