Is there a way to detect from code that a dictionary attack reset has been attempted, but with the wrong lockoutAuth value?
I can detect that the TPM is in lockout by checking to see if failedTries == maxTries. I cant seem to find a way to know that a reset has failed and the TPM is in lockout due to an incorrect lockoutAuth value.
I am aware that I can attempt a DA protected operation and observe the TPM_RC_LOCKOUT return, but I wondered if there was a way without attempting an operation.
I am in a UEFI environment, this is not that important but I should mention it.
Regards
Ben
