[strongSwan] PCR Composite issue
charak at hotmail.com
Wed Jun 15 21:58:39 CEST 2016
Hello,I am trying to use StrongSwan client and server to verify PCR values of a TPM .I followed steps outlined on your wiki regarding setting up IMA. I have it working to the point , where, client is sending all the PCRs values from file /sys/kernel/security/tpm0/ascii_bios_measurementsto the server and these are getting registered in the attestation database (sqlite3 on server ) . Also installed strongTNC and marked the device as Trusted. All good so far but the device report in strongTNC UI displays "28 BIOS evidence measurements are ok; Invalid TPM Quote signature received"Looking through the server log i see message "received PCR Composite does not match constructed one" . Server returns from here and logs message Invalid TPM Quote signature received" .I do see that all the 28 Bios measurements registered on the server are matching with the one from Client. But PCR composite calculated on the server does not match with the one presented from Client. I verified and both Server and Client are using same Hash Also which is SHA1 and using "quote2" . Please suggest what could be wrong.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Users