I am using IBM TPM v1332 + IBM TSS v1470 now and trying to store some essential keywords/passwords to non-volatile memory on TPM.
I found two ways to do so. One is to create a sealed object and use evictcontrol
to store it, like:
${PREFIX}evictcontrol -ho $objHandle -hp 81800002 -hi p
Another way is using NV command directly to store something:
${PREFIX}nvdefinespace -hi o -ha 01000000 -pwdn nnn
${PREFIX}nvwrite -ha 01000000 -pwdn nnn
However, I couldn't find any information about the non-volatile spaces available in TPM. Is this described in the TPM spec? Where could I find the information? Thanks.
The TPM PC platform specification says:
"1.The TPM SHALL provide a minimum of 6962 (dec) bytes of NV Storage."
If you use evictcontrol you should note that the TPM allows only a small number of persitstent objects at the same time (at least 7, of which 4 are reserved). You can get the number of available persistent slots using the TPM2_GetCapability command with TPM_CAP_TPM_PROPERTIES as capability. TPM_PT_HR_PERSISTENT_AVAIL will be at least 1 if you can store another object.
The amount of available NV memory is device dependant, you have to check the data sheets. I suggest to work with the numbers from the PC platform specification, they are valid for every device.