-
Notifications
You must be signed in to change notification settings - Fork 373
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
tpm2_encryptdecrypt won't work on Infineon TPM2.0 SLB9670 chip #407
Comments
"sudo tpm2_dump_capability -c commands" shows none of these 2 command codes on my device:
I guess that "tpm2_dump_capability -c commands" might have ignored the following 4 commands (which might exist in a hardware TPM chip):
|
TPM2_EncryptDecrypt is an optional command according to PTP, so you cannot expect any TPM to support it. The other commands that you mention were introduced with the TPM Library Specification 01.38, whereas your TPM probably implements version 01.16 (check TPM_PT_REVISION via TPM2_GetCapability), so there is no support for these commands either. |
@liuqun I don't see a bug here as it's lack of support by the hardware, if you agree please close. |
OK I agree. By the way, I hope that in the future "tpm2_encryptdecrypt" will support using "TPM_CC_EncryptDecrypt2" as soon as this command code is available. Using "TPM_CC_EncryptDecrypt" may cause some security problems. The "TPM_PT_REVISION" on my chip is "1.00"
|
This is probably not what the chip reports, the tool seems to have a bug that displays the minor version always as "00". #416 should fix this. |
Now I got the correct TPM_PT_REVISION with the newest fixed tpm2_dump_capability.
|
tpm2_encryptdecrypt won't work on Infineon TPM2.0 SLB9670 chip
For example:
sudo tpm2_encryptdecrypt -k 0x81010001 -P abc123 -D NO -I a.txt -o b.txt
/usr/local/sbin/tpm2_rc_decode 0x143
TPM Rev 2.0 Part 3: Commands - Chapter 15 says:
I also post a related issue to TPM2.0-TSS, see: tpm2-software/tpm2-tss#506
The text was updated successfully, but these errors were encountered: