I am trying to become acquainted with a TPM2.0 (an actual chip from ST) and I found an
unexplainable behaviour of the tpm2_clear command. (I suspect the fault is on my side
As written on the man page, I did expect the tpm2_clear "Clears lockout, endorsement
and owner hierarchy authorization values."
The -c parameter takes a hierarchy, it works on platform hierarchy, but does not work on
I tried: tpm2_clear -c owner
which fails with "Unexpected handle - TPM2_RH_OWNER", probably because the owner
hierarchy is not expected there
Is there a reason for that, please?
I did expect the authorization to be cleared. So, after I set a password "p1"
for the platform hierarchy with
tpm2_changeauth -c p p1
I thought it will be cleared after calling
tpm2_clear -c p p1
so a subsequent tpm2_clear or tpm2_changeauth will not need any password anymore, but it
does as if nothing was cleared actually.
I need to call
tpm2_changeauth -c p p1 p2
to change the password again, despite I called tpm2_clear before.
What does the tpm2_clear actually clear, please? Am I doing a mistake somewhere, please?