Hi, Łukasz, First, thanks for the previous answer. It has helped me move forward with remote attestation.
While implementing the remote attestation procedure, I attempted to extend the TPM's PCRs further. More precisely, PCR 21 is locked behind locality 2. Therefore only a trusted OS can extend it. However, I can't extend that PCR, even though the txt-stat tool shows the following: "TXT measured launch: TRUE secrets flag set: TRUE ... locality_1_open: TRUE locality_2_open: TRUE " The tpm2_pcrwrite command returns the following error: " tpm:warn(2.0): bad locality " So, from the previous message explanation, I can't write an LCP due to some platform misconfigurations. These configurations don't allow me to write the LCP to the expected NVINDEX. I wrote a VLP instead, which up until this point, was working as expected. Is using a VLP instead of an LCP the reason for not being able to write to locality 2 PCRs? Or is there something else I'm missing on? Best Regards, Miguel Mota ________________________________ De: Łukasz Hawryłko <luk...@hawrylko.pl> Enviado: 10 de outubro de 2022 10:01 Para: Miguel Mota <miguel.m...@ua.pt>; tboot-devel@lists.sourceforge.net <tboot-devel@lists.sourceforge.net> Assunto: Re: [tboot-devel] TBOOT on a PowerEdge R730 with a TPM2.0 Hi Miguel On Fri, 2022-10-07 at 14:30 +0000, Miguel Mota wrote: > If I change either the kernel or the initrd the system still boots as > expected (since I have policy of continue instead of halt) and the > PCR will have different values (as expected) but the TBOOT tool says > the "TXT Measured Launch: True" when I expected it to to be false. Am > I miss-interpreting the normal behaviour of TXT here? Also, is this > VLP (without the LCP) enough for remote attestation? I'd say yes > since pcr 17-20 have all the required information and they can't be > altered by an bad actor due to their locality requirements. "TXT Measured Launch: True" means that system was successfully booted with TXT. Measured launch is a process where measures of boot components are collected and stored to TPM PCRs, but not verified. This is the standard behaviour of TXT. For remote attestation you don't have to provision LCP or VLP, because default policies already collect measurements. You can use LCP or VLP to configure what PCRs will be extended with particular boot components, but in general this is not required. To sum up, you are right, your system is ready to enable remote attestation. Thanks, Lukasz
_______________________________________________ tboot-devel mailing list tboot-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tboot-devel