As Ken said, there is some initialization you need to do with a brand new TPM. It's not a security issue---it's all documented, and if they didn't do it that way, you would lose a lot of flexibility. I looked at this a few years back, I don't remember the details right now, but that's where you should look, in the TPM 1.2 specification.
Doing a ClearOwner in the BIOS is not a problem, but depending on what you need to do, you may have to take ownership again. On Fri, Sep 11, 2015 at 8:11 AM, Todd Griggins <[email protected]> wrote: > Sadly, only one of the motherboards we need to use has the pads on-board for > the TPM, if they all did, we would have just populated them. > > Instead we opted to use pluggable modules, specifically, bought two of > these: http://www.amazon.com/dp/B00U07T0UE Would certainly hope they > finished it and had it ready for public use! Should I contact the vendor? > What would I tell them? My guess is "SPICY BOMB" may not have any idea what > I'm talking about. This seems like a rather serious security issue > considering it didn't report any errors when taking ownership, and setting > up the NV areas. > > Does anyone know if there is there a better source for the gigabyte variant > of these modules? > > I've been doing the TPM Clear in BIOS upon receiving these, should I /not/ > be doing that? > > Todd > > > On Fri, Sep 11, 2015 at 8:45 AM, Ken Goldman <[email protected]> wrote: >> >> On 9/10/2015 9:40 PM, Luigi Semenzato wrote: >> > What IFX model is this? We use several models in Chromebooks and >> > haven't run into this problem. >> > >> > One thing that's slightly suspicious is that the physical presence >> > lifetime lock is still set to FALSE. Normally it should get set to TRUE >> > in some factory flow, depending on whether you use the PP pin, or >> > (optionally) enable PP in the firmware. I wonder if there are other >> > uninitialized lifetime flags. >> >> It sounds like he's buying raw TPMs, so I would expect them to come >> uninitialized. He is the "factory flow". >> >> And yes, the lifetime lock should be set at some point so the TPM isn't >> accidentally bricked. >> >> >> >> >> >> ------------------------------------------------------------------------------ >> _______________________________________________ >> TrouSerS-users mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/trousers-users > > ------------------------------------------------------------------------------ _______________________________________________ TrouSerS-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/trousers-users
