search

psanford / tpm-fido

A WebAuthn/U2F token protected by a TPM (Go/Linux)
MIT License
299 stars 17 forks source link

RegisteKey: CreatePrimary key err: Authorization Failure #27

Open Gandalf1783 opened 1 year ago

Gandalf1783 commented 1 year ago

Hey,

I have an issue with my tpm-fido setup. Just installed it, tried out to add it to my Google account, and I am stuck here:

2023/08/06 00:37:12 got VersionCmd
2023/08/06 00:37:12 got RegisterCmd site=demo.yubico.com
2023/08/06 00:37:13 got RegisterCmd site=demo.yubico.com
2023/08/06 00:37:14 got RegisterCmd site=demo.yubico.com
2023/08/06 00:37:14 RegisteKey err: CreatePrimary key err: session 1, error code 0x22 : authorization failure without DA implications

I already have setup a primary key in my TPM. If I understand correctly, there can only be 1? Therefore my question: Does tpm-fido need to create a "new" primary key? Cant it be signed over the /dev/tpmrm0 (by the kernel)?

Do I have to pass the Owner-Key somewhere to give tpm-fido permission to be signed by the primary key?

If any further info is needed, feel free to ask!