JSON files after creation #2881
Comments
|
Currently the JSON file of a NV object in the keystore is updated after every write operation. This is actually unnecessary after the first write operation. The content of the file will only be changed after the first write because the NV_WRITTEN bit is set. I could create a PR where the keystore is updated only after the first write? So you could call a dummy write after the object creation before making the OS read-only. |
JuergenReppSIT
added a commit
to JuergenReppSIT/tpm2-tss
that referenced
this issue
Aug 2, 2024
* A duplicate write operation to the keystore was executed by Fapi_NvWrite. * A write operation to the keystore was only needed after the first call of Fapi_NvWrite because the NV_WRITTEN bit was set. * A write operation to the keystore by Fapi_ChangeAuth was only needed if the value of the attribute with_auth was changed. Addresses: tpm2-software#2881 Signed-off-by: Juergen Repp <[email protected]>
AndreasFuchsTPM
pushed a commit
that referenced
this issue
Aug 13, 2024
* A duplicate write operation to the keystore was executed by Fapi_NvWrite. * A write operation to the keystore was only needed after the first call of Fapi_NvWrite because the NV_WRITTEN bit was set. * A write operation to the keystore by Fapi_ChangeAuth was only needed if the value of the attribute with_auth was changed. Addresses: #2881 Signed-off-by: Juergen Repp <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hello team.
I need to create a read only system, and I was wondering: аre the JSON files read-only after creation, or do they change at some point after that?
I am talking about the ones in: /usr/local/var/lib/tpm2-tss/system/keystore/*
P.S.
The only thing we do with the TPM chip, for now, is to create some indexes in the NVRAM before making the OS read-only.
After that we only read and write information to the TPM's NVRAM.
Thanks.
The text was updated successfully, but these errors were encountered: