Then I booted into Linux using a live CD and loaded and built Trousers
(not as easy as it sounds, fighting with the distribution to load the
openssl and gtk2 libraries needed). I tried out some software to see
how Vista had initialized the chip.
The SRK password was 20 bytes of zeros, unhashed. In TSS terms that is
BYTE srkSecret = TSS_WELL_KNOWN_SECRET;
This is the same SRK secret used by Infineon software on HP laptops
running Windows XP, and possibly some others. It seems to be the
standard that TSS implementations are moving to.
I would suggest that Trousers test software in the testsuite and
tpm-tools should change their default SRK secret to be this, instead
of SHA1("") as it is now. Maybe there could be an environment variable
you could set to get it to use the old value, for backwards
compatibility if that is an issue, but switching to the new value at
this time would seem to make sense.
Log in to post a comment.