One last attempt...wondering if AK needs to be loaded in this case
Thread 1 in client .. creates EK and AK and sends to server
Server creates credential externally sends secret and credential blob
Thread 2 in client - Calls ActivateCredential (it has access to the global
ESYS_CONTEXT structures, ak_handles and ek_handles that thread 1 created)
Question: Are AK keys still present in the TPM? Will the ESAPI structures
still work even after few seconds or are they flushed?
I'm trying to understand why if I run all these methods in a single thread,
On Fri, Mar 13, 2020 at 10:22 AM Rahul Hardikar <rahulhardikar(a)gmail.com>
Any idea folks?
On Thu, Mar 12, 2020 at 5:52 PM Rahul Hardikar <rahulhardikar(a)gmail.com>
> I noticed the same changes when its run as a single process, the remote
> attestation method works, the moment i move the make external credential
> part to the server I hit this issue.
> Wondering what could go wrong? Do the AK keys get flushed out?
> On the client side, I have the EKCERT and EK and AK keys loaded in the
> tpm2, I save the handle of EK and AK for future use when I receive the
> credential blob and secret, so basically i fork out a thread to send the
> data (and create EK/AK) and then fork another thread to handle the
> receive part, but EK/AK handles are global and saved and no other process
> touches the TPM!
> Why would I get 0x2c4 in Esys_ActivateCredential () but works perfectly
> fine when everything is run as one thread?
> On Tue, Mar 10, 2020 at 4:22 PM Rahul Hardikar <rahulhardikar(a)gmail.com>
>> Thanks Bill.
>> Wondering why this would fail. The external make credential API, I have
>> taken from tss2 GitHub only why would secret fail? When I ran all of this
>> locally it worked, the moment I moved the make external credential to the
>> server Im hitting this?
>> Can it be because of OpenSSL 1.1.0 required in tss2 and 1.0.2 version
>> running on my server?
>> On Tue, Mar 10, 2020 at 3:36 PM Roberts, William C <
>> william.c.roberts(a)intel.com> wrote:
>>> The error codes encode a bunch of values, so you won't see that value
>>> via a straight grep.
>>> But you can use tpm2_rc_decode from the tpm2-tools project, like so:
>>> $ tpm2_rc_decode 0x2c4
>>> tpm:parameter(2):value is out of range or is not correct for the contex
>>> See the tools project:
>>> Note that the commands specification will show you what parameter 2 is:
>>> Everything after the triple line starts the parameters starting at
>>> index 1.
>>> So in this case the secret parameter is wrong.
>>> Note that since TSS version 2.3.0 a software library was also added
>>> for converting these return codes to more human understandable strings,
>>> The header file is here:
>>> and then you just link against lib tss2-rc, just in case you needed
>>> this built into
>>> your program.
>>> > -----Original Message-----
>>> > From: Rahul Hardikar [mailto:firstname.lastname@example.org]
>>> > Sent: Tuesday, March 10, 2020 5:02 PM
>>> > To: tpm2(a)lists.01.org
>>> > Subject: [tpm2] ESys_ActivateCredential
>>> > Hi All,
>>> > What does it mean when Esys_ActivateCredential returns 0x2c4? I
>>> see this
>>> > error defined anywhere.
>>> > Thanks,
>>> > Rahul