Closed uski closed 1 year ago
I found what the issue was. The TPM I was using was brand new. The problem is that brand new hardware TPMs ship with outdated firmwares apparently, at least for the one I got. And I guess these older versions do not support the commands used by tpm-fido.
tpm-fido maintainer, I suggest to add some code to:
Specifically, in my case it was an Infineon SLB9665 TPM with an ancient firmware (which also happened to be vulnerable to the ROCA RSA key attacks).
I updated it with the software from https://github.com/iavael/infineon-firmware-updater following instructions at https://blog.3mdeb.com/2019/2019-04-17-roca/
One challenge was that I had to disable the HW TPM and enable the SW TPM, and also tell the updated software to access the TPM through an alternative method, otherwise it was hitting the AMD firmware TPM and aborting.
Hope this helps someone with a similar problem.
$ sudo ./TPMFactoryUpd -firmware /path/to/9665FW\ update\ package_1.5/Firmware/TPM20_5.0.1089.2_to_TPM20_5.62.3126.2.BIN -update tpm20-emptyplatformauth -access-mode 1
**********************************************************************
* Infineon Technologies AG TPMFactoryUpd Ver 01.01.2459.00 *
**********************************************************************
TPM update information:
-----------------------
Firmware valid : Yes
TPM family : 2.0
TPM firmware version : 5.0.1089.2
TPM platformAuth : Empty Buffer
Remaining updates : 64
New firmware valid for TPM : Yes
TPM family after update : 2.0
TPM firmware version after update : 5.62.3126.2
TPM chip state after update : reset to factory defaults
Preparation steps:
TPM2.0 policy session created to authorize the update.
DO NOT TURN OFF OR SHUT DOWN THE SYSTEM DURING THE UPDATE PROCESS!
Updating the TPM firmware ...
Completion: 100 %
TPM Firmware Update completed successfully.
Hi !
I just installed tpm-fido to try it out. Great idea by the way!
Unfortunately, I cannot get it to work. After following the installation steps and starting
tpm-fido
, I tried it at the following URL: https://demo.yubico.com/webauthn-technical/registrationIn the console I get the following error:
The browser I am using is
Google Chrome Version 107.0.5304.87 (Official Build) (64-bit)
onUbuntu 22.04.1 LTS
Any idea ?