4:44 a.m.
Hello,
I found one problem about the TPM Dictionary Attack Lock mechanism.
I executed the following command sequence to check the functionality of
DictionaryAttackLockReset.
(1) DictionaryAttackLockReset (right authValue) , rval=0
(2) DictionaryAttackParameters (wrong authValue), rval=98e
(3) DictionaryAttackParameters (right authValue), rval=921
<StartAuthSession(Policy)>
<Compute Policy>
(4) DictionaryAttackLockReset (lockoutPolicy), rval=0
(5) DictionaryAttackLockReset (right authValue), rval=921
From the following document
"TCG Library Specification 1.38 Part1 19.8.5 Authorization Failures
Involving lockoutAuth"
>When in this special lockout state, the TPM will not allow use of
lockoutAuth. The TPM will exit this state when
TPM2_DictionaryAttackLockReset() is used with a successful lockoutPolicy
or after the TPM is powered for a configurable time period
(lockoutRecovery).
I assume that in (1) and (5), the result will be the same.
However, different return codes is produced
I would like to know why they are different..
-----
Yasuhiro Hosoda
NTT Electronics Corporation (NEL)