I don’t see that safe value coming out of quote. The only reference I can find is in the spec is in regards to clock.
Can you be more specific?
From: tpm2 [mailto:email@example.com]
On Behalf Of Ian Oliver
Sent: Tuesday, March 13, 2018 6:11 AM
Subject: [tpm2] tpm2_quote and "safe"
other than various clock errors what causes the safe flag to be set to 1 as written into the output of tpm2_quote ?
We're seeing some odd behaviour from some machines where safe is always set to 1 (Lenovo laptop) and on other servers occasionally safe is set to 1 and then returning to 0 on subsequent quotes.
For example, we might take a number of quotes over time, eg: 5 minutes apart. One of those quotes will have safe set to 1, the others are all 0. During this time the machine will *not* have experienced a reboot/reset nor - as far as we
can tell - any form of powersave or shutdown. We've also noticed that safe gets set to 1 only on some quotes, eg: when quoting sha256:16,17,18 for the DRTM measurements.
The machines are all Xeon-E5 based servers, TPM2.0, tpm2_tools 1.3-rc2 installed, Ubuntu 17.04 with 4.13 kernel
Any information appreciated here,
Dr. Ian Oliver