Re: [Tpm4java-users] Enabling tpm_readpubek command

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Hi Bryan,

Bryan Smith schrieb:
> I have been trying to perform a platform attestation with tpm4java  
> using the java code provided in the Tutorial, but when I run  
> GenerateAikRequest, I get a "Target command has been disabled" error  
> when it tries to run tpm_readpubek. I tried to enable the command  
> with a command-line TPM tool, but tpm4java formats the owner password  
> in such a way that the owner password cannot be recognize through the  
> command-line. How can I enable the tpm_readpubek command with  
> tpm4java? Thanks.
>   
tpm4java creates the owner (and all other passwords) by hashing the
UTF16 representation of the given string with SHA1. The java code for
this can be found in TssHighLevelImpl.toHkey.
I don't think that there is a way to enable the ReadPubek command once
it has been disabled.

If you need to get the PubEK, you could replace the TPM_ReadPubek
function with TPM_OwnerReadPubek, which requires owner authentication.
But in GenerateAilRequest, the PubEK is only read because it is needed
by the Privacy CA. You can skip this part if you just want to do a
platform attestation.

HTH,
Martin

-- 
Martin Hermanowski
http://martin.hermanowski.name
https://www.xing.com/profile/Martin_Hermanowski/