3

I am using IBM TPM v1332 + IBM TSS v1470 now and trying to store some essential keywords/passwords to non-volatile memory on TPM. I found two ways to do so. One is to create a sealed object and use evictcontrol to store it, like: ${PREFIX}evictcontrol -ho $objHandle -hp 81800002 -hi p

Another way is using NV command directly to store something: ${PREFIX}nvdefinespace -hi o -ha 01000000 -pwdn nnn ${PREFIX}nvwrite -ha 01000000 -pwdn nnn

However, I couldn't find any information about the non-volatile spaces available in TPM. Is this described in the TPM spec? Where could I find the information? Thanks.

DaveW
  • 63
  • 1
  • 5

1 Answers1

0

The TPM PC platform specification says:

"1.The TPM SHALL provide a minimum of 6962 (dec) bytes of NV Storage."

If you use evictcontrol you should note that the TPM allows only a small number of persitstent objects at the same time (at least 7, of which 4 are reserved). You can get the number of available persistent slots using the TPM2_GetCapability command with TPM_CAP_TPM_PROPERTIES as capability. TPM_PT_HR_PERSISTENT_AVAIL will be at least 1 if you can store another object.

The amount of available NV memory is device dependant, you have to check the data sheets. I suggest to work with the numbers from the PC platform specification, they are valid for every device.

MiSimon
  • 1,225
  • 1
  • 8
  • 10
  • I checked TPM_PT_HR_PERSISTENT_AVAIL on my TPM 2.0 simulator and got the number as 11. Do the specs mention about what the size of each slot is? I only saw spec says the number is an estimate (p50, TPM-Rev-2.0-Part-2-Structures-01.38.pdf) – DaveW Oct 09 '19 at 00:42
  • I think there is no fixed size, because you can make different key types (with different sizes) persistent (ec, rsa,...). – MiSimon Oct 10 '19 at 09:57
  • Could I think those slots are part of NV storage defined in the specification (6962 byte)?? The spec says "The TPM Library Specification treats all non-volatile entities as part of the same pool of NV memory". Looks like it only defines a minimum NV size, but TPM vendors can decide what's the size for their persistent object/slots (usually a small size) + other NV storage. – DaveW Oct 10 '19 at 18:11