Olga: The TPM itself has no on-disk key storage, although some
applications may use the disk for key storage in an automated fashion. You
are correct that the TPM only stores that limited set of keys inside the
chip.
This means that in the event of a hard-drive failure, the SRK should still
be accessible, but any storage (or other user-created) keys that were on
the hard disk will be lost unless they were backed up. However, the
backups should be restorable without any trouble from the TPM perspective,
and as you say, owner-evict keys are an exception.
In response to Arshad's original question, I have reinstalled an OS and
continued to use the TPM without taking ownership (i.e. changing the SRK
and its authorization information) again, although I have not specifically
been working with storage keys, and given the nature of the work I was
doing, I'm not sure that I particularly bothered with keeping the old keys
rather than creating new ones when I reinstalled. However, I have no
experience with Java libraries that use intermediate layers to access the
TPM; I've used the public command-line tools and my own code.
Ariel
On 8/31/11 9:35 AM, "Olga Chen" <[email protected]> wrote:
>
>
>
>But, I'm curious: have you - or anyone else - successfully accessed an
>SRK to decrypt a storage-key even after re-installing an OS (as long as
>the TPM was NOT reinitialized in the re-installation of the OS)? TIA.
>
>
>
>
>Someone please correct me if I am wrong, but as far as I can tell, the
>TPM only stores EK, SRK, and (maybe) some owner-evict keys inside. The
>rest are stored encrypted on the hard drive. If the OS is completely
>re-installed, wouldn't that wipe out the disk area that the TPM is using
>the its key storage? I couldn't find anywhere any indication that the TPM
>is using some sort of "hidden" disk partition for its key storage that is
>not affected by the OS. So I would think that after re-installing the OS,
>the on-disk key storage would go away. Can anyone confirm that this is
>actually true?
>
>
------------------------------------------------------------------------------
Special Offer -- Download ArcSight Logger for FREE!
Finally, a world-class log management solution at an even better
price-free! And you'll get a free "Love Thy Logs" t-shirt when you
download Logger. Secure your free ArcSight Logger TODAY!
http://p.sf.net/sfu/arcsisghtdev2dev
_______________________________________________
TrouSerS-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/trousers-users
