Hi guys,

Perhaps any further insight to this issue?

Thanks
Alex

-----Original Message-----
From: Kent Yoder [mailto:shpedoi...@gmail.com] 
Sent: Tuesday, July 20, 2010 9:46 AM
To: Alexander Loukissas (aloukiss)
Cc: Klaus Heinrich Kiwi; opencryptoki-users@lists.sourceforge.net
Subject: Re: [opencryptoki-users] error initializing token

The TPM token code shows:

Tspi_Policy_SetSecret(hPolicy, TSS_SECRET_MODE_PLAIN, 0, NULL)

So this would be NULL...  I assume this was done for convenience --  I
don't think the well-known secret options existed in tpm-tools at that
time...

On Tue, Jul 20, 2010 at 11:43 AM, Alexander Loukissas (aloukiss)
<alouk...@cisco.com> wrote:
> I'm also confused. Should the secret be set to well-known or null?
>
> Alex
>
> -----Original Message-----
> From: Klaus Heinrich Kiwi [mailto:kla...@linux.vnet.ibm.com]
> Sent: Tuesday, July 20, 2010 9:34 AM
> To: Kent Yoder
> Cc: Alexander Loukissas (aloukiss); opencryptoki-users@lists.sourceforge.net
> Subject: Re: [opencryptoki-users] error initializing token
>
> On Tue, 2010-07-20 at 11:23 -0500, Kent Yoder wrote:
>> This is likely the TPM's SRK failing to load.  The TPM Token will try
>> to load the SRK using a NULL password.  IIRC this can be set by just
>> hitting enter when prompted for the password in tpm_changeownerauth
>> -s.
>
> I'm confused now. What is the tpm token really expecting?
>  - null owner secret?
>  - 'well known' owner secret? i.e., tpm_takeownership -y
>  - 'well known' srk secret? i.e., tpm_takeownership -z
>
> I'm assuming that 'null password' is different than '20 bytes of
> zero' (the 'well-known-secret').
>
> Thanks,
>
>  -Klaus
> --
> Klaus Heinrich Kiwi             | kla...@br.ibm.com
> IBM LTC Security Development    | http://blog.klauskiwi.com
> http://www.ibm.com/linux/ltc    | http://www.ratliff.net/blog
>
>
>
>

------------------------------------------------------------------------------
This SF.net email is sponsored by Sprint
What will you do first with EVO, the first 4G phone?
Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first
_______________________________________________
opencryptoki-users mailing list
opencryptoki-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/opencryptoki-users

Reply via email to