-----Original Message----- From: tpm2 [mailto:tpm2-bounces@lists.01.org] On Behalf Of Litjes, Christian Sent: Thursday, August 30, 2018 1:18 AM To: tpm2(a)lists.01.org Subject: [tpm2] TPM2 changing the DictionaryAttackParamaters Hi everyone, I'm trying to setup a system with the cryptfs2 and tpm2-tooling which is currently working but I'd like to change the DictionaryAttackParamater recovery time. I've tried the following (scenario 1) Reset TPM from the bios Tmp2_takeownership -T "device" -L "1234567890" Tpm2_dictionarylockout -s -n 32 -l 86400 -t 5 -p "1234567890" I get a warning: the command may require writing of NV and NV is not current accessible. If I check the settings with: Tpm2_getcap -c properties-variable I notice they are not changed Reset TPM from the bios Tpm2_dictionarylockout -s -n 32 -l 86400 -t 5 -p "1234567890" Tpm2_getcap -c properties-variable Values are written Tmp2_takeownership -T "device" -L "1234567890" Tpm2_getcap -c properties-variable Settings are reset to default What would I need to do to get the first scenario to work? I know I'm combining tools from 2.x with master. But that's because the cryptfs tooling is dependent on 2.x. How can I unlock the NV, I've found tpm2_release but I've got no clue what to release. Kind Regards, Christian Litjes ________________________________ The information contained in this message may be confidential and legally protected under applicable law. The message is intended solely for the addressee(s). If you are not the intended recipient, you are hereby notified that any use, forwarding, dissemination, or reproduction of this message is strictly prohibited and may be unlawful. If you are not the intended recipient, please contact the sender by return e-mail and destroy all copies of the original message.