On 12/26/2014 8:39 PM, august " OR 1=1; > , % $ } ] ) > huber wrote: > Chances are your device simply lacks an endorsement key and needs to > have one generated, try a run of tpm_createek before attempting to > take ownership.
That's not likely. A - Recent ST TPM's come with an EK and EK certificate. B - The TPM_ReadPubek would return TPM_NO_ENDORSEMENT in that case, not TPM_DISABLED_CMD. From the spec: 2. If no EK is present the TPM MUST return TPM_NO_ENDORSEMENT One could use a getcapability to enumerate NV indexes to verify this. > You can also check the pubek at the tpmdd layer via: > cat /sys/class/misc/tpm0/device/pubek The device driver doesn't have any back door into the TPM. If reading the EK is disabled in the TPM, the driver won't be able to read it either. ~~ My best guess so far is that the "clear owner" process did not succeed. and so TPM_ReadPubek is failing this test: The TPM_ReadPubek command SHALL 1. If TPM_PERMANENT_FLAGS -> readPubek is FALSE return TPM_DISABLED_CMD ------------------------------------------------------------------------------ Dive into the World of Parallel Programming! The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net _______________________________________________ TrouSerS-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/trousers-users
