From: Nektarios I. <ine...@gm...> - 2007-08-20 10:42:04
|
Hello, >JTpmTools simulates a full AIK cycle, not only keys but also with certificates. >case a) JTSS contains EK cert handling >case b) JTssWrapper does not (because TrouSerS does not) Yes. I've seen a note on this somewhere in the code :-) >a) works because JTpmTools looks for an EK cert on-chip and >if you don't have one builds a fake one on-the-fly. > >b) does not work because JTpmTools does not know which stack version is >running (remember, the top level API is the same). JTT tries to fetch >the certificate from the chip, but this method only exists in a native >version (=JTSS code), but running both obviously conflicts with usage of /dev/tpm. Yes. This is what I concluded as well... albeit after hours of going through the code...lol >So the solution for the JTssWrapper case is to tell JTT to have faith >that the stack already has an EK cert loaded, or as the command-line docu says: > > --noek ... EK certificate is already known by TSS (e.g. via tcsd.conf > of TrouSerS) I have tried to specify an "ek.cert" file either through jtt "--ekfile" option or through tcsd.conf (and chosing --noek for jtt) but both give this error: ------------------------------------------------------------------------------------------------------------------ 11:38:54:485 [WARN] PrivacyCa::<clinit> (86): could not load CLIENT PrivacyCA default certificate (ok on server) iaik.tc.tss.api.exceptions.tcs.TcTpmException: TSS Error: error layer: 0x00 (TPM) error code (without layer): 0x22 error code (full): 0x22 error message: An invalid handle was used. at iaik.tc.tss.impl.jni.tsp.TcBaseObject.handleRetCode( TcBaseObject.java:104) 11:38:54:681 [ERROR] AikCreate::execute (345): client: CollateIdentityRequest failed at iaik.tc.tss.impl.jni.tsp.TcTpm.collateIdentityRequest(TcTpm.java :1071) at iaik.tc.apps.jtt.aik.Client.collateIdentityReq(Client.java:110) at iaik.tc.apps.jtt.aik.AikCreate.execute(AikCreate.java:341) at iaik.tc.utils.cmdline.SubCommand.run(SubCommand.java:80) at iaik.tc.utils.cmdline.SubCommandParser.parse( SubCommandParser.java:52) at iaik.tc.apps.JTpmTools.main(JTpmTools.java:110) at com.test.CommandTool.main(CommandTool.java:27) ----------------------------------------------------------------------------------------------------------------------- I am guessing this is an issue with my certificate file. I have created this using the examples of TcCerts (with TcCerts) but I'm not sure if this is correct. Many thanks, Nektarios |