We can only find a reference to the clock too which is what has us a little confused.
Basically we can takes quotes, within that structure is the
struct which contains field safe:
. We can take a series of quotes, say, a few minutes apart and see that particular value change to 1 and then back to 0.
The TPM is not being shutdown during this time, ie: the whole machine is powered on and running normally and thus no reason to suspect that the clock is in some inconsistent state as according to the spec.
Is it possible that the TPM is being powered off by the CPU in some power saving mode and therefore causing the current clock value not to be saved and reread correctly when the TPM is restarted? We've a script that parses the quote and maps this the JSON - we've checked that and it is functioning fine (across half a dozen machines and literally 1000s of quotes now), the quote value obtained from the TPM isn't being changed in anyway (we check the signature against the AK), therefore our hunch is that something very low down in the system is causing this.
I can send details of the machines and processors off-list if you want.