Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

tpm2_create ignores --creation-hash , --creation-data and --creation-ticket #3431

Open
arianvp opened this issue Oct 18, 2024 · 3 comments
Open

tpm2_create ignores --creation-hash , --creation-data and --creation-ticket #3431

arianvp opened this issue Oct 18, 2024 · 3 comments

Comments

@arianvp
Copy link

arianvp commented Oct 18, 2024
edited
Loading

Expected behaviour

devid.hash is created.
devid.data is created.
devid.ticket is created.

Observed behaviour

Non of the files are created.

Reproducer

tpm2_createprimary --key-context srk.ctx --key-algorithm ecc > srk.yaml


tpm2_create \
    --key-algorithm ecc \
	--key-context devid.ctx \
	--parent-context srk.ctx \
	--attributes 'sign|fixedtpm|fixedparent|sensitivedataorigin|userwithauth' \
	--public devid.pub \
        --creation-data devid.data \
	--creation-hash devid.hash \
	--creation-ticket devid.ticket \
	--pcr-list 'sha256:7,11' \
	--private devid.priv > devid.yaml
@arianvp
Copy link
Author

arianvp commented Oct 18, 2024

it does work for tpm2_createprimary. Really seems to be a bug

@arianvp arianvp changed the title tpm2_create ignores --creation-hash tpm2_create ignores --creation-hash and --creation-data Oct 18, 2024
@arianvp
Copy link
Author

arianvp commented Oct 18, 2024

--creation-data also seems to be broken.

@arianvp arianvp changed the title tpm2_create ignores --creation-hash and --creation-data tpm2_create ignores --creation-hash , --creation-data and --creation-ticket Oct 18, 2024
@JuergenReppSIT
Copy link
Member

JuergenReppSIT commented Oct 18, 2024
edited
Loading

If --key-context is used the context file is created by the tpm2_createloaded command. This option can be used to avoid the normal tpm2_create and tpm2_load command sequences and do it all in one command but the data you expected will not be produced.
The files will be produced if --key-context in not used. To create the context you can use tpm2_load. It would not be bad to produce a warning in this case.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@arianvp @JuergenReppSIT