AEM failure after upgrade
lok...@gmail.com
Now, it asks me for the AEM password. I type it in, and it doesn't display my secret message. Instead, it immediately asks me for the disk password, and while it boots the system, I see a message telling me: "PCR sanity check failed".
I have tried to completely clear and reinstall AEM several times, but the same issue persists.
This is the content of the journalctl log:
Jul 07 16:25:36 dom0 systemd[1]: Starting Anti Evil Maid sealing...
Jul 07 16:25:39 dom0 anti-evil-maid-seal[1982]: tpm_z_srk: detecting whether SRK is password protected
Jul 07 16:25:39 dom0 anti-evil-maid-seal[1982]: Tspi_Key_CreateKey failed: 0x00000001 - layer=tpm, code=0001 (1), Authentication failed
Jul 07 16:25:39 dom0 anti-evil-maid-seal[1982]: tpm_z_srk: yes, SRK is password protected; resetting dictionary attack lock...
Jul 07 16:25:39 dom0 anti-evil-maid-seal[1982]: PCR-17: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
Jul 07 16:25:39 dom0 anti-evil-maid-seal[1982]: PCR-18: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
Jul 07 16:25:39 dom0 anti-evil-maid-seal[1982]: PCR-19: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
Jul 07 16:25:39 dom0 systemd[1]: anti-evil-maid-seal.service: Main process exited, code=exited, status=1/FAILURE
Any idea what the cause of this issue could be?
Regards,
Elias
Rusty Bird
Hash: SHA512
lok...@gmail.com:
> thread:
> https://groups.google.com/forum/#!topic/qubes-users/3ZkmS5v7E38),
> and after I installed the updated version, AEM stopped working
> completely.
>
> Now, it asks me for the AEM password. I type it in, and it doesn't
> display my secret message. Instead, it immediately asks me for the
> disk password, and while it boots the system, I see a message
> telling me: "PCR sanity check failed".
for details." You can find some hints for debugging there.
> This is the content of the journalctl log:
>
> Jul 07 16:25:36 dom0 systemd[1]: Starting Anti Evil Maid sealing...
> Jul 07 16:25:39 dom0 anti-evil-maid-seal[1982]: tpm_z_srk: detecting whether SRK is password protected
> Jul 07 16:25:39 dom0 anti-evil-maid-seal[1982]: Tspi_Key_CreateKey failed: 0x00000001 - layer=tpm, code=0001 (1), Authentication failed
> Jul 07 16:25:39 dom0 anti-evil-maid-seal[1982]: tpm_z_srk: yes, SRK is password protected; resetting dictionary attack lock...
> Jul 07 16:25:39 dom0 anti-evil-maid-seal[1982]: PCR-17: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
> Jul 07 16:25:39 dom0 anti-evil-maid-seal[1982]: PCR-18: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
> Jul 07 16:25:39 dom0 anti-evil-maid-seal[1982]: PCR-19: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
> Jul 07 16:25:39 dom0 systemd[1]: anti-evil-maid-seal.service: Main process exited, code=exited, status=1/FAILURE
new AEM version refuses to seal in this situation, so that you don't
get a false sense of security.
Rusty
-----BEGIN PGP SIGNATURE-----
iQJ8BAEBCgBmBQJZaMNAXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ4NEI1OUJDRkM2MkIxMjlGRTFCMDZEMDQ0
NjlENzhGNDdBQUYyQURGAAoJEEadePR6ryrfytAP/ArUcgXB5vKoBz+SP6My2QQQ
SXsjK1jqCqgXYziK/JI6r7LUEhXIvJfMsJKW/mdjd7OQv4davlSZxXVT9mxqA/0E
rCzF0AoIoAqtNYRSy0r+5t301KGy2I9efr0aziIFv591JEnOqKJK+F/MFNn7Zitb
+IY8YCQ6s+pgJcuKOycF2vz/9Dc817cILTfW+tzcSDMkG1NcbI4AbxXPxNwvMxkw
OZ0BJ9IMPfGVfAmKCGsouvnVc7vg/9mPgG7BhjD5Nojwwyb2dle8mhGiiWKtNPRw
2Eksk/m/NqCQb2F5NiQnQDOjJTwLvzf3hnEKSIwuKxLjrlVUyvsbmSrMwIbAUK7v
VdG2iCpCSgIPwTqUOlVPmQ2TNWhA3cDP2jGRSSi1RRWS2nGQd2w1tYKw3dibr/K7
RD6KQUgJdyxW3Y6cBidQ+zy0vbmMFyuQ6DyTF/T3Zmq2XvvBVaq6U/LwMZOpt+s+
X56JQa1HDdVBKTEXbPnxI+sT0ehMhfn1YOZBZ93lYkJyiyrIAvwCiQKfPLsVQqZH
M9e6L1C+CePEqNyb2btMUPJOuRtVd0059mgQ+x5PpdhnQOia0RR4A9Bn6oW5515m
qGsqY2wIg2wb7xG8O+Gl9sxQk8jtQX7Or/V4oixfGEqMb5Xi6a97nFKLha22lc7J
A5aT5+xMPvsk+02b33sg
=mUFf
-----END PGP SIGNATURE-----