ptsc -t (selftest) is fail with Infineon v1.2 TPM.
log
TCSD TCS tcs_key.c:242 canILoadThisKey: YES
TCSD TCS tcsi_key.c:120 LoadKeyByBlob_Internal: Submitting request to the TPM
To TPM: 00 C1 00 00 02 3D 00 00 00 20 40 00 00 00 01 01
To TPM: 00 00 00 10 00 00 00 00 00 00 00 00 01 00 01 00
Since the Infineon TPM does not supportLoadKey with TPM_TAG=TPM_TAG_RQU_COMMAND(0xC1).
Other problem is TrouSerS's LoadKeyByUUID function does not support auth secret when load the key.
The LoadKeyByBlog function supports auth secret. (so tpm_seal/tpm_unseal works with this TPM)
The workaround will be OpenPTS use key blob (file) instead of the TSS key store.
And use a dummy auth secret for the sign key.
Fork
ptsc -t (selftest) is fail with Infineon v1.2 TPM.
log
Since the Infineon TPM does not supportLoadKey with TPM_TAG=TPM_TAG_RQU_COMMAND(0xC1). Other problem is TrouSerS's LoadKeyByUUID function does not support auth secret when load the key. The LoadKeyByBlog function supports auth secret. (so tpm_seal/tpm_unseal works with this TPM)
The workaround will be OpenPTS use key blob (file) instead of the TSS key store. And use a dummy auth secret for the sign key.
This must be configured by /etc/ptsc.conf. e.g.
For other TPMs, default configuration will be;
Side effect: If user changes this option, the key must be generated again.