Can't clear TPM chip - Githubissues

wolfSSL / wolfTPM

wolfTPM is a highly portable TPM 2.0 library, designed for embedded use.

https://www.wolfssl.com

GNU General Public License v2.0

232 stars 56 forks source link

Can't clear TPM chip #188

Closed horver closed 1 year ago

horver commented 2 years ago

Hello,

I would like to ask a question about clearing the SLB9670 TPM chip. After updating wolfTPM to v2.2.0, I had changed the handle authorization password and then I wanted to reset the chip using wolfTPM2_Clear. However the clear fails with:

TPM2_Clear failed 2337: TPM_RC_EXCLUSIVE: Command failed because audit sequence required exclusivity

Unfortunately, I didn't found any information about this error.

Can you please help, what commands can I use to fix the reset?

dgarske commented 2 years ago

Hi @horver ,

Are you using the /dev/spidev interface, /dev/tpm0, Windows TBS or something else to communicate with the TPM? The TPM2_Clear is only allowed when using the locality 0, which is our default when using the internal TIS layer and /dev/spidev. Do other TPM command was fine? Perhaps this TPM has a policy auth set to prevent this without authenticating. Have you reviewed the TPM 2.0 specification around the TPM2_Clear command?

Thanks, David Garske, wolfSSL

dgarske commented 2 years ago

Hi @horver ,

Some time has passed with no update, so I wanted to check in. Did you find a resolution to this issue?

Note it is possible to disable the TPM2_Clear with the TPM2_ClearControl.

Thanks, David Garske, wolfSSL