[strongSwan] PCR Composite issue
andreas.steffen at strongswan.org
Thu Jun 16 08:37:29 CEST 2016
could you send me a log with debug levels (tnc = 2, imc = 3, pts = 3)
on the client side and (tnc = 2, imv = 3, pts = 3) on the server side?
On 06/15/2016 09:58 PM, vk vk wrote:
> I am trying to use StrongSwan client and server to verify PCR values of
> a TPM .
> I followed steps outlined on your wiki regarding setting up IMA.
> I have it working to the point , where, client is sending all the PCRs
> values from file /sys/kernel/security/tpm0/ascii_bios_measurements
> to the server and these are getting registered in the attestation
> database (sqlite3 on server ) . Also installed strongTNC and marked the
> device as Trusted. All good so far but the device report in strongTNC UI
> displays "28 BIOS evidence measurements are ok; Invalid TPM Quote
> signature received"
> Looking through the server log i see message "received PCR Composite
> does not match constructed one" . Server returns from here and logs
> message Invalid TPM Quote signature received" .
> I do see that all the 28 Bios measurements registered on the server are
> matching with the one from Client. But PCR composite calculated on the
> server does not match with the one presented from Client. I verified and
> both Server and Client are using same Hash Also which is SHA1 and using
> "quote2" .
> Please suggest what could be wrong.
Andreas Steffen andreas.steffen at strongswan.org
strongSwan - the Open Source VPN Solution! www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 4275 bytes
Desc: S/MIME Cryptographic Signature
More information about the Users