Re: [Trustedjava-support] Another problem when running tests

[Thomas W. <tho...@ia...>]

Hi Carolin,

> when I first clear the owner, using the clearOwner method of the TcITpm
> class, a new owner can be set. But where does the wrapper store the
> information whether a TPM has already been owned or not? I think, there
> has to be a file on my HD. I thought, it has to be in the system.data
> file in /var/tpm/, but deleting this file and reloading the module does
> not help...

Nor the wrapper nor the TSS stores if the TPM is already owned. The TPM
itself knows if ownership is already taken or not. The file
/usr/local/var/lib/tpm/system.data is the persistent system storage of
the TrouSerS TSS.
If you are using TPM emulator, there is another file representing the
internal state of the TPM. It's default location is /var/tpm. The file
name starts with tpm_emulator (the exact name depends on the version of
the emulator you are using). Note that this file might not exist until
you unload the emulator module. Upon unloading the emulator writes it's
internal state to this file.
So - if you want to start with a clean setup: Unload the emulator, make
sure /var/tpm is empty and also delete the system.data file of TrouSerS
(note that there also might be a ~/.trousers/user.data file from
TrouSerS 0.2.7 onwards). Then load them emulator and start TrouSerS.

The "Authentication failed" message you mentioned in your last mail is a
known issue but the reasons for it are currently unclear. This seems to
occur if the TSS/TPM is put under stress (i.e. it occasionally happens
if you are running sequences with many TPM operations but it does not
happen when executing them one by one). The problem has been reported to
Kent Yoder (TrouSerS maintainer) and was confirmed by him. A solution is
currently not known.
I personally do not think that it is a problem of the jTSS wrapper
because one can also trigger this behaviour when using TrouSerS with
plain C test programs.

Regards,
Thomas Winkler
IAIK, TU Graz, Austria