Open Psotas opened 4 months ago
@krystian-hebel Should this function work on any TPM, or it may be simply not supported?
In other words, can you suggest whether it may be:
TPM2_CreateLoaded
is mandatory function according to current TCG PC Client Platform TPM Profile Specification for TPM 2.0 revision 1.05. In fact, it is mandatory since 1.03. 0.43 is the latest publicly available revision that doesn't list this function.
If TPM claims it is compliant with any 1.x revision of specification it is an issue with TPM, but I don't see any compatibility claims for TPM 2.0 update on Infineon's page for this TPM.
@krystian-hebel In OS it says it is this one: https://www.infineon.com/cms/en/product/security-smart-card-solutions/optiga-embedded-security-solutions/optiga-tpm/slb-9665tt2.0/
X509v3 Subject Alternative Name: critical
DirName:/2.23.133.2.1=id:49465800/2.23.133.2.2=SLB 9665/2.23.133.2.3=id:053E
They are pin-compatible, so maybe the main difference is which firmware is preloaded? This one says: Compliant to TPM 2.0 Rev. 01.16
.
There are many different TPM documents, TPM 2.0 Rev. 01.16
applies to TPM Library specification. In this revision there indeed is no CreateLoaded, but this revision is from October 30, 2014, it's almost 10 years old. This is roughly the same point in time as PC Client 0.43 from my previous comment. This is older that I thought, then again first revisions of spreadsheet are even older (from https://www.infineon.com/dgdl/Infineon-data-sheet-SLB9665_2.0_Rev1.2-DS-v01_02-EN.pdf):
I still think that we should keep this test and report an error. Not every TPM is perfectly compliant with the latest revision of specification and that's fine, but we should somehow reward those that are.
Same issues on 4670 and 4630.
Same issue on apu6.
also occurs on VP2420, https://github.com/Dasharo/dasharo-issues/issues/782
EDIT: resolved, no longer occurs on VP2420
So this test is not on the test env, it is a hardware module problem. It should be moved to dasharo-issues.
@BeataZdunczyk let's verify if it is in dasharo-issues, if not - let's move it
Device
VP4650
RTE version
Dasharo v1.2.0
Affected component(s) or functionality
No response
Brief summary
TPMCMD007.002 CREATELOADED Function (Ubuntu 22.04)
don't work on VP4650How reproducible
No response
How to reproduce
Run
TPMCMD007.002 CREATELOADED Function (Ubuntu 22.04)
Expected behavior
Test PASS
Actual behavior
rm -f primary.ctx obj.key
Return:Link to screenshots or logs
dasharo-security_log.zip
Additional context
No response
Solutions you've tried
No response