Hi Hal,
Thanks for clarifying what trousers is. I guess what I am trying to
accomplish with TPM is to validate the state of a system to a group of
trusted node. For example if a new node is trying to be part of a group of
trusted nodes then the new node will send its signed PCR values to a trusted
node within the group, which will validate if the new node is configure as
accepted. Part of the validation would also be to prove that the machine has
a TPM.
So what is the endorsement key used for? I am still trying to understand how
TPM work and what are they capable of doing. I am hoping someone has figured
out how to create AIK and used Quote to sign PCR values.
--Hardeep
On Fri, Nov 20, 2009 at 2:00 PM, Hal Finney <[email protected]> wrote:
> Hi Hardeep, yes unfortunately Trousers is just the TSS API. There are
> a few utilities in the tpm-tools package available from the Trousers
> Sourceforge site. These do such things as take ownership of the TPM,
> create the endorsement key if it does not exist, etc. Basic TPM
> management utilities.
>
> The kind of thing you are asking about requires custom programming.
> Generally the API is very complicated and it is impossible to
> anticipate all the things people might want to do with the TPM, so at
> this point it is necessary to write programs to do things. You might
> look into Trusted Java, which implements a Java layer over the TSS API
> and might be easier to use for people familiar with that language.
>
> The specific thing you are asking for is not actually possible. The
> endorsement key is restricted in what it can do and it cannot sign
> anything. What you are supposed to do is to create a special signing
> key called an attestation identity key (AIK) and then use the special
> Quote operation to sign PCR values using the AIK. And then there is a
> complicated protocol to prove that the AIK is a TPM-protected key, so
> that people can know that the PCR values are correct. It is not as
> easy as one might wish, unfortunately.
>
> Hal Finney
>
> On Fri, Nov 20, 2009 at 1:29 PM, Hardeep Uppal
> <[email protected]> wrote:
> > Hi,
> >
> > I am trying to find instructions for making the tpm sign pcrs values with
> > its endorsement key and also create new public/private keys. I thought
> > trousers was a utility that has commands that you enter in the shell for
> > doing this. But it seems like trousers is just the TSS API. Do I need to
> > write c code to get this functionality? Can someone explain what exactly
> > trousers is? Do I need to download other packages for this?
> >
> > Thanks in advance,
> > Hardeep
>
------------------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day
trial. Simplify your report design, integration and deployment - and focus on
what you do best, core application coding. Discover what's new with
Crystal Reports now. http://p.sf.net/sfu/bobj-july
_______________________________________________
TrouSerS-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/trousers-users
