<html>
<head>
<style><!--
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
font-size: 12pt;
font-family:Calibri
}
--></style></head>
<body class='hmmessage'><div dir='ltr'><br><div>
<style><!--
.ExternalClass .ecxhmmessage P {
padding:0px;
}
.ExternalClass body.ecxhmmessage {
font-size:12pt;
font-family:Calibri;
}
--></style>
<div dir="ltr"><font face="-webkit-standard"><span style="background-color:rgb(255, 255, 255);">Hello,</span></font><div><font face="-webkit-standard"><span style="background-color:rgb(255, 255, 255);">I am trying to use StrongSwan client and server to verify PCR values of a TPM .</span></font></div><div><font face="-webkit-standard"><span style="background-color:rgb(255, 255, 255);">I followed steps outlined on your wiki regarding setting up IMA. </span></font></div><div><font face="-webkit-standard"><span style="background-color:rgb(255, 255, 255);">I have it working to the point , where, client is sending all the PCRs values from file </span></font><span style="font-size:12pt;"> /sys/kernel/security/tpm0/ascii_bios_measurements</span></div><div><font face="-webkit-standard"><span style="background-color:rgb(255, 255, 255);">to the server and these are getting registered in the attestation database (sqlite3 on server ) . Also installed strongTNC and marked the device as Trusted. All good so far but the device report in strongTNC UI displays "</span></font><span style="color:rgb(51, 51, 51);font-family:'Helvetica Neue', Helvetica, Arial, sans-serif;font-size:14px;widows:1;background-color:rgb(249, 249, 249);">28 BIOS evidence measurements are ok; Invalid TPM Quote signature received"</span></div><div><span style="color:rgb(51, 51, 51);font-family:'Helvetica Neue', Helvetica, Arial, sans-serif;font-size:14px;widows:1;background-color:rgb(249, 249, 249);">Looking through the server log i see message "</span><span style="font-family:Menlo;font-size:11px;">received PCR Composite does not match constructed one" . Server returns from here and logs message </span><span style="color:rgb(51, 51, 51);font-family:'Helvetica Neue', Helvetica, Arial, sans-serif;font-size:14px;widows:1;background-color:rgb(249, 249, 249);">Invalid TPM Quote signature received"</span><span style="font-family:Menlo;font-size:11px;"> .</span></div><div><font face="Menlo"><span style="font-size:11px;">I do see that all the 28 Bios measurements registered on the server are matching with the one from Client. But PCR composite calculated on the server does not match with the one presented from Client. I verified and both Server and Client are using same Hash Also which is SHA1 and using "quote2" . </span></font></div><div><font face="Menlo"><span style="font-size:11px;">Please suggest what could be wrong.</span></font></div><div><font face="Menlo"><span style="font-size:11px;"><br></span></font></div><div><font face="Menlo"><span style="font-size:11px;">-V</span></font></div><div><br></div><div><span style="font-family:Menlo;font-size:11px;"><br></span></div><div><span style="font-family:Menlo;font-size:11px;"><br></span></div><div></div> </div></div> </div></body>
</html>