| 18 Jul 2021 |
andi- | manveru: have you been using this on unstable with pkcs11 with e.g. OpenSSH? I've had to patch your tpm2-tss derivation to use pkcs11 | 17:02:29 |
manveru | Not yet, I'm just getting started trying to use tpm :) | 17:03:36 |
manveru | Pretty sure there's no tpm drv from me... | 17:04:02 |
@grahamc:nixos.org | andi-: okay so you CAN specify an index when defining the region, but there are defined allocations https://trustedcomputinggroup.org/wp-content/uploads/RegistryOfReservedTPM2HandlesAndLocalities_v1p1_pub.pdf | 20:02:33 |
@grahamc:nixos.org | [nix-shell:~]# tss2 getplatformcertificates
WARNING:fapi:src/tss2-fapi/ifapi_io.c:282:ifapi_io_check_create_dir() Directory /nix/store/cmkbhbf74dzy2kaxsamvkr2pbiqvhx89-tpm2-tss-3.0.3/var/run/tpm2-tss/eventlog/ does not exist, creating
WARNING:fapi:src/tss2-fapi/ifapi_io.c:282:ifapi_io_check_create_dir() Directory /root//.local/share/tpm2-tss/user/keystore does not exist, creating
WARNING:fapi:src/tss2-fapi/ifapi_io.c:282:ifapi_io_check_create_dir() Directory /nix/store/cmkbhbf74dzy2kaxsamvkr2pbiqvhx89-tpm2-tss-3.0.3/var/lib/tpm2-tss/system/keystore/policy does not exist, creating
sigh
| 20:19:05 |
andi- | That is normal :d | 20:19:18 |
andi- | I also get those and can still authenticate my SSH session | 20:19:30 |
andi- | But yeah it is not optimal.. | 20:19:44 |
andi- | I hope I'll have some time to read the TPM2.0 spec next week. Been not doing much since Thursday and the weekend was occupied otherwise | 20:20:31 |
@grahamc:nixos.org | understandable | 20:21:00 |
@grahamc:nixos.org | I wonder why getplatformcertificates is suddenly part of tss and not the tpm2 command | 20:21:23 |
andi- | the developers of tss needed it before they started the tpm2 tool? | 20:22:09 |
@grahamc:nixos.org | hm | 20:22:21 |
| 19 Jul 2021 |
manveru | does anyonne know if there's some way to turn tpm emulation on for a nixos test? | 06:23:46 |
andi- | The current VM infrastructure doesnt allow that. You have to run an additional daemon | 07:13:39 |