332 questions
- Bountied 0
- Unanswered
- Frequent
- Score
- Trending
- Week
- Month
- Unanswered (my tags)
0
votes
0
answers
58
views
C# TSS Interacting with the TPM
public static AESTPMKey OpenOrCreateAesRootKey()
{
const uint persistentHandleValue = 0x81000001;
var persistentHandle = new TpmHandle(persistentHandleValue);
// 1️⃣ Connect to TPM
...
Advice
0
votes
1
replies
28
views
setup F5vpn using key stored in TPM?
Can I setup an F5VPN connection using a key generated and stored inside the TPM of my Linux laptop? Platform is Debian 13? AFAICT f5fpc is based upon openssl (which could imply PKCS#11 support), but ...
2
votes
0
answers
76
views
Using OpenSSL provider to delegate TLS_PSK_WITH_NULL_SHA256 key operations to TZ or TPM
I am developing software that uses OpenSSL for implementing a TLS client. I am developing it in the C++ language, to run in Linux for ARM 64-bit.
I intend to use the cipher TLS_PSK_WITH_NULL_SHA256.
...
0
votes
0
answers
77
views
PowerShell: Preserving BitLocker XTS-AES 128 Recovery Password Across Disable/Enable for WinRE Modification
I'm developing a PowerShell script to temporarily disable BitLocker, perform modifications to the Windows Recovery Environment (WinRE), and then re-enable BitLocker. I cannot use Suspend-BitLocker ...
0
votes
0
answers
60
views
Trying to understand tpm2_startauthsession
Im trying to understand the difference between the option of
--hmac-session and --policy-session in the tpm2_startauthsession command of tpm2-tools.
I am relativly new to TPM coding/commands and ...
0
votes
0
answers
49
views
TPM2 Openssl verification Fails
I am experimenting with TPM. I am using windows sdk libs (pre-installed) to generate and export keys. Then i use the same appraoch to create a detached hash for a file.
Key Generation:
bool ...
0
votes
1
answer
104
views
How should I quote using tpm2-pytss?
I'm trying to create a quote on my server for remote attestation. I don't want to sign it, but pytss doesn't give me that choice. Thus, after creating a storage root key, I'm trying to create an ...
1
vote
1
answer
301
views
How to use TPM2 key with password protection in OpenSSL (handle-based key)
I'm working on a project where I generate a TPM-protected private key using tpm2-pytss in Python, and then try to use that key in OpenSSL to generate a certificate.
However, I face an issue when the ...
2
votes
1
answer
113
views
Why can't I write registers on my TPM? (Infineon SLB 9670)
I'm trying to write a driver for the Infineon SLB 9670 TPM to use it on an embedded system (AD Blackfin ADSP-BF607).
So far I'm able to read registers but I fail when I try to perform a write ...
1
vote
0
answers
98
views
How to persist a string in the TPM by using the ESYS API?
I want to store a short string like "foo: bar, abc: def" inside of the TPM.
While tss2 CLI commands seem to work pretty well in doing so, I feel pretty lost in trying to achieve the same ...
0
votes
0
answers
145
views
Recreating TPM (Trusted platform module) PCR 10 from Linux IMA (Integrity Measurement Architectur) log
I created a VM on google cloud platform. After creating it, I edited /etc/default/grub file by adding additional kernel command line parameters so that I would enable IMA module:
...
2
votes
1
answer
389
views
OpenSSL tpm2 provider - support for password protected TPM private key
Is it possible to use a password protected key from a TPM2 with the openssl function OSSL_STORE_open_ex using the tpm2-openssl provider?
Based on: https://stackoverflow.com/a/78205985/13622395 I build ...
0
votes
0
answers
34
views
Is there any system level logs about secure enclave on macos?
I've created the key pair in secure enclave on macos, but it cannot be found after reboot, which is unexpected. Is there any system level logs which could help me troubleshooting?
-2
votes
2
answers
203
views
Simulate Platform Authenticator with Virtual TPM [closed]
I want to use WebAuthn based authentication in Firefox on Ubuntu 24.04 without a hardware TPM or a separate hardware "security key" (e.g. yubikey).
When it works I would expect a page like ...
0
votes
0
answers
97
views
NCryptFinalizeKey Fails with ‘Access Denied’ After Setting Security Descriptor on Machine Key
I’m using the Windows CNG API to create a TPM-stored (or MS KSP) RSA key and want to allow non-administrative users to access it. My goal is to generate a machine level key (non-exportable) which can ...