I don’t see that safe value coming out of quote. The only reference I can find is in the
spec is in regards to clock.
Can you be more specific?
From: tpm2 [mailto:email@example.com] On Behalf Of Ian Oliver
Sent: Tuesday, March 13, 2018 6:11 AM
Subject: [tpm2] tpm2_quote and "safe"
other than various clock errors what causes the safe flag to be set to 1 as written into
the output of tpm2_quote ?
We're seeing some odd behaviour from some machines where safe is always set to 1
(Lenovo laptop) and on other servers occasionally safe is set to 1 and then returning to 0
on subsequent quotes.
For example, we might take a number of quotes over time, eg: 5 minutes apart. One of those
quotes will have safe set to 1, the others are all 0. During this time the machine will
*not* have experienced a reboot/reset nor - as far as we can tell - any form of powersave
or shutdown. We've also noticed that safe gets set to 1 only on some quotes, eg: when
quoting sha256:16,17,18 for the DRTM measurements.
The machines are all Xeon-E5 based servers, TPM2.0, tpm2_tools 1.3-rc2 installed, Ubuntu
17.04 with 4.13 kernel
Any information appreciated here,
Dr. Ian Oliver
Privacy Engineering: via Amazon<http://www.amazon.co.uk/dp/1497569710>