You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I changed your example a little (wrong password for owner hierarchy, length specification for nv read to avoid need of multiple reads, removed -L pcr.bin, add write operation before read) and it worked:
Ide like to seal a private key to the tpm nv index. Ide like to only be able to read it out if the PCR values match the right PCR policy.
I am performing these commands but getting invalid authorizaton, and I do not know why.
tpm2_changeauth -c o 246
tpm2_pcrread sha256:10 -o pcr.bin
tpm2_createpolicy --policy-pcr -l sha256:10 -f pcr.bin -L pcr.policy
tpm2_nvdefine -C o -p writepassword -a "authwrite|policyread" -L pcr.bin -L pcr.policy -P 245
tpm2_startauthsession --policy-session -S session.ctx
tpm2_policypcr -S session.ctx -l sha256:10 -L policy.pcr
tpm2_nvread 0x1000000 -P session:session.ctx
the error is tpm:session(1): a policy check failed.
I have no idea why this fails. any help would be very much appreciated.
The text was updated successfully, but these errors were encountered: