Chances are your device simply lacks an endorsement key and needs to have one generated, try a run of tpm_createek before attempting to take ownership.
You can also check the pubek at the tpmdd layer via: cat /sys/class/misc/tpm0/device/pubek On Fri, Dec 26, 2014 at 11:15 AM, Ken Goldman <[email protected]> wrote: > I got on email off-list (the writer is worried about spam) with similar > hardware and a similar error. > > He ran my getcap utility and found, as I suspected, that readpubek is > FALSE. This flag should be true after an owner clear and false after > take ownership. In effect (the way I read the spec), it is a flag that > says whether there is an owner. > > I can think of two possibilities: > > 1 - The owner clear was not run or failed. There is still an owner. > > 2 - take ownership is being run twice, and it's failing the second time. > > I suggest installing my low level utilities to help debug. I want to > know the state of the readpubek flag before take ownership (to confirm > that this is the problem) and then after owner clear (to see if the > owner clear is working.) > > On 12/22/2014 1:19 PM, Eric Naud wrote: >> Hello trouSerS-users, >> >> I'm trying to test trousers/tpm-tool on an Intel NUC DC53427HYE and I >> seems to be having trouble taking ownership of the device, I'm hoping >> someone here can lend a hand. >> >> First off, I have cleared the TPM via the BIOS. (to so so I had to >> change a jumper to enter 'maintenance mode' where some additional bios >> options become visible) >> >> I'm using trousers 0.3.13, tpm-tools 1.3.8 on a Unix like system. >> >> # tpm_version reports: >> TPM 1.2 Version Info: >> Chip Version: 1.2.13.12 >> Spec Level: 2 >> Errata Revision: 3 >> TPM Vendor ID: STM >> Vendor Specific data: 50 >> TPM Version: 01010000 >> Manufacturer Info: 53544d20 >> >> When I run tpm_takeownership I receive an error indicating the command >> (or device?) is disabled: >> >> # tpm_takeownership >> Enter owner password: >> Confirm password: >> Enter SRK password: >> Confirm password: >> LOG_DEBUG TSPI rpc/tcstp/rpc_ek.c:96 RPC_ReadPubek_TP: TCS Context: >> 0xa051cf4b >> Tspi_TPM_TakeOwnership failed: 0x00000008 - layer=tpm, code=0008 (8), >> The TPM target command has been disabled >> >> This result is further substantiated by the takeOwnership test-suite: >> Tspi_TPM_TakeOwnership01: >> 0 FAIL : Tspi_TPM_GetPubEndorsementKey returned (8) >> TPM_E_DISABLED_CMD >> Tspi_TPM_TakeOwnership01.c 0 FAIL : Tspi_TPM_GetPubEndorsementKey >> returned (8) TPM_E_DISABLED_CMD >> >> And again with Tspi_TPM_TakeOwnership03: >> LOG_DEBUG TSPI rpc/tcstp/rpc_ek.c:96 RPC_ReadPubek_TP: TCS Context: >> 0xa051254d >> 0 FAIL : Tspi_TPM_TakeOwnership03 returned (8) >> TPM_E_DISABLED_CMD >> >> If I try to clear the TPM this happens: >> # tpm_clear --force >> Tspi_TPM_ClearOwner failed: 0x0000002d - layer=tpm, code=002d (45), Bad >> physical presence value >> >> It almost seems like the TPM is disabled even though the BIOS reports it >> as enabled and present. Any ideas what's going on and how I can go about >> taking ownership of this TPM? > > > > > ------------------------------------------------------------------------------ > Dive into the World of Parallel Programming! The Go Parallel Website, > sponsored by Intel and developed in partnership with Slashdot Media, is your > hub for all things parallel software development, from weekly thought > leadership blogs to news, videos, case studies, tutorials and more. Take a > look and join the conversation now. http://goparallel.sourceforge.net > _______________________________________________ > TrouSerS-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/trousers-users ------------------------------------------------------------------------------ Dive into the World of Parallel Programming! The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net _______________________________________________ TrouSerS-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/trousers-users
