#25 Match windows TSS default passwords in tpm-tools

closed-fixed
nobody
None
5
2007-11-02
2007-09-24
Kent Yoder
No

Then I booted into Linux using a live CD and loaded and built Trousers
(not as easy as it sounds, fighting with the distribution to load the
openssl and gtk2 libraries needed). I tried out some software to see
how Vista had initialized the chip.

The SRK password was 20 bytes of zeros, unhashed. In TSS terms that is

BYTE srkSecret[] = TSS_WELL_KNOWN_SECRET;
Tspi_Policy_SetSecret(hSrkPolicy, TSS_SECRET_MODE_SHA1,
sizeof(srkSecret), srkSecret);

This is the same SRK secret used by Infineon software on HP laptops
running Windows XP, and possibly some others. It seems to be the
standard that TSS implementations are moving to.

I would suggest that Trousers test software in the testsuite and
tpm-tools should change their default SRK secret to be this, instead
of SHA1("") as it is now. Maybe there could be an environment variable
you could set to get it to use the old value, for backwards
compatibility if that is an issue, but switching to the new value at
this time would seem to make sense.

Discussion

  • Kent Yoder

    Kent Yoder - 2007-11-02

    Logged In: YES
    user_id=1168529
    Originator: YES

    Fixed in tpm-tools 1.3.0

     
  • Kent Yoder

    Kent Yoder - 2007-11-02
    • status: open --> closed-fixed
     

Log in to post a comment.