-
Notifications
You must be signed in to change notification settings - Fork 1
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Error while Building the Project #1
Comments
The tutorial assumes the tpm device is available at I'm guessing your trying it out on a mac which i don't really know how to access the TPM on that os. |
Aren't we executing this command as a remote user and reading the value from the PCR Bank directly from the GCP VM Instance ? When you say, access TPM on MacOS, why is that required aren't we directly communicating with the TPM Device on the Remote GCP VM ? Why do we need to access the TPM on MacOS ? Please correct me if I am wrong on this |
slightly. the repo shows a way to seal some data on your laptop and only get it unsealed on a remote VM that has a TPM. your laptop doesn't need a TPM but it does need the endorsement public key of the remove VM. How your laptop gets that public key isn't specified here in this repo; the fact that the key was distributed to your laptop by other means is assumed. once your laptop has the endorsement key, it can seal data such that it can only get decrypted by that same TPM. the encryption part on yoru laptop can also contain a set of PCR values you expect to be present on the target TPM. If the PCR values don't match, you can't decrypt. the command from your original post is
is intended to be just read the state of the PCR values on the VM that has the TPM |
One Further Question: Question : If you are mentioning the VM as the Laptop(Local Machine), then it is understood that it will fail to read the PCR Value because as you said earlier, path to access the TPM on MacOS is not defined yet |
no, you read the state of the PCR banks only on the system where the TPM is present. (when i mentioned VM, i'm talking just about a gcp vm here that has a TPM) for a GCP Shielded VM, PCR0 happens to be |
Hi,
I was trying to build the Project, and I was trying to run this command to derive the PCR Value in Read Mode:
go run pcr_utils/main.go --mode=read --pcr=23 -v 10 -alsologtostderr
But, I get the following error while trying to build it:
F0313 15:06:45.723237 58900 main.go:42] can't open TPM %!q(*string=0xc000050f60): stat /dev/tpm0: no such file or directory goroutine 1 [running]: github.com/golang/glog.stacks(0x0) /Users/deepanshu/go/pkg/mod/github.com/golang/glog@v0.0.0-20160126235308-23def4e6c14b/glog.go:769 +0x89 github.com/golang/glog.(*loggingT).output(0x1005585e0, 0x3, 0xc00014e3f0, {0x1003dcde5?, 0xc00011bec8?}, 0x2?, 0x0) /Users/deepanshu/go/pkg/mod/github.com/golang/glog@v0.0.0-20160126235308-23def4e6c14b/glog.go:720 +0x46d github.com/golang/glog.(*loggingT).printf(0xc000050f90?, 0x1?, {0x1002fe32d, 0x15}, {0xc00011bec8, 0x2, 0x2}) /Users/deepanshu/go/pkg/mod/github.com/golang/glog@v0.0.0-20160126235308-23def4e6c14b/glog.go:655 +0x10f github.com/golang/glog.Fatalf(...) /Users/deepanshu/go/pkg/mod/github.com/golang/glog@v0.0.0-20160126235308-23def4e6c14b/glog.go:1148 main.main() /Users/deepanshu/Desktop/gcp_tpm_sealed_keys/pcr_utils/main.go:42 +0x1bf exit status 255
Your help will be appreciated on this
Thanks !!
The text was updated successfully, but these errors were encountered: