From a3c5bc775daa0c5743ca92a29c9dfbef80194aaf Mon Sep 17 00:00:00 2001 From: Stefan Berger Date: Fri, 1 May 2020 15:10:03 -0400 Subject: [PATCH] swtpm_setup: bugfix: Create ECC storage primary key in owner hierarchy The ECC storage primary key was mistakently created in the endorsement hierarchy but should be in the owner hierarchy. This patch corrects this to have this key created in the owner hierarchy (like the RSA key), thus using 0x40 00 00 01. This only mattered if one used --create-spk and --ecc together. Signed-off-by: Stefan Berger --- src/swtpm_setup/swtpm_setup.sh.in | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/swtpm_setup/swtpm_setup.sh.in b/src/swtpm_setup/swtpm_setup.sh.in index 2b7bc904..d7e6a677 100755 --- a/src/swtpm_setup/swtpm_setup.sh.in +++ b/src/swtpm_setup/swtpm_setup.sh.in @@ -1157,7 +1157,8 @@ tpm2_createprimary_spk_ecc() off1=126 off2=228 - tpm2_createprimary_ecc_params '\\x40\\x00\\x00\\x0b' "${keyflags}" \ + # TPM_RH_OWNER + tpm2_createprimary_ecc_params '\\x40\\x00\\x00\\x01' "${keyflags}" \ "${symkeydata}" "${publen}" "${totlen}" "${min_exp}" "${off1}" \ "${off2}" "" "" return $?