-
Notifications
You must be signed in to change notification settings - Fork 381
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
How to execute tpm2_changeeps #3412
Comments
@botellum what is the error message you are receiving when you execute |
tpm2_changeauth doesnt work for me, it says that the auth value is wrong. I know that the auth value is being set at boot by the firmware, but is there any way to still execute a ChangeEPS command? (UEFI Applications or something like that) Anyway here's the error message I receive when I try to do anything with platform auth: WARNING:esys:src/tss2-esys/api/Esys_HierarchyChangeAuth.c:309:Esys_HierarchyChangeAuth_Finish() Received TPM Error |
@botellum sorry i thought that you could change the auth value of the platform hierarchy because you wrote:
The remaining possibilities are described in: |
I can clear my tpm module using platform auth but what is that gonna do ? |
Endorsement seeds can only be changed through a firmware update on a real TPM. This is not a normal event and the manufacturer will need to re-certify all the resulting endorsement keys. In a normal scenario, you can only change the authorization for the endorsement hierarchy. |
I have more of a question, and that is how can I run tpm2_changeeps. It always tells me that I have no authorization, or that it is wrong, and I can also run tpm2_changeauth on the plaform hierarchy. My question now is, is there any way to run it? (And if it works with other programs, e.g. with a UEFI application that uses the tcg2 protocol (in uefi shell))
The text was updated successfully, but these errors were encountered: