No reason sounds like an easy enough feature to add. Do you want to send a patch up?

From: Sievert, James <james.sievert@bsci.com>
Sent: Friday, December 3, 2021 9:10 AM
To: Kenneth Goldman <kgoldman@us.ibm.com>
Cc: tpm2@lists.01.org <tpm2@lists.01.org>
Subject: [tpm2] Re: {External} Re: tpm2_nvdefine fails with inconsistent attributes...
 

That was it.  Thanks, Ken.

 

According to the documentation for tpm2_nvdefine, the defaults for the platform hierarchy are PPREAD and PPWRITE.  Strangely, PLATFORMCREATE is not included.  The following is sufficient:

tpm2_nvdefine 0x01000025 -C p -s 1 -a "ppwrite|ppread|platformcreate"     

 

Is there some reason the defaults for the platform hierarchy don’t include PLATFORMCREATE?

 

From: Kenneth Goldman <kgoldman@us.ibm.com>
Sent: Friday, December 3, 2021 9:52 AM
To: Sievert, James <james.sievert@bsci.com>
Cc: tpm2@lists.01.org
Subject: {External} [tpm2] Re: tpm2_nvdefine fails with inconsistent attributes...

 

My guess is that you do not set the TPMA_NVA_PLATFORMCREATE attribute.

The IBM utility sets it for you when the platform hierarchy authorizes the command, since it must be set.

--
Ken Goldman   kgoldman@us.ibm.com  
914-945-2415 (862-2415)


Inactive hide details for "Sievert, James" ---12/03/2021 09:37:25 AM---Hi, I’m using tpm2-tools 4.1.1 on Ubuntu 20.04.  I’m i"Sievert, James" ---12/03/2021 09:37:25 AM---Hi, I’m using tpm2-tools 4.1.1 on Ubuntu 20.04.  I’m issuing the following command which is returnin

From: "Sievert, James" <james.sievert@bsci.com>
To: "tpm2@lists.01.org" <tpm2@lists.01.org>
Date: 12/03/2021 09:37 AM
Subject: [EXTERNAL] [tpm2] tpm2_nvdefine fails with inconsistent attributes...





Hi, I’m using tpm2-tools 4.1.1 on Ubuntu 20.04. I’m issuing the following command which is returning an inconsistent attributes error: bsci@ip-10-132-42-225:~$ tpm2_nvdefine 0x1000025 -C p -s 1 žžžžžžžžžžžžžžžžžžžžžžžžžžžžžžžžžžžžžžžžžžžžžž
Hi,
 
I’m using tpm2-tools 4.1.1 on Ubuntu 20.04.  I’m issuing the following command which is returning an inconsistent attributes error:
 
bsci@ip-10-132-42-225:~$ tpm2_nvdefine   0x1000025 -C p -s 1
WARNING:esys:src/tss2-esys/api/Esys_NV_DefineSpace.c:333:Esys_NV_DefineSpace_Finish() Received TPM Error
ERROR:esys:src/tss2-esys/api/Esys_NV_DefineSpace.c:122:Esys_NV_DefineSpace() Esys Finish ErrorCode (0x00000182)
ERROR: Failed to define NV area at index 0x1000025
ERROR: Esys_NV_DefineSpace(0x182) - tpm:handle(1):inconsistent attributes
ERROR: Unable to run tpm2_nvdefine
 
and yes, I am attempting to define the index using the platform hierarchy.  ?  This does work using the IBM utilities.  
 
Here are the current properties:
 
bsci@ip-10-132-42-225:~$ tpm2_getcap properties-variable
TPM2_PT_PERSISTENT:
  ownerAuthSet:              0
  endorsementAuthSet:        0
  lockoutAuthSet:            0
  reserved1:                 0
  disableClear:              0
  inLockout:                 0
  tpmGeneratedEPS:           0
  reserved2:                 0
TPM2_PT_STARTUP_CLEAR:
  phEnable:                  1
  shEnable:                  1
  ehEnable:                  1
  phEnableNV:                1
  reserved1:                 0
  orderly:                   0
TPM2_PT_HR_NV_INDEX: 0x6
TPM2_PT_HR_LOADED: 0x0
TPM2_PT_HR_LOADED_AVAIL: 0x3
TPM2_PT_HR_ACTIVE: 0x0
TPM2_PT_HR_ACTIVE_AVAIL: 0x40
TPM2_PT_HR_TRANSIENT_AVAIL: 0x3
TPM2_PT_HR_PERSISTENT: 0x0
TPM2_PT_HR_PERSISTENT_AVAIL: 0x11
TPM2_PT_NV_COUNTERS: 0x0
TPM2_PT_NV_COUNTERS_AVAIL: 0xD
TPM2_PT_ALGORITHM_SET: 0x0
TPM2_PT_LOADED_CURVES: 0x2
TPM2_PT_LOCKOUT_COUNTER: 0x0
TPM2_PT_MAX_AUTH_FAIL: 0x20
TPM2_PT_LOCKOUT_INTERVAL: 0x1C20
TPM2_PT_LOCKOUT_RECOVERY: 0x15180
TPM2_PT_AUDIT_COUNTER_0: 0x0
TPM2_PT_AUDIT_COUNTER_1: 0x0
 
Any insight would be appreciated.  
Thanks!_______________________________________________
tpm2 mailing list -- tpm2@lists.01.org
To unsubscribe send an email to tpm2-leave@lists.01.org
%(web_page_url)slistinfo%(cgiext)s/%(_internal_name)s