Menu
▾
▴
Re: [Trustedjava-support] How to set SRK secret to TSS_WELL_KNOWN_SECRET
|
From: Ronald T. <ron...@ia...> - 2011-03-11 13:20:13
|
Hi!
The authentication secret to the SRK should already have been set to the
well known secret at key creation by the Windows tool.
Have you actually tried to use the SRK yet?
Regards,
Ronald
On 03/11/2011 12:22 PM, Mudassar Aslam wrote:
> Hi again,
>
> I am running following code (the same in jTpmTools) to take ownership but
> get "TPM ownership command is disabled". I have checked all windows group
> policies to make sure that takeownership command is allowed. Still unable to
> set SRK to WELL KNOWN SECRET.
>
> note: I am not using jTpmTools because I could not run it even after placing
> all jars in ext_lib folder (which is another issue)
>
> Regards.
>
> Mudassar.
>
> package test;
>
> import iaik.tc.tss.api.constants.tpm.TcTpmErrors;
> import iaik.tc.tss.api.constants.tsp.TcTssConstants;
> import iaik.tc.tss.api.exceptions.common.TcTssException;
> import iaik.tc.tss.api.exceptions.tcs.TcTpmException;
> import iaik.tc.tss.api.structs.common.TcBlobData;
> import iaik.tc.tss.api.structs.tsp.TcTssKmKeyinfo2;
> import iaik.tc.tss.api.structs.tsp.TcUuidFactory;
> import iaik.tc.tss.api.tspi.TcIContext;
> import iaik.tc.tss.api.tspi.TcIPolicy;
> import iaik.tc.tss.api.tspi.TcIRsaKey;
> import iaik.tc.tss.api.tspi.TcITpm;
> import iaik.tc.tss.api.tspi.TcTssContextFactory;
> import iaik.tc.utils.logging.Log;
> import iaik.tc.utils.misc.Utils;
>
> public class MainTakeOwnership {
>
> /**
> * @param args
> */
> public static void main(String[] args) {
> // TODO Auto-generated method stub
> try {
>
> TcIContext context_ = new
> TcTssContextFactory().newContextObject();
> context_.connect();
>
> TcITpm tpm = context_.getTpmObject();
>
> TcIPolicy tpmPolicy =
> context_.createPolicyObject(TcTssConstants.TSS_POLICY_USAGE);
>
> TcBlobData ownerSecret = TcBlobData.newString("ownersecret");
> tpmPolicy.setSecret(TcTssConstants.TSS_SECRET_MODE_PLAIN,
> ownerSecret);
> tpmPolicy.assignToObject(tpm);
>
>
> TcIRsaKey srk =
> context_.createRsaKeyObject(TcTssConstants.TSS_KEY_TSP_SRK);
>
>
> srk.setAttribUint32(TcTssConstants.TSS_TSPATTRIB_KEY_INFO,
> TcTssConstants.TSS_TSPATTRIB_KEYINFO_AUTHDATAUSAGE,
> Utils
> .booleanToByte(true));
>
> TcIPolicy srkPolicy =
> context_.createPolicyObject(TcTssConstants.TSS_POLICY_USAGE);
> TcBlobData srkSecret =
> TcBlobData.newByteArray(TcTssConstants.TSS_WELL_KNOWN_SECRET);
> srkPolicy.setSecret(TcTssConstants.TSS_SECRET_MODE_SHA1,
> srkSecret);
> srkPolicy.assignToObject(srk);
> tpm.takeOwnership(srk, null);
>
> } catch (TcTpmException e) {
> if (e.getErrCode() == TcTpmErrors.TPM_E_OWNER_SET) {
> // this will happen in most cases
> System.out.println("TPM ownership already taken");
> } else if (e.getErrCode() == TcTpmErrors.TPM_E_DISABLED_CMD) {
> // this will happen in some cases
> System.out.println("TPM ownership command is disabled");
> } else if (e.getErrCode() == TcTpmErrors.TPM_E_DISABLED) {
> // this will happen in some cases
> System.out.println("TPM is disabled");
> } else {
> if (true) e.printStackTrace();
> System.out.println("takeOwnership failed");
> }
> } catch (TcTssException e) {
> if (true) e.printStackTrace();
> System.out.println("takeOwnership failed");
> }
> }
> }
>
>
>
>
>
>
>
> -----Original Message-----
> From: Mudassar Aslam
> Sent: Wednesday, March 09, 2011 12:39 PM
> To: tru...@li...
> Subject: How to set SRK secret to TSS_WELL_KNOWN_SECRET
>
>
> Hi
>
> I have initialized my tpm using tpm.msc utility in windows 7. It allowed me
> to set owner password. But I could not find any way to create/set SRK. I
> tried to execute take ownership code but it says "TPM ownership command is
> disabled". I have tried to list tpm keys using
>
> context_.getRegisteredKeysByUuid(null,TcTssConstants.TSS_PS_TYPE_SYSTEM);
>
> but I get null since SRK is not registered. How can I set SRK to
> TSS_WLL_KNOWN_SECRET?
>
> Regards.
>
> Mudassar.
>
>
--
Dipl.-Ing. Ronald Tögl phone +43 316/873-5502
Secure and Correct Systems fax +43 316/873-5520
IAIK ron...@ia...
Graz University of Technology http://www.iaik.tugraz.at
|
