Smallstep CLI/0.28.7 (linux/amd64)
step-kms-plugin/0.15.1 (linux/amd64)
according to [step-ca/cryptographic-protection.mdx]
step kms create --json 'tpmkms:name=my-intermediate-ca' is supposed to be sufficient.
The reality appears to be somewhat different:
$ step kms create --json 'tpmkms:name=foobar.example.com'
Error: failed to create key: failed creating key: failed creating key "foobar.example.com": failed to get SRK handle: EvictControl failed: error code 0x4c : NV Index or persistent object already defined
The user executing the command is a member of the tss group and /dev/tpmrm0 is present with the correct permissions:
$ ls -la /dev/tpmrm0
crw-rw---- 1 tss tss 254, 65536
Smallstep CLI/0.28.7 (linux/amd64)
step-kms-plugin/0.15.1 (linux/amd64)
according to [step-ca/cryptographic-protection.mdx]
step kms create --json 'tpmkms:name=my-intermediate-ca'is supposed to be sufficient.The reality appears to be somewhat different:
The user executing the command is a member of the
tssgroup and/dev/tpmrm0is present with the correct permissions: