- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
We are using SLB9672 TPM module over SPI interface on our custom platform. We are able to perform StartUp & SelfTest (full) for TPM device.
But I am facing issue while performing PCR_Extend. we are using tpm2-tss 2.2.3 stack to perform this operation.
Please find raw send command and response we are getting from TPM module. we are using SHA384 algo.
Send command:
80 2 0 0 0 51 0 0 1 82 0 0 0 0 0 0 0 9 40 0 0 9 0 0 1 0 0 0 0 0 1 0 C [Hash value of SHA384]
Response:
80 1 0 0 0 A 0 0 1 C3
I am getting response code 1C3. Not sure why I am observing this error. Can you please help to identify the root cause.?
Solved! Go to Solution.
- Tags:
- tpm2
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @devang1990,
As provided in the datasheet of SLB 9672, this TPM supports only 24PCRs (1 bank only). According to TCG PC Client Platform TPM Profile (PTP) Specification”, Family 2.0, Level 00, Rev. 01.05 v14, Septe...(section 4.7), the default hash algorithm is SHA256 if the TPM supports only one bank of PCRs.
To change the default algorithm to SHA384 "TPM2_PCR_Allocate" command can be used. Refer to section 22.5 for more details.
Thanks,
Sneha
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @devang1990,
The error you are facing is "hash algorithm not supported or not appropriate". Please let us know if you have access to myICP (product datasheet) to provide a resolution.
myICP link: https://myicp.infineon.com/SitePages/Portal.aspx
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@Sneha_P , myICP is not accessible to me. it gives me "You are not authorized to access this service" error.
I am using SHA384 algo ID value is 0x000c as per TCG spec. Let me know if that is invalid.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Please contact your distributor to get access to myICP.
As provided in the datasheet of SLB 9672- https://solutions.futureelectronics.cn/downloads/infineon202207/Infineon-OPTIGA%20TPM%20SLB%209672%2... ,
SHA384 is a supported algorithm.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @devang1990,
As provided in the datasheet of SLB 9672, this TPM supports only 24PCRs (1 bank only). According to TCG PC Client Platform TPM Profile (PTP) Specification”, Family 2.0, Level 00, Rev. 01.05 v14, Septe...(section 4.7), the default hash algorithm is SHA256 if the TPM supports only one bank of PCRs.
To change the default algorithm to SHA384 "TPM2_PCR_Allocate" command can be used. Refer to section 22.5 for more details.
Thanks,
Sneha
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@Sneha_P , Thanks for pointers. I will try this out and update. Meanwhile we are also starting process to get access of myICP for future support.