I found during my investigations that the TPM 2.0 versions of the LCP tools (in
lcptools-v2) aren’t writing fully valid policies. One of the first things I
encountered is that with a newer Intel ACM, it noticed that my generated
policies had their algorithm set (SHA-256 = 0xB), but the allowed a
Hi Xiao, Greg,
Adding to what Greg said, I would start by loading a POLTYPE_ANY and then
checking the Event log from txt-stat to see if the policy has been read.
After that, go ahead and use the gen2 tools to create the policies.
Keep in mind that the logs you sent are not about the LCP but about
On Wed, Jul 12, 2017 at 06:01:02PM -0700, Xiao Li wrote:
> Hi,
>
> Wish everyone has a good day.
Hi Xiao, I hope this note finds you day and week going well.
> I have been trying to use tpm2-tools and tboot to setup LCP policy
> for my platform using TPM 2.0. I have successfully done it with
>
