You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I know this behavior is expected, but I still need a way to exit the lockout mode manually.
I have entered this mode by power cycling the machine and the chip too often. This is necessary for testing purposes. I haven't set an auth password and kept everything in the default state. The documentation states the following
19.11.4 Recovering from Lockout Mode
The TPM can recover from Lockout mode in three ways.
1) TPM2_DictionaryAttackLockReset() sets failedTries to zero. This command requires Lockout
Authorization. The TPM does not have to be in Lockout mode in order to use this command.
2) The TPM decrements failedTries by one if no TPM resets are recorded during recoveryTime.
NOTE 1
If the TPM is in Lockout mode, then the TPM will always leave Lockout mode when failedTries
decrements because failedTries will no longer be equal to maxTries.
NOTE 2
The failure count is not decremented below zero.
3) failedTries is set to zero if the owner changes.
Configuration and programmatic recovery of the dictionary attack logic requires proof of knowledge of
Lockout Authorization. When the TPM owner is changed by changing the SPS, lockoutAuth is set to the
EmptyAuth and lockoutPolicy is set to the Empty Buffer
Empty password is a password of length zero.
If you do not provide a -p parameter, that is the password that tpm2 tools will use.
I guess you have a password set but do not remember it or it was set by Windows or some other software ?
I suggest to go into BIOS and clear the TPM.
I know this behavior is expected, but I still need a way to exit the lockout mode manually.
I have entered this mode by power cycling the machine and the chip too often. This is necessary for testing purposes. I haven't set an auth password and kept everything in the default state. The documentation states the following
So there seems to be a way to do this. Trying a
Put me in lockout mode as well though, because
So what is the default password? I can I change these settings or exit the lockout mode?
NOTE: "Authorizations default to the EMPTY PASSWORD when not specified".
What is the EMPTY PASSWORD? ^^
The text was updated successfully, but these errors were encountered: