On Mon Nov 20, 2023 at 12:05 AM EET, Jarkko Sakkinen wrote: > On Wed Nov 15, 2023 at 11:56 PM EET, Stefan Berger wrote: > > > > > > On 10/23/23 21:15, Jarkko Sakkinen wrote: > > > > > For TPM1 I tried: > > > > > > keyctl add trusted kmk "new 32" @u > > > > > > This caused TPM error 18, which AFAIK means that there is not SRK (?), > > > which is probably an issue in my swtpm configuration, which is visible > > > in board/qemu/start-qemu.sh.in. > > > > FYI: This would create a TPM 1.2 with an SRK with password 'sss': > > > > swtpm_setup --tpmstate=./ --create-ek-cert --take-ownership --overwrite > > --srkpass sss --ownerpass ooo > > Thanks! I'll update my scripts in my BuildRoot repository. The repository helps to verify that tpm_buf changes don't break anything. I created it because I saw it as too high risk not to verify tpm_buf changes properly, as everything uses them. Any bug in HMAC session feature itself would be optimally only local to the feature and not something that spreads everywhere. So both the patch set itself and also the BuildRoot repository effectively manages this risk. BR, Jarkko
