gpt4 book ai didi

ubuntu - tpm2-tools seal-unseal 重启后数据

转载 作者:行者123 更新时间:2023-12-04 18:33:30 25 4
gpt4 key购买 nike

我正在尝试将一些数据密封到 tpm2.0 中,然后再将其解封,即使在系统重新启动后我也应该能够解封数据
在 tpm 的 transient 内存中,我可以做到这一点,这行得通

tpm2_pcrlist -L sha1:7 -o pcr.bin
tpm2_createpolicy -P -L sha1:7 -F pcr.bin -f policy.digest
tpm2_createprimary -H e -g sha256 -G rsa -C primary.context
tpm2_create -g sha256 -G keyedhash -u obj.pub -r obj.priv -c primary.context -L policy.digest -I- <<< "secret"
tpm2_load -c primary.context -u obj.pub -r obj.priv -n load.name -C load.context
tpm2_unseal -c load.context -L sha1:7
我可以解封数据 secret ,但为了使其可用,即使在系统重新启动后我也应该能够解封它,因此我将 SRK aka 主键设为 tpm 中的持久对象。
到目前为止,我已经做到了
tpm2_createpolicy -P -L sha1:7 -F pcr.bin -f policy.digest
tpm2_createprimary -H e -g sha256 -G rsa -C primary.context
tpm2_create -g sha256 -G keyedhash -u obj.pub -r obj.priv -c primary.context -L policy.digest -I- <<< "secret"
tpm2_load -c primary.context -u obj.pub -r obj.priv -n load.name -C load.context
tpm2_unseal -c load.context -L sha1:7

## persist the object into TPM's persistent memory
tpm2_evictcontrol -A o -c primary.context -H 0x81010001
重启后
tpm2_load -H 0x81010001 -u obj.pub -r obj.priv -n load.name -C load.context
tpm2_unseal -c load.context -L sha1:7

我收到政策检查失败错误
error layer
hex: 0x0
identifier: TSS2_TPM_ERROR_LEVEL
description: Error produced by the TPM
format 1 error code
hex: 0x1d
identifier: TPM_RC_POLICY_FAIL
description: a policy check failed
知道如何实现吗?我对 TPM2.0 还很陌生
顺便说一句,我正在使用这个版本的 tpm2-tools,在 ubuntu 16.04 上运行
root@server# apt-cache show tpm2-tools
Package: tpm2-tools
Status: install ok installed
Priority: optional
Section: utils
Installed-Size: 1524
Maintainer: Mathieu Trudel-Lapierre <mathieu.trudel-lapierre@canonical.com>
Architecture: amd64
Version: 3.1.3-2
Depends: libc6 (>= 2.22), libcurl3-gnutls (>= 7.16.2), libssl1.1 (>= 1.1.0), libtss2-esys0
Description-en: TPM 2.0 utilities
This package contains a set of tools to use with TPM 2.0 chips,
for common tasks and features provided by the hardware; such as
for doing basic key management, attestation, encryption and signing.
Description-md5: 7dab290b7414623bbe70b4f8bc047903
Homepage: https://github.com/01org/tpm2.0-tools

Package: tpm2-tools
Priority: optional
Section: universe/utils
Installed-Size: 964
Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
Architecture: amd64
Version: 1.0.0+20160226.64b3334-0ubuntu2
Depends: libc6 (>= 2.14), libcurl3 (>= 7.16.2), libssl1.0.0 (>= 1.0.0), libtss2-0, libtss2-utils
Filename: pool/universe/t/tpm2-tools/tpm2-tools_1.0.0+20160226.64b3334-0ubuntu2_amd64.deb
Size: 90006
MD5sum: 2a5dd741bab5ba886508b87559d1151d
SHA1: 65c4f508b8643d808eb28e481dc660a68a0aba3d
SHA256: a8127c59b2ac7520f8f8993e9849f9dcc46486bced2f4b54c7fef56ac8e3b59e
Description-en: TPM 2.0 utilities
This package contains a set of tools to use with TPM 2.0 chips,
for common tasks and features provided by the hardware; such as
for doing basic key management, attestation, encryption and signing.
Description-md5: 7dab290b7414623bbe70b4f8bc047903
Homepage: https://github.com/01org/tpm2.0-tools
Bugs: https://bugs.launchpad.net/ubuntu/+filebug
Origin: Ubuntu

最佳答案

主要对象是 transient 的。我建议您尝试在 tpm2_load 之前重新创建主对象

  tpm2_createprimary -H e -g sha256 -G rsa -C primary.context

关于ubuntu - tpm2-tools seal-unseal 重启后数据,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/58207654/

25 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com