-
Notifications
You must be signed in to change notification settings - Fork 145
Open and Resolved Issues
Stefan Berger edited this page Dec 11, 2018
·
23 revisions
- The tcsd (TrouSerS) package fails to install on Ubuntu on a system where
/dev/tpm0is a TPM 2; it works fine if /dev/tpm0 is missing due to no TPM on the system; To have the issue resolved, the following bug report has been filed with Debian/Ubuntu: https://bugs.launchpad.net/ubuntu/+source/trousers/+bug/1802133- We need tcsd as part of swtpm-tools to be able to support virtualizing a TPM 1.2
- Also see issue 88: https://github.com/stefanberger/swtpm/issues/88
-
tpmtoolis not packaged by Ubuntu as part of GnuTLS package- Using the host's TPM 1.2 as a CA will not work
- Older versions of the TPM 1.2 NVRAM tpm-tools are not working correctly, which results in failures in the
test_parameterstest case Test 15. The bug has been fixed in recent versions of the tpm-tools package. - Some versions of the gnutls tools (gnutls-utils-3.6.3-2.fc28.x86_64) cannot read ECC public keys, which causes a failure of the
test_tpm2_swtpm_cert_ecctest case. This has been fixed in gnutls (Bug Report). - Older versions of the Intel and IBM TSS 2 cannot deal with more than 3 PCR banks, even though only 2 banks are enabled. The reason is that the TSS stacks did not support TPM 2 messages reporting about more than 3 PCR banks. Both TSS 2 stacks have been extended to support this, though. The Intel TSS 2 on Fedora (f28: tpm-tools-3.0.4-1, f26: tpm2-tools-2.1.1-1, tpm2-tss-1.2.0-1) doesn't seem to have this problem.
- Gnutls 3.6.5 starts supporting --srk-well-known in tpmtool, otherwise it is impossible to create a key if the TPM 1.2 has the well known password of 20 zero bytes.