From: Kylene Jo H. <kj...@us...> - 2005-11-29 18:31:56
|
This is similar to what I was referring to the other day: clearing the TPM and then needing physical presence for the commands to get it re- enabled. If your machine has a TCG-aware BIOS you can clear it through that (and will need to get back to a working state). To do this you usually power the machine on with the Fn or Ctrl button held down then you can let go and enter BIOS. Navigate to the Security tab of the BIOS and look for something that says TCPA, TCG, Embedded Security System, or Security Chip. It will probably have a field to indicate enabled or not and something to clear it. If you can't find anything in BIOS you can assert physical presence with Trousers from Single User Mode. This is outlined in the FAQ on the sourceforge project website. Thanks, Kylie On Tue, 2005-11-29 at 16:16 -0200, Luiz Reuter Silva Torro wrote: > I tried to clear the TPM with the physical presence authorization flag > (tpm_clear -f) and got the error > Tspi_TPM_ClearOwner failed: 0x0000002d - layer=tpm, code=002d (45), > Bad physical presence value > > I read my TPM manual and there is no reference to atest my physical > presence, but I saw somewhere the <Ctrl> key sould be pressed. Did > someone do that? > > > Kent Yoder wrote: > > Yes, this is most likely the case. Converting to unicode is required > > by the TSS spec when entering a password through a popup dialog. > > Axel, have you successfully entered a password through both a windows > > prompt and through trousers? or did you determine the unicode string > > from windows and use the sha-1 of that? I'm just interested in > > whether trousers unicode stuff was in use... > > > > Thanks, > > Kent > > > > On 11/28/05, Axel Heider <axe...@my...> wrote: > > > > > Luiz, > > > > > > > > > > I can't say for sure what the problem is but I have a > > > > test for you to try. This could be because the two > > > > programs are handling transfering what the user types > > > > as a password to the TPM differently for example is > > > > the '\0' character included? > > > > > > > Could also be that the Windows software uses > > > Unicode internally and thus you need to give your > > > password in UNICODE instead of ASCII. And don't > > > forget to test both big endian and little endian > > > encoding. At least that was how I got things work > > > on my machine - convert to Unicode string without > > > a null-terminator. > > > > > > > > > -- > > > Axel > > > > > > > > > > > > -- > > Kent Yoder > > IBM LTC Security Dev. > > > > > > > ------------------------------------------------------- This SF.net > email is sponsored by: Splunk Inc. Do you grep through log files for > problems? Stop! Download the new AJAX search engine that makes > searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! > http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click > _______________________________________________ tpmdd-devel mailing > list tpm...@li... > https://lists.sourceforge.net/lists/listinfo/tpmdd-devel |