2023-10-06T01:51:44.338409Z DEBUG basic_openssl_tpm_test::tests: ctx duplicate
WARNING:esys:src/tss2-esys/api/Esys_Duplicate.c:354:Esys_Duplicate_Finish() Received TPM Error
ERROR:esys:src/tss2-esys/api/Esys_Duplicate.c:116:Esys_Duplicate() Esys Finish ErrorCode (0x0000099d)
2023-10-06T01:51:44.361317Z ERROR tss_esapi::context::tpm_commands::duplication_commands: Error when performing duplication: a policy check failed (associated with session number 1)
I have been modeling the code "as close as possible" to tss-esapi/tests/integration_tests/context_tests/tpm_commands/duplication_commands_tests.rs as that's the only reference I could find for this.
Could someone please help review this so that I can get this to work?
Firstyear
commented
1 month ago
Hi there,
I was working again on another example of TPM usage, this time for key duplication. However, I am once again stuck. :(
The following is the code that I have been testing - it will be polished before I submit it as an example to this repo.
https://gist.github.com/Firstyear/d743900a24aacc1a4b7cbe4a9ec0e06c
This is failing on line 355, with a policy error:
I have been modeling the code "as close as possible" to tss-esapi/tests/integration_tests/context_tests/tpm_commands/duplication_commands_tests.rs as that's the only reference I could find for this.
Could someone please help review this so that I can get this to work?
As a second follow up, I can't seem to work out policy sessions with passwords or authValues. I can see there is https://docs.rs/tss-esapi/latest/tss_esapi/struct.Context.html#method.policy_auth_value to gate on these during the session, but setting a value in https://docs.rs/tss-esapi/latest/tss_esapi/struct.Context.html#method.create doesn't seem to work, and it's not clear how to provide the auth_value during a key load or duplicate. What am I missing here so that I can make a second example that uses authValues/passwords for the key duplication process?