tpm2-tools is now on version 4.1.3, and tpm2-tss (the core library that the tools use to communicate with the tpm) has also gone through a number of changes since 2016. I imagine there have been many bug fixes and improvements since version 1.1 so I would suggest updating both of the above packages and and seeing if it is still not working after that. Rowan Rowan

Usually in your bios you can clear the tpm. If you're on an embedded device It's usually a jumper setting. Bill > -----Original Message----- > From: Chenxi Z <cxzhang1981(a)hotmail.com&gt; > Sent: Saturday, June 6, 2020 1:35 AM > To: tpm2(a)lists.01.org > Subject: [tpm2] TPM 2.0 hardware error DA lockout mode > > I have the exactly same issue as https://superuser.com/questions/1404738/tpm- > 2-0-hardware-error-da-lockout-mode > > TPM2 tools version v1.1 > > Tried clearing ownership: > > linux-host:~ # tpm2_takeownership -c -L lockpass > ERROR: Clearing Failed! TPM error code: 0x921 > > > Tried clearing dictionary lockout: > > linux-host:~ # tpm2_dictionarylockout -c -P lockpass > ERROR: 0x921 Error clearing dictionary lockout. > > > Neither works. > > The error id decode says: > > linux-host:~ # tpm2_rc_decode 0x921 > error layer > hex: 0x0 > identifier: TSS2_TPM_RC_LEVEL > description: Error produced by the TPM format 0 warning code > hex: 0x21 > name: TPM2_RC_LOCKOUT > description: authorizations for objects subject to DA protection are not allowed > at this time because the TPM is in DA lockout mode > > Can't figure out how to get out of this lockout state. Has someone came across > same error before? How to fix it? Thanks. > _______________________________________________ > tpm2 mailing list -- tpm2(a)lists.01.org > To unsubscribe send an email to tpm2-leave(a)lists.01.org > %(web_page_url)slistinfo%(cgiext)s/%(_internal_name)s