Hi everyone,

 

I'm trying to setup a system with the cryptfs2 and tpm2-tooling which is currently working but I'd like to change the DictionaryAttackParamater recovery time.

 

I've tried the following (scenario 1)

Reset TPM from the bios

Tmp2_takeownership -T "device" -L "1234567890"

Tpm2_dictionarylockout -s -n 32 -l 86400 -t 5 -p "1234567890"

I get a warning: the command may require writing of NV and NV is not current accessible.

If I check the settings with:

Tpm2_getcap -c properties-variable

I notice they are not changed

 

Reset TPM from the bios

Tpm2_dictionarylockout -s -n 32 -l 86400 -t 5 -p "1234567890"

Tpm2_getcap -c properties-variable

Values are written

Tmp2_takeownership -T "device" -L "1234567890"

Tpm2_getcap -c properties-variable

Settings are reset to default

 

What would I need to do to get the first scenario to work? I know I'm combining tools from 2.x with master. But that's because the cryptfs tooling is dependent on 2.x.

How can I unlock the NV, I've found tpm2_release but I've got no clue what to release.

 

Kind Regards,

Christian Litjes



The information contained in this message may be confidential and legally protected under applicable law. The message is intended solely for the addressee(s). If you are not the intended recipient, you are hereby notified that any use, forwarding, dissemination, or reproduction of this message is strictly prohibited and may be unlawful. If you are not the intended recipient, please contact the sender by return e-mail and destroy all copies of the original message.