From: Cihula, J. <jos...@in...> - 2011-07-08 21:09:32
|
> From: Kent Yoder [mailto:shp...@gm...] > Sent: Friday, July 08, 2011 2:07 PM > > Sorry for the ongoing review Stefan, > > > +++ tpm-tools/src/tpm_mgmt/tpm_nvdefine.c > [cut] > > + > > + if (ownerpass || ownerWellKnown) { > > + if (policyGet(hTpm, &hTpmPolicy) != TSS_SUCCESS) > > + goto out_close; > > + if (ownerpass) { > > + if (opswd_len < 0) > > + opswd_len = strlen(ownerpass); > > + if (policySetSecret(hTpmPolicy, opswd_len, > > + (BYTE *)ownerpass) != > > + TSS_SUCCESS) > > + goto out_close; > > + } else { > > + if (policySetSecret(hTpmPolicy, > > + TCPA_SHA1_160_HASH_LEN, > > + (BYTE *)well_known_secret) > > + != TSS_SUCCESS) > > + goto out_close; > > + } > > + } > > Since ownerauth is required for define space we should throw an error here. If the TPM NV is not locked then ownerauth is not required. It would be nice if the tools could support pre-lock provisioning so that they could be used on a manufacturing line. > > + > > + if (askDataPass) { > > + datapass = _GETPASSWD(_("Enter NVRAM data password: > > + "), &dpswd_len, > > + FALSE, useUnicode ); > > Let's set confirm to TRUE here, so that the user doesn't accidentally enter a bad password. > > Kent > > ------------------------------------------------------------------------------ > All of the data generated in your IT infrastructure is seriously valuable. > Why? It contains a definitive record of application performance, security threats, fraudulent > activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. > http://p.sf.net/sfu/splunk-d2d-c2 > _______________________________________________ > TrouSerS-tech mailing list > Tro...@li... > https://lists.sourceforge.net/lists/listinfo/trousers-tech |