| 16 Jul 2021 |
 andi- | how about https://md.darmstadt.ccc.de/tpm2# ? | 18:59:52 |
| andi- | It is graphviz and collaborative | 18:59:58 |
 @grahamc:nixos.org | oh wowo | 19:00:37 |
| @grahamc:nixos.org | nice | 19:00:54 |
| andi- | There you go :P | 19:01:07 |
| @grahamc:nixos.org | page 67 TPM_PT_LOCKOUT_RECOVERY https://trustedcomputinggroup.org/wp-content/uploads/TPM-Rev-2.0-Part-2-Structures-01.38.pdf | 19:23:51 |
| @grahamc:nixos.org | not pointing anything out there just a primary source for the meaning of these values | 19:26:30 |
| @grahamc:nixos.org removed the room topic "Exploring TPMs on NixOS". | 19:31:12 |
| @grahamc:nixos.org | andi-: should I change the main address to be #tpm:nixos.org? | 19:37:09 |
| andi- | Sure | 19:37:56 |
| @grahamc:nixos.org | I'm a little confused, failedTries hasn't decremented despite recoveryTime elapsing several times | 19:42:47 |
| @grahamc:nixos.org | so, seeing this happen I decided to look at the spec | 19:45:54 |
| @grahamc:nixos.org |
failedTries(NV) โThis counter is incremented when the TPM returns TPM_RC_AUTH_FAIL. TPM2_Clear() will reset this counter to zero. This counter is also set to zero on a successful invocation of TPM2_DictionaryAttackLockReset(). This counter is decremented by one after recoveryTimeseconds if:the TPM does not record an authorization failure of a DA-protected entity,there is no power interruption, andfailedTriesis not zero
| 19:46:14 |
| @grahamc:nixos.org | I think I have errata lol | 19:47:56 |
| @grahamc:nixos.org | andi-: do you have a handy tpm simulator's source link? | 19:51:04 |
| andi- | One sec I read that earlier somewhere. If you use libvirt that is supposed to just work but with QEMU you have to launch a daemon.. | 19:51:37 |
| andi- | https://documentation.suse.com/sles/15-SP3/html/SLES-all/tpm.html | 19:52:04 |
| @grahamc:nixos.org | hm | 19:58:23 |
| @grahamc:nixos.org | annoying | 20:01:01 |
| @grahamc:nixos.org | and I'm sort of out of energy to dig in to this to see why it isn't decrementing | 20:01:12 |
| @grahamc:nixos.org | but I suppose it has to do wit this: | 20:01:15 |
| andi- | perhaps the TPM needs the current time? | 20:01:31 |
| @grahamc:nixos.org | TPM2_PT_PERSISTENT:
ownerAuthSet: 0
endorsementAuthSet: 0
lockoutAuthSet: 0
reserved1: 0
disableClear: 0
inLockout: 0
tpmGeneratedEPS: 0
reserved2: 0
| 20:01:36 |
| @grahamc:nixos.org | * [nix-shell:~]#
TPM2_PT_PERSISTENT:
ownerAuthSet: 0
endorsementAuthSet: 0
lockoutAuthSet: 0
reserved1: 0
disableClear: 0
inLockout: 0
tpmGeneratedEPS: 0
reserved2: 0
| 20:01:50 |
| @grahamc:nixos.org | * [nix-shell:~]# tpm2 getcap properties-variable
TPM2_PT_PERSISTENT:
ownerAuthSet: 0
endorsementAuthSet: 0
lockoutAuthSet: 0
reserved1: 0
disableClear: 0
inLockout: 0
tpmGeneratedEPS: 0
reserved2: 0
| 20:02:03 |
| andi- | $ tpm2 getcap properties-variable
TPM2_PT_PERSISTENT:
ownerAuthSet: 0
endorsementAuthSet: 0
lockoutAuthSet: 0
reserved1: 0
disableClear: 0
inLockout: 0
tpmGeneratedEPS: 1
reserved2: 0
TPM2_PT_STARTUP_CLEAR:
phEnable: 1
shEnable: 1
ehEnable: 1
phEnableNV: 1
reserved1: 0
orderly: 1
TPM2_PT_HR_NV_INDEX: 0x0
TPM2_PT_HR_LOADED: 0x0
TPM2_PT_HR_LOADED_AVAIL: 0x3
TPM2_PT_HR_ACTIVE: 0x0
TPM2_PT_HR_ACTIVE_AVAIL: 0x40
TPM2_PT_HR_TRANSIENT_AVAIL: 0x6
TPM2_PT_HR_PERSISTENT: 0x0
TPM2_PT_HR_PERSISTENT_AVAIL: 0x7
TPM2_PT_NV_COUNTERS: 0x0
TPM2_PT_NV_COUNTERS_AVAIL: 0x19
TPM2_PT_ALGORITHM_SET: 0x0
TPM2_PT_LOADED_CURVES: 0x3
TPM2_PT_LOCKOUT_COUNTER: 0x0
TPM2_PT_MAX_AUTH_FAIL: 0x3
TPM2_PT_LOCKOUT_INTERVAL: 0x3E8
TPM2_PT_LOCKOUT_RECOVERY: 0x3E8
TPM2_PT_NV_WRITE_RECOVERY: 0x0
TPM2_PT_AUDIT_COUNTER_0: 0x0
TPM2_PT_AUDIT_COUNTER_1: 0x0
| 20:24:59 |
| andi- | did yours report less or did you just stop copying? | 20:26:05 |
| @grahamc:nixos.org | stopped copying | 20:33:52 |
| @grahamc:nixos.org | my guess is that because I haven't set a lockoutauth it isn't decrementing for some reason | 20:34:01 |
|  colemickens ๐ณ๏ธโ๐ joined the room. | 22:07:58 |
