You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I have tried to set lock out auth using below command tpm2_changeauth -c l passwd
After I set lockoutauth
I am not able to use tpm2_clear command
tpm2_clear -c l passwd
WARNING:esys:src/tss2-esys/api/Esys_Clear.c:291:Esys_Clear_Finish() Received TPM Error
ERROR:esys:src/tss2-esys/api/Esys_Clear.c:97:Esys_Clear() Esys Finish ErrorCode (0x00000921)
ERROR: Esys_Clear(0x921) - tpm:warn(2.0): authorizations for objects subject to DA protection are not allowed at this time because the TPM is in DA lockout mode
ERROR: Unable to run tpm2_clear
when tried to to unset lockout password it is not working and giving below error
tpm2_changeauth -c l -p passwd
WARNING:esys:src/tss2-esys/api/Esys_HierarchyChangeAuth.c:309:Esys_HierarchyChangeAuth_Finish() Received TPM Error
ERROR:esys:src/tss2-esys/api/Esys_HierarchyChangeAuth.c:114:Esys_HierarchyChangeAuth() Esys Finish ErrorCode (0x00000921)
ERROR: Esys_HierarchyChangeAuth(0x921) - tpm:warn(2.0): authorizations for objects subject to DA protection are not allowed at this time because the TPM is in DA lockout mode
ERROR: Unable to run tpm2_changeauth
but i dont see tpm is in lockout mode or tpm2_clear being disable using command below
An error must have occurred during authorization of the lockout hierarchy before the tpm2_clear -c l passwd. In this case, one error is enough to activate the lockout mode.
Spec Part1 Architecture 19.8.5:
"An authorization failure associated with lockoutAuth causes the TPM to enter this special lockout state regardless of the setting of failedTries and maxTries."
You could reset the TPM in the BIOS, or try #1956 (comment),
or wait until the lockout mode is deactivated.
Thank You @JuergenReppSIT.This was very helpful.
i am able to try above method of reseting tpm and clear lockout.
but i have tried a similar thing on other tpm and i was getting below error when trying to reset tpm using #1956 (comment).
I have tried to set lock out auth using below command
tpm2_changeauth -c l passwd
After I set lockoutauth
I am not able to use tpm2_clear command
when tried to to unset lockout password it is not working and giving below error
but i dont see tpm is in lockout mode or tpm2_clear being disable using command below
The text was updated successfully, but these errors were encountered: