twitchy-jsonp
commented
3 years ago I think https://github.com/google/go-attestation/pull/238 may have fixed this, can you try again?
Open alishuja opened 4 years ago
twitchy-jsonp
commented
3 years ago I think https://github.com/google/go-attestation/pull/238 may have fixed this, can you try again?
Hello, While running the code from the project's README (also attached with the post: tpm_attest .go.txt), I am getting the following error:
ActivateCredential: parameter 2, error code 0x4 : value is out of range or is not correct for the context
The TPM equipped on the device is a Nuvoton TPM 2.0. Following is the output from running Intel's TPM TSS tpm2_tools' (version: 2.1.0) tpm2_dump_capability:
TPM_PT_FAMILY_INDICATOR: as UINT32: 0x08322e3000 as string: "2.0" TPM_PT_LEVEL: 0 TPM_PT_REVISION: 1.00 TPM_PT_DAY_OF_YEAR: 0x0000002f TPM_PT_YEAR: 0x000007df TPM_PT_MANUFACTURER: 0x4e544300 TPM_PT_VENDOR_STRING_1: as UINT32: 0x726c7300 as string: "rls" TPM_PT_VENDOR_STRING_2: as UINT32: 0x4e504354 as string: "NPCT" TPM_PT_VENDOR_STRING_3: as UINT32: 0x20000000 as string: " " TPM_PT_VENDOR_STRING_4: as UINT32: 0x20000000 as string: " " TPM_PT_VENDOR_TPM_TYPE: 0x00000001 TPM_PT_FIRMWARE_VERSION_1: 0x00010003 TPM_PT_FIRMWARE_VERSION_2: 0x00000001
My guess is that the problem lies in ActivateCredential is called for this particular device. Using a test from Intel's tpm2-tools (Attached: tpm2_clear_and_test_activation-221.sh.txt) I get the following error on the same host: ERROR: ActivateCredential failed. TPM Error:0x80012
On performing a tpm2_rc_decode on the error code, I get:
tpm2_rc_decode 0x80012 error layer hex: 0x80000 identifier: TSS2_SYS_ERROR_LEVEL description: Error from the SAPI base error code identifier: TSS2_BASE_RC_INSUFFICIENT_CONTEXT description: Context not large enough
When I execute the same two attached files on another host with a different TPM, they run as expected.
Any help in this regard is greatly appreciated.
Thanks!
Best regards,