[strongSwan] PCR Composite issue

Andreas Steffen andreas.steffen at strongswan.org
Thu Jun 16 08:37:29 CEST 2016


could you send me a log with debug levels (tnc = 2, imc = 3, pts = 3)
on the client side and (tnc = 2, imv = 3, pts = 3) on the server side?

Best regards


On 06/15/2016 09:58 PM, vk vk wrote:
> Hello,
> I am trying to use StrongSwan client and server to verify PCR values of
> a TPM .
> I followed steps outlined on your wiki regarding setting up IMA. 
> I have it working to the point , where, client is sending all the PCRs
> values from file  /sys/kernel/security/tpm0/ascii_bios_measurements
> to the server and these are getting registered in the attestation
> database (sqlite3 on server )  . Also installed strongTNC and marked the
> device as Trusted. All good so far but the device report in strongTNC UI
> displays "28 BIOS evidence measurements are ok; Invalid TPM Quote
> signature received"
> Looking through the server log i see message "received PCR Composite
> does not match constructed one" . Server returns from here and logs
>  message Invalid TPM Quote signature received" .
> I do see that all the 28 Bios measurements registered on the server are
> matching with the one from Client. But PCR composite calculated on the
> server does not match with the one presented from Client. I verified and
> both Server and Client are using same Hash Also which is SHA1 and using
> "quote2" . 
> Please suggest what could be wrong.
> -V
Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Open Source VPN Solution!          www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4275 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20160616/e03113c4/attachment.bin>

More information about the Users mailing list