Comments (3)
Error codes are provided in the TPM specification.
In order to help i need more information what you are doing. What TrustedGRUB2 commands are you using?
You can also try to turn on debug mode:
https://github.com/Rohde-Schwarz-Cybersecurity/TrustedGRUB2#162-debug-output
from trustedgrub2.
Hi,
let me clear you what exactly we are trying to do,
The general idea of this test case is the following: We will seal a piece of data using TPM and try to unlock it from TrustedGrub2. Every time I try to unseal the key I get a TCG_PassThroughFail: 0xc0000 error.
The test is as follows:
Download VirtualBox or VMWare
Download Ubuntu 16.04 (http://releases.ubuntu.com/16.04/ubuntu-16.04.2-desktop-amd64.iso)
Install the OS
sudo apt-get update
sudo apt-get install build-essential automake autopoint libtool libtspi-dev bison flex git
wget https://github.com/Rohde-Schwarz-Cybersecurity/TrustedGRUB2/archive/1.4.0.tar.gz
tar xzf 1.4.0.tar.gz
cd TrustedGRUB2-1.4.0/
export INSTALL_DIR=/path/to/install_dir
./autogen.sh
./configure --prefix=$INSTALL_DIR --target=i386 -with-platform=pc
make CPPFLAGS=-DTGRUB_DEBUG && make install
If everything goes well we should have a file called grub-install under $INSTALL_DIR/sbin/
I installed TrustedGrub2 into a USB stick using the following command:
sudo $INSTALL_DIR/sbin/grub-install --directory=$INSTALL_DIR/lib/grub/i386-pc /dev/sdb ; # device name may be different in your case
Build tpm-tools and tpm ownership
I used Ubuntu 16.04 running on a machine that we want to seal/unseal a key.
Clear and enable TPM (from BIOS)
Boot the OS
sudo apt-get update
sudo apt-get install git
git clone https://github.com/shpedoikal/tpm-tools.git
git checkout tpm-sealdata-raw (# checking out this branch is very important because it adds the -r option to tpm_sealdata).
sudo apt-get install automake autoconf libtool gettext trousers trousers-devel libtspi-dev autopoint (link to instructions https://github.com/shpedoikal/tpm-tools)
sh ./bootstrap.sh
export TPM_DIR=/path/to/tpm_build_dir
./configure --prefix=$TPM_DIR
make && make install
$TPM_DIR/sbin/tpm_takeownership -y -z
$TPM_DIR/sbin/tpm_setenabled --enable -z
$TPM_DIR/sbin/tpm_setactive -z
Create a key
echo “TPM UNSEAL FROM GRUB” > /tmp/key
#seal the key now that we own the TPM using PCRs 8 and 9
$TPM_DIR/bin/tpm_sealdata -p 8 -p 9 -z -r -i /tmp/key -o /tmp/key.enc
If everything goes well we should have a sealed key named ‘/tmp/key.enc’.
We should now copy the sealed key to a place that we can access from TrustedGrub2. I copied /tmp/key.enc to the root of the USB drive that we installed TrustedGrub2.
Reboot the system and boot it using the newly created image. Press ‘c’ in the TrustedGrub2 menu. Execute the following command from the grub menu:
grub> unseal /root/key.enc
I always get an error after this step
TCG_PassThroughFail: 0xc0000
from trustedgrub2.
Unfortunately, this project is deprecated and no longer maintained. I will be closing this issue.
from trustedgrub2.
Related Issues (20)
- Problem with two raid HOT 2
- TCG_PassThroughFail: 0xc0000 while unsealing the key HOT 2
- Error build TrustedGrub2 HOT 3
- make: "/usr/bin/ld: -r and -pie may not be used together" HOT 1
- TPM2.0 Support? HOT 1
- cryptomount: unknown argument '-k' ; What am I missing? HOT 1
- How to
- Backporting old options HOT 2
- Tag release 1.5.0? HOT 1
- grub> prompt? HOT 1
- Can't compile TrustedGRUB2 with GCC 8 HOT 1
- Hi, HOT 1
- Should I change to ./configure --prefix=INSTALLDIR --target=x86_64 -with-platform=pc HOT 1
- show "TrustedGRUB2 TPM Error" when boot HOT 1
- Minimal BASH-like at boot, then what HOT 1
- Grub 2.04 HOT 1
- Grub Menu Edits still booting HOT 2
- make failed with error: recipe for target 'moddep.lst' failed
- Dev question about UEFI implmentation HOT 1
- TrustedGrub2 stuck on boot HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from trustedgrub2.