Hi Ken, Thanks for your reply.
I brought in tpm_getstatus.c from the latest version of the tpm tools, it dumps the permanent flags. Problem is it asks for the owner password which isn't set because I haven't taken ownership yet. So I extracted the relevant getCapability() function call and made my own utility, the output was: Tspi_TPM_GetCapability failed: 0x00003116 - layer=tsp, code=0116 (278), No secret information available for the address policy error getting TPM_PERMANENT_FLAGS. It seems that to read the permanent flags to determine if you can read the public key, you need to be able to read the public key :) Thanks though, Eric On Tue, 2014-12-23 at 09:36 -0500, Ken Goldman wrote: > At a high level, when you take ownership, the owner password is passed > to the TPM encrypted by the EK public key. The TPM then decrypts it > with the EK private key. > > In order to do this, the TSS needs the EK public key, which it gets > using TPM_ReadPubek. > > There is a flag that disables the TPM_ReadPubek for "privacy". I > suspect that the flag is clear. You can confirm this using a > GetCapability to dump the permanent flags. > > If I'm correct, it's not that the TPM is disabled, but that the > TPM_ReadPubek command is disabled. > > HOW the flag got cleared is another question, since it should have been > set when you cleared the owner. But let's see if my guess is correct first. > > ~~ > > Shameless plug: My SW TPM has a set of very low level utilities that > can help you debug without writing code. It also has a TPM emulator > with tracing, which makes debugging a TSS application much easier. > > http://sourceforge.net/projects/ibmswtpm/ > > > On 12/22/2014 1:19 PM, Eric Naud wrote: > > > > When I run tpm_takeownership I receive an error indicating the command > > (or device?) is disabled: > > > > # tpm_takeownership > > Enter owner password: > > Confirm password: > > Enter SRK password: > > Confirm password: > > LOG_DEBUG TSPI rpc/tcstp/rpc_ek.c:96 RPC_ReadPubek_TP: TCS Context: > > 0xa051cf4b > > Tspi_TPM_TakeOwnership failed: 0x00000008 - layer=tpm, code=0008 (8), > > The TPM target command has been disabled > > > > This result is further substantiated by the takeOwnership test-suite: > > Tspi_TPM_TakeOwnership01: > > 0 FAIL : Tspi_TPM_GetPubEndorsementKey returned (8) > > TPM_E_DISABLED_CMD > > Tspi_TPM_TakeOwnership01.c 0 FAIL : Tspi_TPM_GetPubEndorsementKey > > returned (8) TPM_E_DISABLED_CMD > > > > And again with Tspi_TPM_TakeOwnership03: > > LOG_DEBUG TSPI rpc/tcstp/rpc_ek.c:96 RPC_ReadPubek_TP: TCS Context: > > 0xa051254d > > 0 FAIL : Tspi_TPM_TakeOwnership03 returned (8) > > TPM_E_DISABLED_CMD > > > > If I try to clear the TPM this happens: > > # tpm_clear --force > > Tspi_TPM_ClearOwner failed: 0x0000002d - layer=tpm, code=002d (45), Bad > > physical presence value > > > > It almost seems like the TPM is disabled even though the BIOS reports it > > as enabled and present. Any ideas what's going on and how I can go about > > taking ownership of this TPM? > > > > > > > ------------------------------------------------------------------------------ > Dive into the World of Parallel Programming! The Go Parallel Website, > sponsored by Intel and developed in partnership with Slashdot Media, is your > hub for all things parallel software development, from weekly thought > leadership blogs to news, videos, case studies, tutorials and more. Take a > look and join the conversation now. http://goparallel.sourceforge.net > _______________________________________________ > TrouSerS-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/trousers-users ------------------------------------------------------------------------------ Dive into the World of Parallel Programming! The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net _______________________________________________ TrouSerS-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/trousers-users
