2010/2/10 Chiu,Cheng-Yung <[email protected]>: > Hi everybody: > > Currently I am learning the TPM on Linux, but one problem has troubled me > for a long time. > > The problem is on the Token initialized and change the password. > Enter SRK password: <enter> # set to null > Confirm password: <enter> # set to null > > PS. In this step, I have also used `tpm_takeownership -z' and > `tpm_changeownerauth -s -r', but have the same problem. 'null' (the empty password) is the correct SRK authentication for opencryptoki.
> 12. type `tpmtoken_init -k "IBM PKCS#11 TPM Token"' > > Warning: The TPM token has already been initialized. Reinitializing the TPM > token will cause all TPM token data to be lost. > Clear the TPM token data? [y/N]: y > Enter the TPM security officer password: > A new TPM security officer password is needed. The password must be between > 6 and 127 characters in length. > Enter new password: ****** > Confirm password: ****** > C_SetPIN failed: 0x00000006 (6) > > or only type `tpmtoken_init' to init tpm but has same result. I found that some tpms initial state restricts reading the SRK public value to the tpm owner, which prevents tpmtoken_init from working. Check your syslog for messages like: openCryptoki(TPM)[1506]: tpm_specific.c Warning: Your TPM is not configured to allow reading the public SRK by anyone but the owner. Use tpm_restrictsrk -a to allow reading the public SRK (other openCryptoki messages may appear in syslog too) ------------------------------------------------------------------------------ SOLARIS 10 is the OS for Data Centers - provides features such as DTrace, Predictive Self Healing and Award Winning ZFS. Get Solaris 10 NOW http://p.sf.net/sfu/solaris-dev2dev _______________________________________________ TrouSerS-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/trousers-users
