TPM2_Load response too short? #9
Comments
|
Hello @jezzab, It seems that there is no 81000001h handle in your Intel PTT. Did you enable BitLocker with UEFI Secureboot? Best regards, Seunghun |
|
I assume it was enabled with it Secure Boot turned off as its off now and booting into Windows with Bitlocker enabled |
|
What would cause it not to be able to read the 0x81000001 handle? Is there something I can look into to try and work out what is going on? Appreciate your help |
|
Hi @jezzab, you can read 0x81000001 with the command below. $> tpm2_readpublic -c 0x81000001By the way, it's a weird case. If you don't mind, would you share the kernel log after my BitLeaker runs? You can get the kernel log with the below command. # If you share the log, I will check what happened.
$> sudo dmesg > kernel_log.txtBest regards, Seunghun |
|
Thanks for the reply @kkamagui But here is the kernel log |
|
|
Hello @jezzab, Thank you for your data. According to your test result, the handle for the Bitlocker was created already. It seems that your machine had an unusual problem. Would you share the specification of your machine if you don't mind? If I have one, I should test it with the machine. Best regards, Seunghun |
|
Its an Intel NUC NUC7i3DNB |
|
Hi @kkamagui, Regards |
|
I noticed this thread. Just a question, have you run dislocker -v -v -v -v -V PathToYourBitlockerVolume ? Where, of course, PathToYourBitlockerVolume should point to your device with bitlocker. It will help you figure out if your version of bitlocker is actually using PCRs 7 & 11. You can also check by booting into Windows (assuming this is actually possible) and running PCPTool (you may have to compile this to run it). From the above, it doesn't actually appear that your SecureBoot is checked. If it isn't, bitlocker uses other PCRs from the TPM (2, 4, 5, and something else I think). While I believe bitleaker should technically still work, the TPM commands may differ slightly if SecureBoot isn't enabled. I don't know if key 0x81000001 is necessary if SecureBoot isn't enabled. This MAY explain why bitleaker can't find it. |
|
Hi @jezzab, |
|
i am dealing with the same issue in dell x-13 9360. |
|
im also dealing with the same error on Dell Latitude 3590 :( |
|
Also you might need to check tpm2_getcap. If it shows that the tpm clear bit is 1, then you have a TPM that might require 2 resets. The problem is that kkamagui’s solution sometimes sets a flag causing it not to work. To fix this, the TPM needs to be reset when all zeros, but with the bitleaker module unloaded. This resets the TPM and allows the “TPM state” to be restored. Once this happens, the TPM should work as normal because it thinks the state has been restored. This needed to be fixed on the Dell 7579. Basically, it means sleeping twice, once with the module loaded and a second time without. |
|
As a note, I think this flag was supposed to prevent Bitleaker by indicating the TPM is in an invalid state (I.e. restored without restoring state), but the flag is pointless because it can be cleared by saving and restoring a zero state. |
would you mind giving me a whatsapp or any other contact so i can contact you directly ??? :) |
If you need code, I've already got a fork of the project which contains the repeated reset. Kkamagui did the heavy lifting on this. |
|
Hi all, I have exactly the same situation (dell 7490, bios downgraded till vulnerable, running bitleaker with same results). Any suggestions/tips/tricks left? |
|
You may have to look at the load response. Use tpm2_rc_decode to find the error (two bytes at end). That might clue you in to why the load fails. Maybe the data in the registers isn’t valid? |
Everything appears to be working beautifully but the data seems to be a lot shorter than the other logs I have seen which is causing it to fail. The unit is a NUC using Intel PTT
Any ideas would be greatly appreciated
The text was updated successfully, but these errors were encountered: