2010/2/10 Chiu,Cheng-Yung <[email protected]>:
> Hi everybody:
>
> Currently I am learning the TPM on Linux, but one problem has troubled me
> for a long time.
>
> The problem is on the Token initialized and change the password.
>  Enter SRK password: <enter>  # set to null
>  Confirm password: <enter>    # set to null
>
>  PS. In this step, I have also used `tpm_takeownership -z' and
> `tpm_changeownerauth -s -r', but have the same problem.
'null' (the empty password) is the correct SRK authentication for opencryptoki.

> 12. type `tpmtoken_init -k "IBM PKCS#11 TPM Token"'
>
>  Warning: The TPM token has already been initialized. Reinitializing the TPM
> token will cause all TPM token data to be lost.
>  Clear the TPM token data? [y/N]: y
>  Enter the TPM security officer password:
>  A new TPM security officer password is needed. The password must be between
> 6 and 127 characters in length.
>  Enter new password: ******
>  Confirm password: ******
>  C_SetPIN failed: 0x00000006 (6)
>
>  or only type `tpmtoken_init' to init tpm but has same result.
I found that some tpms initial state restricts reading the SRK public
value to the tpm owner, which prevents tpmtoken_init from working.
Check your syslog for messages like:

openCryptoki(TPM)[1506]: tpm_specific.c Warning: Your TPM is not
configured to allow reading the public SRK by anyone but the owner.
Use tpm_restrictsrk -a to allow reading the public SRK

(other openCryptoki messages may appear in syslog too)

------------------------------------------------------------------------------
SOLARIS 10 is the OS for Data Centers - provides features such as DTrace,
Predictive Self Healing and Award Winning ZFS. Get Solaris 10 NOW
http://p.sf.net/sfu/solaris-dev2dev
_______________________________________________
TrouSerS-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/trousers-users

Reply via email to