Thanks to everyone who provided input. I did manage to resolve the problem and thought I'd close off this thread since it affects anyone trying to use the Intel NUC DC53427HYE's TPM.
It's all about the BIOS. In order to properly clear and take ownership of the TPM you must use BIOS version 32. There seems to be regressions in later version of the BIOS (up to v38 at least). I tested v34, v37 and v38 (the latest version available today), none permitted me to use the TPM in a functional manner. Only v32 worked. On Tue, 2014-12-23 at 13:00 -0500, Ken Goldman wrote: > On 12/23/2014 12:42 PM, Eric Naud wrote: > > Hi Ken, > > > > Thanks for your reply. > > > > I brought in tpm_getstatus.c from the latest version of the tpm tools, > > it dumps the permanent flags. Problem is it asks for the owner password > > which isn't set because I haven't taken ownership yet. > > TPM_GetCapability is a "no auth" command. It doesn't require and does > not accept authorization. > > Perhaps it's using TPM_GetCapabilityOwner, but that's unnecessary. > > Using my tools, it would be: > > ./getcapability -cap 4 -scap 0108 > > > So I extracted the relevant getCapability() function call and made my > > own utility, the output was: > > Tspi_TPM_GetCapability failed: 0x00003116 - layer=tsp, code=0116 (278), > > No secret information available for the address policy > > error getting TPM_PERMANENT_FLAGS. > > I am a TPM expert but not a TSS expert. Perhaps someone else here can > interpret that (IMHO, obscure) error message. I wonder what an address > policy is. > > > It seems that to read the permanent flags to determine if you can read > > the public key, you need to be able to read the public key :) > > No, you definitely do not. This seems like just a quirk in how someone > wrote the TSS utilities and maybe how you coded your version. My > version works without authorization. > > > > > > ------------------------------------------------------------------------------ > Dive into the World of Parallel Programming! The Go Parallel Website, > sponsored by Intel and developed in partnership with Slashdot Media, is your > hub for all things parallel software development, from weekly thought > leadership blogs to news, videos, case studies, tutorials and more. Take a > look and join the conversation now. http://goparallel.sourceforge.net > _______________________________________________ > TrouSerS-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/trousers-users ------------------------------------------------------------------------------ New Year. New Location. New Benefits. New Data Center in Ashburn, VA. GigeNET is offering a free month of service with a new server in Ashburn. Choose from 2 high performing configs, both with 100TB of bandwidth. Higher redundancy.Lower latency.Increased capacity.Completely compliant. http://p.sf.net/sfu/gigenet _______________________________________________ TrouSerS-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/trousers-users
