Skip to content

TCG TPM 2.0 Errata and how the errors relate to libtpms releases

Jump to bottom Edit New page
Stefan Berger edited this page May 11, 2023 · 7 revisions

This page gives insight into TCG's TPM 2.0 errata and the bugs relate to the libtpms code

Document: ERRATA; Errata Version 1.4, January 9, 2023; For TCG Trusted Platform Module Library; Family "2.0", Level 00, Revision 1.59, Nov 8, 2019

  • 2.1 TPM_SPEC Date Constants
    • branch stable-0.9 has correct TPM_SPEC_FAMILY and TPM_SPEC_LEVEL but its own values for the other constants
  • 2.2 Non-orderly Shutdown - failedTries
    • [TBD]
  • 2.3 ACT preserveSignaled
    • ACT not enabled in libtpms
  • 2.4 RSAES_Decode - padding
    • Does not apply since using OpenSSL functions
  • 2.5 TPM_EO - two's complement
    • branch master (v0.10-dev) contains fix; backwards compatibility issue expected
  • 2.6.1 CryptParameterEncryption/Decryption
    • branches stable-0.9, stable-0.8, and stable-0.7 contain the fixes
  • 2.6.2 TPM2_PolicyAuthorize
    • branch master (v0.10-dev) contains fix
  • 2.6.3 CryptGenerateKeyDes
    • Does not apply since using OpenSSL functions

Document: ERRATA; Errata Version 1.9, August 23, 2019; For TCG Trusted Platform Module Library; Family "2.0", Level 00, Revision 1.38, Sept 29, 2016

  • 2.1.4 Incorrect KDF Seed
    • branch stable-0.6.0 (initial TPM 2 code) contains fix
  • 2.1.5 Incorrect Label and Context Storage
    • branch stable-0.6.0 (initial TPM 2 code) contains fix
  • 2.1.6 Incorrect Label and Context Size
    • branch stable-0.6.0 (initial TPM 2 code) contains fix
  • 2.1.7 Incorrect Byte Order
    • branch stable-0.6.0 (initial TPM 2 code) contains fix (improved version of it)
  • 2.1.9.1 KDF Counter Initialization, 2.1.9.2 KDF Length Parameter, 2.1.9.3 ECC Key Generation Method, 2.1.9.4 Check for Leading Zeros
    • branch stable-0.6.0 (initial TPM 2 code) contains fixes for
      • CryptRand.h
      • Implementation.h
      • TPM2_CreateLoaded()
      • BnGetRandomBits()
      • CryptGenerateKeyDes()
      • BnEccGetPrivate()
      • BnEccGenerateKeyPair()
      • CryptEccGenerateKey() -- we do not enable set FIPS_COMPLIANT #define
      • BnSignEcdsa()
      • CryptKDFa()
      • DRBG_InstantiateSeededKdf()
      • DRBG_Generate()
      • CryptRandMinMax() -- we do not have this function since it is not used
      • CryptGenerateKeyedHash()
      • CryptGenerateKeySymmetric()
      • CryptCreateObject()
  • 2.2: Attribute Check for KEYEDHASH Object: branch stable-0.6.0 (initial TPM 2 code) has fix in CreateChecks() via fall-through
  • 2.3: Attribute Check in TPM2_CreatePrimary(): branch stable-0.6.0 (initial TPM 2 code) has fix in CreateChecks()
  • 2.4: TPM2_ECC_Parameters: comment only
  • 2.5: TPM2_DictionaryAttackParameters - failedTries: failedTries remains untouched
  • 2.6: Self-healing: following reference implementation
  • 2.7: TDES Key Parity Calculation: Text only changes
  • 2.8: Mode validation in TPM2_EncryptDecrypt, and TPM2_EncryptDecrypt2: branch stable-0.6.0 (initial TPM 2 code) seems to do it correctly
  • 2.9: TPM2_Import -- encryptedDuplication Check: not clear
  • 2.10: TPMS_TIME_INFO.time: comment only
  • 2.11: Separation Indicator 0x00 in KDFa: comment only
  • 2.12: TPM2_EvictControl: not clear
  • 2.13: TPM2B_TIMEOUT: branch stable-0.6.0 (initial TPM 2 code) has correct size
  • 2.14: TPM2_NV_ChangeAuth: comment only
  • 2.15: Primary Seed and Proof Size: branch stable-0.6.0 (initial TPM 2 code) defines USE_SPEC_COMPLIANT_PROOFS, which has PRIMARY_SEED_SIZE and PROOF_SIZE both set to 64 (512 bits)
  • 2.16: TPM2_NV_DefineSpcace - NV Pin Pass/Fail: branch stable-0.6.0 (initial TPM 2 code) is correct
  • 2.17: OaepDecode(): branch stable-0.6.0 (initial TPM 2 code) is correct
  • 2.18: seedValueSize: branch stable-0.6.0 (initial TPM 2 code) seems correct
  • 2.19: TPMI_DH_SAVED, TPMS_CONTEXT: branch stable-0.6.0 (initial TPM 2 code) uses MAX_LOADED_OBJECT with value 3
  • 2.20: Preservation of TPM vendor EKs: comment only changes
  • 2.21: Encryption of salt: comment only changes
  • 2.22: TPM_PT_NV_COUNTERS_MAX: Comment only changes
  • 2.23: ECC Binding Check - AdjustNumberB(): branch stable-0.6.0 (initial TPM 2 code) is correct
  • 2.24: TPM_SPEC Date Constants: branch stable-0.6.0 (initial TPM 2 code) is correct
  • 2.25: Commit Random Value – hash algorithm: comment changes only
  • 2.26: TPM2_Certify – qualifiedName: branch stable-0.6.0 (initial TPM 2 code) is correct
  • 2.27: TPM2_PCR_Allocate: branch stable-0.6.0 (initial TPM 2 code) is correct
  • 2.28: TPM_PT_PS_REVISION: comment changes only
  • 2.29: Label in TPM2_RSA_Encrypt/Decrypt and TPM2_CreateLoaded:
  • 2.30: TPM2_LoadExternal – ECC Point Padding: comment changes only
  • 2.31: Max Size Check of Data Object: branch stable-0.6.0 (initial TPM 2 code) seems to do the correct check
  • 2.32: pcrUpdateCounter: comment changes only
  • 2.33: Preservation of Orderly NV Index data: comment changes only
  • 2.34: NV PIN Indices: Patch 'tpm2: Fix a bug in CheckAuthSession' has been backported to stable-0.6.0 and stable-0.7.0
  • 2.35.2: TPM2_StartAuthSession – key scheme: Following reference code
  • 2.35.3: Lockout Mode: text changes only
  • 2.35.4: NV Locked: text changes only
  • 2.35.5: BnPointMul: text changes only
  • 2.35.6: TPM2_SequenceComplete: text changes only
  • 2.35.7: TPM2_PolicyTemplate: branch stable-0.6.0 (initial TPM 2 code) seems correct
Add a custom footer
Add a custom sidebar
Clone this wiki locally