Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Policy based NV read in Java #42

Closed
MMaiero opened this issue Sep 18, 2019 · 1 comment
Closed

Policy based NV read in Java #42

MMaiero opened this issue Sep 18, 2019 · 1 comment

Comments

@MMaiero
Copy link

MMaiero commented Sep 18, 2019

Hello,
I am trying to read NVRam using the TSS.Java in a location associated to a policy.
I have read that there is no complete support for policies in the Java implementation, but having a look around to the code, all the parts seem to be there.

I created the following snippet, checked that the policyDigest is equal to the one obtained listing the nvram entries. The problem is that I'm not able to fetch the value.

Tpm tpm = TpmFactory.platformTpm();
cleanSlots(tpm, TPM_HT.TRANSIENT);
cleanSlots(tpm, TPM_HT.LOADED_SESSION);
        
byte[] nonceCaller = Helpers.getRandom(20);
StartAuthSessionResponse policySession = tpm.StartAuthSession(TPM_HANDLE.NULL, TPM_HANDLE.NULL, nonceCaller, new byte[0], TPM_SE.POLICY, TPMT_SYM_DEF.nullObject(), TPM_ALG_ID.SHA256);
tpm.PolicyPCR(policySession.handle, new byte[0], TPMS_PCR_SELECTION.CreateSelectionArray(TPM_ALG_ID.SHA1, 9));
        
byte[] policyDigest = tpm.PolicyGetDigest(policySession.handle);
        
String policy = Helpers.toHex(policyDigest);
System.out.println("Policy: " + policy);
        
tpm._withSession(policySession.handle);

int nvIndex = 0x1500016;

TPM_HANDLE nvHandle = TPM_HANDLE.NV(nvIndex);

byte[] dataRead = tpm.NV_Read(nvHandle, nvHandle, 16, 0);

try {
            tpm.FlushContext(policySession.handle);
            tpm.close();
} catch (IOException e) {

}

Am I missing something there?

Thanks.
Best regards,
Matteo
@amarochk
Copy link
Contributor

Hi Matteo,

The missing policy support is an extra abstraction layer provided in .Net and C++ version of TSS.MSR. All the standard TPM functionality is completely available.

The problem with you code is likely the NV index value. Since you specify the complete index value, including the reserved MSB, you should use TPM_HANDLE() constructor, not the TPM_HANDLE.NV() factory method. With the latter you should use the 0x500016 value (without the MSB 0x01).

Otherwise your code looks good. For the future, when a command fails, the TPM returns an error response code that often is specific enough to pinpoint the source of the problem.

-Andrey

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@MMaiero @amarochk