From the previous messages, I learned how salted sessions exchange keys
and are encrypted.
However, I have yet to get an idea to prevent MITM attacks.
I was able to get an salted session in the following way.
tpm2_startauthsession -S session.ctx
tpm2_policypcr -Q -S session.ctx -l sha256:0,2,4 -L pcrs.sha256.policy
tpm2_createprimary -C o -c tpm-primary.ctx
tpm2_startauthsession --hmac-session -c tpm-primary.ctx -S session.ctx
tpm2_create -g sha256 -u seal.pub -r seal.priv -i INPUT_KEY -C
session.ctx -L pcrs.sha256.policy
tpm2_load -C tpm-primary.ctx -u seal.pub -r seal.priv -n seal.name -c
tpm2_evictcontrol -C o -c tpm-seal.ctx 0x81000002
tpm2_startauthsession --policy-session -S session.ctx
tpm2_policypcr -S session.ctx -l sha256:0,2,4
tpm2_unseal -p session:session.ctx -c 0x81000002 -o OUTPUT_KEY
However, in my opinion, from the tpm2_startauthsession part of the
unsealing process, an MITM attack is performed to establish a session
between the attacker-PC and the TPM-attacker session is established so
that the attacker will be able to obtain plaintext data for subsequent
Thanks & Regards,
------ Previous Message ------
>"Steven Clark" <davolfman(a)gmail.com> wrote on 08/02/2021 01:26:56 PM:
> > I think it may be an optional standard but my TPM has some certs
> > permanently stored in nv-indices in the 0x1c0000x range that can be
> > checked against the manufacturer cert. I haven't learned how to
> > leverage those into trusted parameter encryption keys yet but they
> > should be able to verify there's a real TPM at the other end at the
> > very least (and more if you learn to use them correctly).
>The EK certificates in NV are in theory optional, but every TPM
>I have encountered has them.
>Checking the certificate against the manufacturer's CA is
>a standard crypto library function.
>Once you have an authentic EK, create a salted session using
>Once you have the salted session, set the encrypt and/or decrypt bit
>when running the command.
>Underneath, there's some complicated crypto, but it's all
>hidden from the application.
>tpm2 mailing list -- tpm2(a)lists.01.org
>To unsubscribe send an email to tpm2-leave(a)lists.01.org