At a high level, when you take ownership, the owner password is passed to the TPM encrypted by the EK public key. The TPM then decrypts it with the EK private key.
In order to do this, the TSS needs the EK public key, which it gets using TPM_ReadPubek. There is a flag that disables the TPM_ReadPubek for "privacy". I suspect that the flag is clear. You can confirm this using a GetCapability to dump the permanent flags. If I'm correct, it's not that the TPM is disabled, but that the TPM_ReadPubek command is disabled. HOW the flag got cleared is another question, since it should have been set when you cleared the owner. But let's see if my guess is correct first. ~~ Shameless plug: My SW TPM has a set of very low level utilities that can help you debug without writing code. It also has a TPM emulator with tracing, which makes debugging a TSS application much easier. http://sourceforge.net/projects/ibmswtpm/ On 12/22/2014 1:19 PM, Eric Naud wrote: > > When I run tpm_takeownership I receive an error indicating the command > (or device?) is disabled: > > # tpm_takeownership > Enter owner password: > Confirm password: > Enter SRK password: > Confirm password: > LOG_DEBUG TSPI rpc/tcstp/rpc_ek.c:96 RPC_ReadPubek_TP: TCS Context: > 0xa051cf4b > Tspi_TPM_TakeOwnership failed: 0x00000008 - layer=tpm, code=0008 (8), > The TPM target command has been disabled > > This result is further substantiated by the takeOwnership test-suite: > Tspi_TPM_TakeOwnership01: > 0 FAIL : Tspi_TPM_GetPubEndorsementKey returned (8) > TPM_E_DISABLED_CMD > Tspi_TPM_TakeOwnership01.c 0 FAIL : Tspi_TPM_GetPubEndorsementKey > returned (8) TPM_E_DISABLED_CMD > > And again with Tspi_TPM_TakeOwnership03: > LOG_DEBUG TSPI rpc/tcstp/rpc_ek.c:96 RPC_ReadPubek_TP: TCS Context: > 0xa051254d > 0 FAIL : Tspi_TPM_TakeOwnership03 returned (8) > TPM_E_DISABLED_CMD > > If I try to clear the TPM this happens: > # tpm_clear --force > Tspi_TPM_ClearOwner failed: 0x0000002d - layer=tpm, code=002d (45), Bad > physical presence value > > It almost seems like the TPM is disabled even though the BIOS reports it > as enabled and present. Any ideas what's going on and how I can go about > taking ownership of this TPM? > ------------------------------------------------------------------------------ Dive into the World of Parallel Programming! The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net _______________________________________________ TrouSerS-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/trousers-users
