Menu
▾
▴
Re: [Trustedjava-support] How to set SRK secret to TSS_WELL_KNOWN_SECRET
|
From: Mudassar A. <mud...@ho...> - 2011-03-11 11:22:49
|
Hi again,
I am running following code (the same in jTpmTools) to take ownership but
get "TPM ownership command is disabled". I have checked all windows group
policies to make sure that takeownership command is allowed. Still unable to
set SRK to WELL KNOWN SECRET.
note: I am not using jTpmTools because I could not run it even after placing
all jars in ext_lib folder (which is another issue)
Regards.
Mudassar.
package test;
import iaik.tc.tss.api.constants.tpm.TcTpmErrors;
import iaik.tc.tss.api.constants.tsp.TcTssConstants;
import iaik.tc.tss.api.exceptions.common.TcTssException;
import iaik.tc.tss.api.exceptions.tcs.TcTpmException;
import iaik.tc.tss.api.structs.common.TcBlobData;
import iaik.tc.tss.api.structs.tsp.TcTssKmKeyinfo2;
import iaik.tc.tss.api.structs.tsp.TcUuidFactory;
import iaik.tc.tss.api.tspi.TcIContext;
import iaik.tc.tss.api.tspi.TcIPolicy;
import iaik.tc.tss.api.tspi.TcIRsaKey;
import iaik.tc.tss.api.tspi.TcITpm;
import iaik.tc.tss.api.tspi.TcTssContextFactory;
import iaik.tc.utils.logging.Log;
import iaik.tc.utils.misc.Utils;
public class MainTakeOwnership {
/**
* @param args
*/
public static void main(String[] args) {
// TODO Auto-generated method stub
try {
TcIContext context_ = new
TcTssContextFactory().newContextObject();
context_.connect();
TcITpm tpm = context_.getTpmObject();
TcIPolicy tpmPolicy =
context_.createPolicyObject(TcTssConstants.TSS_POLICY_USAGE);
TcBlobData ownerSecret = TcBlobData.newString("ownersecret");
tpmPolicy.setSecret(TcTssConstants.TSS_SECRET_MODE_PLAIN,
ownerSecret);
tpmPolicy.assignToObject(tpm);
TcIRsaKey srk =
context_.createRsaKeyObject(TcTssConstants.TSS_KEY_TSP_SRK);
srk.setAttribUint32(TcTssConstants.TSS_TSPATTRIB_KEY_INFO,
TcTssConstants.TSS_TSPATTRIB_KEYINFO_AUTHDATAUSAGE,
Utils
.booleanToByte(true));
TcIPolicy srkPolicy =
context_.createPolicyObject(TcTssConstants.TSS_POLICY_USAGE);
TcBlobData srkSecret =
TcBlobData.newByteArray(TcTssConstants.TSS_WELL_KNOWN_SECRET);
srkPolicy.setSecret(TcTssConstants.TSS_SECRET_MODE_SHA1,
srkSecret);
srkPolicy.assignToObject(srk);
tpm.takeOwnership(srk, null);
} catch (TcTpmException e) {
if (e.getErrCode() == TcTpmErrors.TPM_E_OWNER_SET) {
// this will happen in most cases
System.out.println("TPM ownership already taken");
} else if (e.getErrCode() == TcTpmErrors.TPM_E_DISABLED_CMD) {
// this will happen in some cases
System.out.println("TPM ownership command is disabled");
} else if (e.getErrCode() == TcTpmErrors.TPM_E_DISABLED) {
// this will happen in some cases
System.out.println("TPM is disabled");
} else {
if (true) e.printStackTrace();
System.out.println("takeOwnership failed");
}
} catch (TcTssException e) {
if (true) e.printStackTrace();
System.out.println("takeOwnership failed");
}
}
}
-----Original Message-----
From: Mudassar Aslam
Sent: Wednesday, March 09, 2011 12:39 PM
To: tru...@li...
Subject: How to set SRK secret to TSS_WELL_KNOWN_SECRET
Hi
I have initialized my tpm using tpm.msc utility in windows 7. It allowed me
to set owner password. But I could not find any way to create/set SRK. I
tried to execute take ownership code but it says "TPM ownership command is
disabled". I have tried to list tpm keys using
context_.getRegisteredKeysByUuid(null,TcTssConstants.TSS_PS_TYPE_SYSTEM);
but I get null since SRK is not registered. How can I set SRK to
TSS_WLL_KNOWN_SECRET?
Regards.
Mudassar.
|
