You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
sm3_256: [ ]
i want to reallocate them to sha384 with :
tpm2_pcrallocate -P sha384:all , it gives those errors :
WARNING:esys:src/tss2-esys/api/Esys_PCR_Allocate.c:313:Esys_PCR_Allocate_Finish() Received TPM Error
ERROR:esys:src/tss2-esys/api/Esys_PCR_Allocate.c:110:Esys_PCR_Allocate() Esys Finish ErrorCode (0x000009a2)
ERROR: Could not allocate PCRs.
ERROR: Esys_PCR_Allocate(0x9A2) - tpm:session(1):authorization failure without DA implications
ERROR: Failed TPM2_CC_ECDH_ZGen
ERROR: Unable to run tpm2_pcrallocate
i searched a bit and i read this, it says that :
This can only be changed through system firmware – the operation done by tpm2_pcrallocate requires "platform" authorization, which means it can only be performed by system firmware and not by the OS.
so isnt there a way to do it in the OS ? really ? , & if true , could it be done if this utilitty packaged as efi executable ? or the initialization is done already by the firmware at every boot , & modifying the pcrs would abslotlly require the firmware intervention!
The text was updated successfully, but these errors were encountered:
tpm2_getcap pcrs output :
selected-pcrs:
i want to reallocate them to sha384 with :
tpm2_pcrallocate -P sha384:all , it gives those errors :
WARNING:esys:src/tss2-esys/api/Esys_PCR_Allocate.c:313:Esys_PCR_Allocate_Finish() Received TPM Error
ERROR:esys:src/tss2-esys/api/Esys_PCR_Allocate.c:110:Esys_PCR_Allocate() Esys Finish ErrorCode (0x000009a2)
ERROR: Could not allocate PCRs.
ERROR: Esys_PCR_Allocate(0x9A2) - tpm:session(1):authorization failure without DA implications
ERROR: Failed TPM2_CC_ECDH_ZGen
ERROR: Unable to run tpm2_pcrallocate
i searched a bit and i read this, it says that :
This can only be changed through system firmware – the operation done by tpm2_pcrallocate requires "platform" authorization, which means it can only be performed by system firmware and not by the OS.
so isnt there a way to do it in the OS ? really ? , & if true , could it be done if this utilitty packaged as efi executable ? or the initialization is done already by the firmware at every boot , & modifying the pcrs would abslotlly require the firmware intervention!
The text was updated successfully, but these errors were encountered: