Menu
▾
▴
trustedjava-support — Trusted Java General Support
You can subscribe to this list here.
| 2006 |
Jan
|
Feb
|
Mar
|
Apr
|
May
(3) |
Jun
(4) |
Jul
(10) |
Aug
(6) |
Sep
(6) |
Oct
(5) |
Nov
(1) |
Dec
|
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2007 |
Jan
|
Feb
(14) |
Mar
(25) |
Apr
(9) |
May
(10) |
Jun
(9) |
Jul
(33) |
Aug
(52) |
Sep
(15) |
Oct
(6) |
Nov
(4) |
Dec
(6) |
| 2008 |
Jan
(27) |
Feb
(3) |
Mar
(6) |
Apr
(7) |
May
(8) |
Jun
(4) |
Jul
(21) |
Aug
(8) |
Sep
(9) |
Oct
(6) |
Nov
(1) |
Dec
(1) |
| 2009 |
Jan
(1) |
Feb
(1) |
Mar
(10) |
Apr
(7) |
May
(8) |
Jun
(10) |
Jul
(11) |
Aug
(17) |
Sep
(13) |
Oct
(13) |
Nov
(1) |
Dec
(5) |
| 2010 |
Jan
(5) |
Feb
(9) |
Mar
(12) |
Apr
(4) |
May
(5) |
Jun
(3) |
Jul
(7) |
Aug
(7) |
Sep
(3) |
Oct
(12) |
Nov
(5) |
Dec
(2) |
| 2011 |
Jan
(9) |
Feb
(3) |
Mar
(24) |
Apr
(3) |
May
(1) |
Jun
|
Jul
(3) |
Aug
(8) |
Sep
(2) |
Oct
|
Nov
|
Dec
|
| 2012 |
Jan
(4) |
Feb
|
Mar
|
Apr
(3) |
May
(12) |
Jun
(7) |
Jul
(9) |
Aug
|
Sep
(14) |
Oct
(19) |
Nov
(4) |
Dec
|
| 2013 |
Jan
(1) |
Feb
(3) |
Mar
(1) |
Apr
(5) |
May
(3) |
Jun
(7) |
Jul
(6) |
Aug
(4) |
Sep
(1) |
Oct
|
Nov
|
Dec
(2) |
| 2014 |
Jan
|
Feb
(2) |
Mar
(3) |
Apr
(1) |
May
(1) |
Jun
(6) |
Jul
(14) |
Aug
(5) |
Sep
(7) |
Oct
(3) |
Nov
|
Dec
(1) |
| 2015 |
Jan
(3) |
Feb
|
Mar
(4) |
Apr
|
May
(1) |
Jun
(9) |
Jul
|
Aug
(1) |
Sep
|
Oct
(1) |
Nov
(4) |
Dec
(4) |
| 2016 |
Jan
|
Feb
(1) |
Mar
|
Apr
(1) |
May
(2) |
Jun
|
Jul
|
Aug
|
Sep
|
Oct
(2) |
Nov
(1) |
Dec
|
| 2017 |
Jan
|
Feb
|
Mar
(2) |
Apr
(1) |
May
|
Jun
(1) |
Jul
(1) |
Aug
(1) |
Sep
(1) |
Oct
(1) |
Nov
(1) |
Dec
(1) |
| 2018 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
(1) |
Dec
|
| 2020 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
(4) |
Nov
|
Dec
|
| 2021 |
Jan
|
Feb
|
Mar
(11) |
Apr
(2) |
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2022 |
Jan
|
Feb
|
Mar
|
Apr
(2) |
May
(1) |
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2023 |
Jan
|
Feb
|
Mar
|
Apr
(1) |
May
(2) |
Jun
(1) |
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
(1) |
| 2024 |
Jan
(1) |
Feb
|
Mar
|
Apr
(1) |
May
|
Jun
|
Jul
|
Aug
(1) |
Sep
|
Oct
|
Nov
|
Dec
|
| 2025 |
Jan
|
Feb
|
Mar
|
Apr
|
May
(1) |
Jun
(1) |
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
|
From: Mudassar A. <mud...@ho...> - 2011-03-23 13:46:03
|
Hi,
Thanks for your help and I appreciate your prompt support. Now with nonce in
External Data, It worked for my Lenovo X200 laptop which has TPM version
1.2.4.1. But when I run the same code on actual target platform which has
Infinion TPM 1.2.3.16, I get following exception:
Exception in thread "main" java.lang.NullPointerException
at
iaik.tc.tss.impl.java.tsp.internal.TcTspInternal.TspCertifyKey_Internal(TcTspInternal.java:3247)
at iaik.tc.tss.impl.java.tsp.TcRsaKey.certifyKey(TcRsaKey.java:294)
at tests.TestCertifyKey.main(TestCertifyKey.java:130)
Regards.
Mudassar
-----Original Message-----
From: Ronald Tögl
Sent: Wednesday, March 23, 2011 11:32 AM
To: tru...@li...
Cc: Mudassar Aslam
Subject: Re: [Trustedjava-support] NullPointerException in
TcIRsaKey.certifiyKey()
Hi!
Try to place the nonce in the External Data.
hth,
Ronald
On 03/23/2011 11:28 AM, Mudassar Aslam wrote:
> Hi
>
> I tried to initialize it as well but did not work.
>
> TcTssValidation val = new TcTssValidation();
> val.setData(TcBlobData.newString("ddd"));
> TcTssValidation validationResult = bindKey.certifyKey(aikKey, val);
>
> Regards.
>
> Mudassar.
--
Dipl.-Ing. Ronald Tögl phone +43 316/873-5502
Secure and Correct Systems fax +43 316/873-5520
IAIK ron...@ia...
Graz University of Technology http://www.iaik.tugraz.at
|
|
From: Ronald T. <ron...@ia...> - 2011-03-23 11:52:49
|
Hi,
Please respond to the mailing list, unless there is something you would
not like to share with the other readers.
Regarding your issue, use setExternalData(TcBlobData externalData) not
setData() to set the external Data.
Ronald
On 03/23/2011 12:23 PM, Mudassar Aslam wrote:
> Tried this as well with no success:
>
> TcTssValidation val = new TcTssValidation();
> TcTpmNonce N = TcCrypto.createTcgNonce();
> val.setData(N.getNonce());
> TcTssValidation validationResult = bindKey.certifyKey(aikKey, val);
>
> Regards.
>
> Mudassar.
>
> P.S whom should I send these emails for better archive-ability? To
> tru...@li... or Person responding (e.g
> Ronald)?
>
> -----Original Message----- From: Ronald Tögl
> Sent: Wednesday, March 23, 2011 11:32 AM
> To: tru...@li...
> Cc: Mudassar Aslam
> Subject: Re: [Trustedjava-support] NullPointerException in
> TcIRsaKey.certifiyKey()
>
> Hi!
>
> Try to place the nonce in the External Data.
>
> hth,
> Ronald
>
>
>
> On 03/23/2011 11:28 AM, Mudassar Aslam wrote:
>> Hi
>>
>> I tried to initialize it as well but did not work.
>>
>> TcTssValidation val = new TcTssValidation();
>> val.setData(TcBlobData.newString("ddd"));
>> TcTssValidation validationResult = bindKey.certifyKey(aikKey, val);
>>
>> Regards.
>>
>> Mudassar.
--
Dipl.-Ing. Ronald Tögl phone +43 316/873-5502
Secure and Correct Systems fax +43 316/873-5520
IAIK ron...@ia...
Graz University of Technology http://www.iaik.tugraz.at
|
|
From: Mudassar A. <mud...@ho...> - 2011-03-23 11:23:36
|
Tried this as well with no success:
TcTssValidation val = new TcTssValidation();
TcTpmNonce N = TcCrypto.createTcgNonce();
val.setData(N.getNonce());
TcTssValidation validationResult = bindKey.certifyKey(aikKey, val);
Regards.
Mudassar.
P.S whom should I send these emails for better archive-ability? To
tru...@li... or Person responding (e.g Ronald)?
-----Original Message-----
From: Ronald Tögl
Sent: Wednesday, March 23, 2011 11:32 AM
To: tru...@li...
Cc: Mudassar Aslam
Subject: Re: [Trustedjava-support] NullPointerException in
TcIRsaKey.certifiyKey()
Hi!
Try to place the nonce in the External Data.
hth,
Ronald
On 03/23/2011 11:28 AM, Mudassar Aslam wrote:
> Hi
>
> I tried to initialize it as well but did not work.
>
> TcTssValidation val = new TcTssValidation();
> val.setData(TcBlobData.newString("ddd"));
> TcTssValidation validationResult = bindKey.certifyKey(aikKey, val);
>
> Regards.
>
> Mudassar.
--
Dipl.-Ing. Ronald Tögl phone +43 316/873-5502
Secure and Correct Systems fax +43 316/873-5520
IAIK ron...@ia...
Graz University of Technology http://www.iaik.tugraz.at
|
|
From: Ronald T. <ron...@ia...> - 2011-03-23 10:32:45
|
Hi!
Try to place the nonce in the External Data.
hth,
Ronald
On 03/23/2011 11:28 AM, Mudassar Aslam wrote:
> Hi
>
> I tried to initialize it as well but did not work.
>
> TcTssValidation val = new TcTssValidation();
> val.setData(TcBlobData.newString("ddd"));
> TcTssValidation validationResult = bindKey.certifyKey(aikKey, val);
>
> Regards.
>
> Mudassar.
--
Dipl.-Ing. Ronald Tögl phone +43 316/873-5502
Secure and Correct Systems fax +43 316/873-5520
IAIK ron...@ia...
Graz University of Technology http://www.iaik.tugraz.at
|
|
From: Mudassar A. <mud...@ho...> - 2011-03-23 10:28:30
|
Hi
I tried to initialize it as well but did not work.
TcTssValidation val = new TcTssValidation();
val.setData(TcBlobData.newString("ddd"));
TcTssValidation validationResult = bindKey.certifyKey(aikKey, val);
Regards.
Mudassar.
|
|
From: Ronald T. <ron...@ia...> - 2011-03-23 09:36:52
|
Hi,
How about initializing TcTssValidation val first?
Ronald
Am 23.03.2011 00:08, schrieb Mudassar Aslam:
> Hi,
>
> I am trying to certify a key using AIK key. My code was working fine before
> but then I reset my TPM and re-created keys. Probably after that or due to
> any other reason I am now getting following exception.
>
> Exception in thread "main" java.lang.NullPointerException
> at
> iaik.tc.tss.api.structs.common.TcBasicTypeDecoder.checkBoundaryPreconditions(TcBasicTypeDecoder.java:90)
> at iaik.tc.tss.api.structs.tpm.TcTpmNonce.decode(TcTpmNonce.java:78)
> at
> iaik.tc.tss.api.structs.common.TcCompositeTypeDecoder.<init>(TcCompositeTypeDecoder.java:54)
> at
> iaik.tc.tss.api.structs.common.TcCompositeTypeDecoder.<init>(TcCompositeTypeDecoder.java:40)
> at iaik.tc.tss.api.structs.tpm.TcTpmNonce.<init>(TcTpmNonce.java:46)
> at iaik.tc.tss.impl.java.tsp.TcRsaKey.certifyKey(TcRsaKey.java:279)
> at tests.TestCertifyKey.main(TestCertifyKey.java:90)
>
> My code is:
>
> try{
> TcIContext context = new
> TcTssContextFactory().newContextObject();
> context.connect();
>
>
> TcITpm tpm = context.getTpmObject();
>
> TcIPolicy ownerPolicy =
> context.createPolicyObject(TcTssConstants.TSS_POLICY_USAGE);
> ownerPolicy.setSecret(TcTssConstants.TSS_SECRET_MODE_PLAIN,
> Define.OWNER_SECRET);
> ownerPolicy.assignToObject(tpm);
>
>
> /*KEY CREATION*/
>
> //Parent key SRK
> TcIRsaKey srk =
> context.getKeyByUuid(TcTssConstants.TSS_PS_TYPE_SYSTEM,TcUuidFactory.getInstance().getUuidSRK());
> TcIPolicy srkPolicy =
> context.createPolicyObject(TcTssConstants.TSS_POLICY_USAGE);
> srkPolicy.setSecret(TcTssConstants.TSS_SECRET_MODE_SHA1,
> TcBlobData.newByteArray(TcTssConstants.TSS_WELL_KNOWN_SECRET) );
> srkPolicy.assignToObject(srk);
>
>
> /*Binding Key*/
> // Create an empty binding key object
> long keyAttributes = TcTssConstants.TSS_KEY_SIZE_2048 |
> TcTssConstants.TSS_KEY_TYPE_BIND |
> TcTssConstants.TSS_KEY_VOLATILE |
> TcTssConstants.TSS_KEY_NOT_MIGRATABLE |
> TcTssConstants.TSS_KEY_NO_AUTHORIZATION;
> //default
>
> TcIRsaKey bindKey = context.createRsaKeyObject(keyAttributes);
>
> // Bind key usage policy
> TcIPolicy bindKeyPolicy =
> context.createPolicyObject(TcTssConstants.TSS_POLICY_USAGE);
> bindKeyPolicy.setSecret(TcTssConstants.TSS_SECRET_MODE_PLAIN,
> Define.BIND_KEY_SECRET);
> bindKeyPolicy.assignToObject(bindKey);
>
> // Bind key migration policy (just to avoid popup)
> TcIPolicy bindKeyMigrationPolicy =
> context.createPolicyObject(TcTssConstants.TSS_POLICY_MIGRATION);
> bindKeyMigrationPolicy.setSecret(TcTssConstants.TSS_SECRET_MODE_SHA1,
> TcBlobData.newByteArray(TcTssConstants.TSS_WELL_KNOWN_SECRET) );
> bindKeyMigrationPolicy.assignToObject(bindKey);
>
> //Parent key SRK (already loaded)
> bindKey.createKey(srk, null);
>
> /*Store on HDD*/
> TcTssUuid bindKeyUUID =
> TcUuidFactory.getInstance().generateRandomUuid();
> context.registerKey(bindKey, TcTssConstants.TSS_PS_TYPE_SYSTEM,
> bindKeyUUID, TcTssConstants.TSS_PS_TYPE_SYSTEM,
> TcUuidFactory.getInstance().getUuidSRK());
>
> System.out.println("Bind key registered in persistant system
> storage with " + bindKeyUUID.toString());
> bindKey.loadKey(srk);
>
> TcIRsaKey aikKey =
> context.createRsaKeyObject(Define.AIK_KEY_ATTRIBUTES);
>
> // create the UUID of the AIK
> TcTssUuid uuid = new TcTssUuid().initString(Define.aikKeyUuid);
> aikKey = context.getKeyByUuid(TcTssConstants.TSS_PS_TYPE_SYSTEM,
> uuid);
>
> // set usage secret for identity key
> TcIPolicy aikUsgPol =
> context.createPolicyObject(TcTssConstants.TSS_POLICY_USAGE);
> aikUsgPol.setSecret(TcTssConstants.TSS_SECRET_MODE_PLAIN,
> Define.AIK_SECRET);
> aikUsgPol.assignToObject(aikKey);
>
> TcIPolicy aikMigPol =
> context.createPolicyObject(TcTssConstants.TSS_POLICY_MIGRATION);
> aikMigPol.setSecret(TcTssConstants.TSS_SECRET_MODE_PLAIN,
> TcBlobData.newString("none"));
> aikMigPol.assignToObject(aikKey);
> aikKey.loadKey(srk);
>
>
> TcTssValidation val = new TcTssValidation();
> TcTssValidation validationResult = bindKey.certifyKey(aikKey,
> val);
>
>
>
> context.closeContext();
> }
> catch (TcTssException e){
> e.printStackTrace();
> }
>
> }
>
>
>
> Regards.
>
> Mudassar Aslam
>
>
> ------------------------------------------------------------------------------
> Enable your software for Intel(R) Active Management Technology to meet the
> growing manageability and security demands of your customers. Businesses
> are taking advantage of Intel(R) vPro (TM) technology - will your software
> be a part of the solution? Download the Intel(R) Manageability Checker
> today! http://p.sf.net/sfu/intel-dev2devmar
> _______________________________________________
> Trustedjava-support mailing list
> Tru...@li...
> https://lists.sourceforge.net/lists/listinfo/trustedjava-support
|
|
From: Mudassar A. <mud...@ho...> - 2011-03-22 23:08:43
|
Hi,
I am trying to certify a key using AIK key. My code was working fine before
but then I reset my TPM and re-created keys. Probably after that or due to
any other reason I am now getting following exception.
Exception in thread "main" java.lang.NullPointerException
at
iaik.tc.tss.api.structs.common.TcBasicTypeDecoder.checkBoundaryPreconditions(TcBasicTypeDecoder.java:90)
at iaik.tc.tss.api.structs.tpm.TcTpmNonce.decode(TcTpmNonce.java:78)
at
iaik.tc.tss.api.structs.common.TcCompositeTypeDecoder.<init>(TcCompositeTypeDecoder.java:54)
at
iaik.tc.tss.api.structs.common.TcCompositeTypeDecoder.<init>(TcCompositeTypeDecoder.java:40)
at iaik.tc.tss.api.structs.tpm.TcTpmNonce.<init>(TcTpmNonce.java:46)
at iaik.tc.tss.impl.java.tsp.TcRsaKey.certifyKey(TcRsaKey.java:279)
at tests.TestCertifyKey.main(TestCertifyKey.java:90)
My code is:
try{
TcIContext context = new
TcTssContextFactory().newContextObject();
context.connect();
TcITpm tpm = context.getTpmObject();
TcIPolicy ownerPolicy =
context.createPolicyObject(TcTssConstants.TSS_POLICY_USAGE);
ownerPolicy.setSecret(TcTssConstants.TSS_SECRET_MODE_PLAIN,
Define.OWNER_SECRET);
ownerPolicy.assignToObject(tpm);
/*KEY CREATION*/
//Parent key SRK
TcIRsaKey srk =
context.getKeyByUuid(TcTssConstants.TSS_PS_TYPE_SYSTEM,TcUuidFactory.getInstance().getUuidSRK());
TcIPolicy srkPolicy =
context.createPolicyObject(TcTssConstants.TSS_POLICY_USAGE);
srkPolicy.setSecret(TcTssConstants.TSS_SECRET_MODE_SHA1,
TcBlobData.newByteArray(TcTssConstants.TSS_WELL_KNOWN_SECRET) );
srkPolicy.assignToObject(srk);
/*Binding Key*/
// Create an empty binding key object
long keyAttributes = TcTssConstants.TSS_KEY_SIZE_2048 |
TcTssConstants.TSS_KEY_TYPE_BIND |
TcTssConstants.TSS_KEY_VOLATILE |
TcTssConstants.TSS_KEY_NOT_MIGRATABLE |
TcTssConstants.TSS_KEY_NO_AUTHORIZATION;
//default
TcIRsaKey bindKey = context.createRsaKeyObject(keyAttributes);
// Bind key usage policy
TcIPolicy bindKeyPolicy =
context.createPolicyObject(TcTssConstants.TSS_POLICY_USAGE);
bindKeyPolicy.setSecret(TcTssConstants.TSS_SECRET_MODE_PLAIN,
Define.BIND_KEY_SECRET);
bindKeyPolicy.assignToObject(bindKey);
// Bind key migration policy (just to avoid popup)
TcIPolicy bindKeyMigrationPolicy =
context.createPolicyObject(TcTssConstants.TSS_POLICY_MIGRATION);
bindKeyMigrationPolicy.setSecret(TcTssConstants.TSS_SECRET_MODE_SHA1,
TcBlobData.newByteArray(TcTssConstants.TSS_WELL_KNOWN_SECRET) );
bindKeyMigrationPolicy.assignToObject(bindKey);
//Parent key SRK (already loaded)
bindKey.createKey(srk, null);
/*Store on HDD*/
TcTssUuid bindKeyUUID =
TcUuidFactory.getInstance().generateRandomUuid();
context.registerKey(bindKey, TcTssConstants.TSS_PS_TYPE_SYSTEM,
bindKeyUUID, TcTssConstants.TSS_PS_TYPE_SYSTEM,
TcUuidFactory.getInstance().getUuidSRK());
System.out.println("Bind key registered in persistant system
storage with " + bindKeyUUID.toString());
bindKey.loadKey(srk);
TcIRsaKey aikKey =
context.createRsaKeyObject(Define.AIK_KEY_ATTRIBUTES);
// create the UUID of the AIK
TcTssUuid uuid = new TcTssUuid().initString(Define.aikKeyUuid);
aikKey = context.getKeyByUuid(TcTssConstants.TSS_PS_TYPE_SYSTEM,
uuid);
// set usage secret for identity key
TcIPolicy aikUsgPol =
context.createPolicyObject(TcTssConstants.TSS_POLICY_USAGE);
aikUsgPol.setSecret(TcTssConstants.TSS_SECRET_MODE_PLAIN,
Define.AIK_SECRET);
aikUsgPol.assignToObject(aikKey);
TcIPolicy aikMigPol =
context.createPolicyObject(TcTssConstants.TSS_POLICY_MIGRATION);
aikMigPol.setSecret(TcTssConstants.TSS_SECRET_MODE_PLAIN,
TcBlobData.newString("none"));
aikMigPol.assignToObject(aikKey);
aikKey.loadKey(srk);
TcTssValidation val = new TcTssValidation();
TcTssValidation validationResult = bindKey.certifyKey(aikKey,
val);
context.closeContext();
}
catch (TcTssException e){
e.printStackTrace();
}
}
Regards.
Mudassar Aslam
|
|
From: Ronald T. <ron...@ia...> - 2011-03-11 14:56:59
|
Hi, First of all, the SRK is (after taking ownership) always (!) loaded in the TPM. You can get a handle to it with TcIRsaKey srk = context_.createRsaKeyObject(TcTssConstants.TSS_KEY_TSP_SRK); which is exactly what getKeyByUuid() does in case of the SRK UUID anyway. The problem with your code seems to be the TSS_SECRET_MODE_NONE in the migration policy of the key you create. This mode is not supported in jTSS (see documentation). Workaround is to us the well known secret here too. Have a nice weekend, Ronald On 03/11/2011 03:04 PM, Mudassar Aslam wrote: > Hi > > SRK secret is one thing, I am actually unable to load srk instance using > context. Is it possible to load SRK even if it is not registered in system > PS (this is where I think take_ownership is required)? > > Well, I tried to create another key with SRK being its parent key. I used > following code but get error "No secret set for this policy object" when I > call createKey(srk, null). Obviously because SRK is not registered. > > > > /*KEY CREATION*/ > > //Parent key SRK > TcIRsaKey srk = > context.getKeyByUuid(TcTssConstants.TSS_PS_TYPE_SYSTEM,TcUuidFactory.getInstance().getUuidSRK()); > TcIPolicy srkPolicy = > context.createPolicyObject(TcTssConstants.TSS_POLICY_USAGE); > srkPolicy.setSecret(TcTssConstants.TSS_SECRET_MODE_SHA1, > TcBlobData.newByteArray(TcTssConstants.TSS_WELL_KNOWN_SECRET) ); > srkPolicy.assignToObject(srk); > > > /*Binding Key*/ > // Create an empty binding key object > long keyAttributes = TcTssConstants.TSS_KEY_SIZE_2048 | > TcTssConstants.TSS_KEY_TYPE_BIND | > TcTssConstants.TSS_KEY_VOLATILE | > TcTssConstants.TSS_KEY_NOT_MIGRATABLE | > TcTssConstants.TSS_KEY_NO_AUTHORIZATION; > //default > > TcIRsaKey bindKey = context.createRsaKeyObject(keyAttributes); > > // Bind key usage policy > TcIPolicy bindKeyPolicy = > context.createPolicyObject(TcTssConstants.TSS_POLICY_USAGE); > bindKeyPolicy.setSecret(TcTssConstants.TSS_SECRET_MODE_PLAIN, > Define.BIND_KEY_SECRET); > bindKeyPolicy.assignToObject(bindKey); > > // Bind key migration policy (just to avoid popup) > TcIPolicy bindKeyMigrationPolicy = > context.createPolicyObject(TcTssConstants.TSS_POLICY_MIGRATION); > bindKeyMigrationPolicy.setSecret(TcTssConstants.TSS_SECRET_MODE_NONE, > null); > bindKeyMigrationPolicy.assignToObject(bindKey); > > //Parent key SRK > bindKey.createKey(srk, null); > > > Regards. > Mudassar. > > > ------------------------------------------------------------------------------ > Colocation vs. Managed Hosting > A question and answer guide to determining the best fit > for your organization - today and in the future. > http://p.sf.net/sfu/internap-sfd2d > _______________________________________________ > Trustedjava-support mailing list > Tru...@li... > https://lists.sourceforge.net/lists/listinfo/trustedjava-support -- Dipl.-Ing. Ronald Tögl phone +43 316/873-5502 Secure and Correct Systems fax +43 316/873-5520 IAIK ron...@ia... Graz University of Technology http://www.iaik.tugraz.at |
|
From: Mudassar A. <mud...@ho...> - 2011-03-11 14:05:15
|
Hi
SRK secret is one thing, I am actually unable to load srk instance using
context. Is it possible to load SRK even if it is not registered in system
PS (this is where I think take_ownership is required)?
Well, I tried to create another key with SRK being its parent key. I used
following code but get error "No secret set for this policy object" when I
call createKey(srk, null). Obviously because SRK is not registered.
/*KEY CREATION*/
//Parent key SRK
TcIRsaKey srk =
context.getKeyByUuid(TcTssConstants.TSS_PS_TYPE_SYSTEM,TcUuidFactory.getInstance().getUuidSRK());
TcIPolicy srkPolicy =
context.createPolicyObject(TcTssConstants.TSS_POLICY_USAGE);
srkPolicy.setSecret(TcTssConstants.TSS_SECRET_MODE_SHA1,
TcBlobData.newByteArray(TcTssConstants.TSS_WELL_KNOWN_SECRET) );
srkPolicy.assignToObject(srk);
/*Binding Key*/
// Create an empty binding key object
long keyAttributes = TcTssConstants.TSS_KEY_SIZE_2048 |
TcTssConstants.TSS_KEY_TYPE_BIND |
TcTssConstants.TSS_KEY_VOLATILE |
TcTssConstants.TSS_KEY_NOT_MIGRATABLE |
TcTssConstants.TSS_KEY_NO_AUTHORIZATION;
//default
TcIRsaKey bindKey = context.createRsaKeyObject(keyAttributes);
// Bind key usage policy
TcIPolicy bindKeyPolicy =
context.createPolicyObject(TcTssConstants.TSS_POLICY_USAGE);
bindKeyPolicy.setSecret(TcTssConstants.TSS_SECRET_MODE_PLAIN,
Define.BIND_KEY_SECRET);
bindKeyPolicy.assignToObject(bindKey);
// Bind key migration policy (just to avoid popup)
TcIPolicy bindKeyMigrationPolicy =
context.createPolicyObject(TcTssConstants.TSS_POLICY_MIGRATION);
bindKeyMigrationPolicy.setSecret(TcTssConstants.TSS_SECRET_MODE_NONE,
null);
bindKeyMigrationPolicy.assignToObject(bindKey);
//Parent key SRK
bindKey.createKey(srk, null);
Regards.
Mudassar.
|
|
From: Ronald T. <ron...@ia...> - 2011-03-11 13:20:13
|
Hi!
The authentication secret to the SRK should already have been set to the
well known secret at key creation by the Windows tool.
Have you actually tried to use the SRK yet?
Regards,
Ronald
On 03/11/2011 12:22 PM, Mudassar Aslam wrote:
> Hi again,
>
> I am running following code (the same in jTpmTools) to take ownership but
> get "TPM ownership command is disabled". I have checked all windows group
> policies to make sure that takeownership command is allowed. Still unable to
> set SRK to WELL KNOWN SECRET.
>
> note: I am not using jTpmTools because I could not run it even after placing
> all jars in ext_lib folder (which is another issue)
>
> Regards.
>
> Mudassar.
>
> package test;
>
> import iaik.tc.tss.api.constants.tpm.TcTpmErrors;
> import iaik.tc.tss.api.constants.tsp.TcTssConstants;
> import iaik.tc.tss.api.exceptions.common.TcTssException;
> import iaik.tc.tss.api.exceptions.tcs.TcTpmException;
> import iaik.tc.tss.api.structs.common.TcBlobData;
> import iaik.tc.tss.api.structs.tsp.TcTssKmKeyinfo2;
> import iaik.tc.tss.api.structs.tsp.TcUuidFactory;
> import iaik.tc.tss.api.tspi.TcIContext;
> import iaik.tc.tss.api.tspi.TcIPolicy;
> import iaik.tc.tss.api.tspi.TcIRsaKey;
> import iaik.tc.tss.api.tspi.TcITpm;
> import iaik.tc.tss.api.tspi.TcTssContextFactory;
> import iaik.tc.utils.logging.Log;
> import iaik.tc.utils.misc.Utils;
>
> public class MainTakeOwnership {
>
> /**
> * @param args
> */
> public static void main(String[] args) {
> // TODO Auto-generated method stub
> try {
>
> TcIContext context_ = new
> TcTssContextFactory().newContextObject();
> context_.connect();
>
> TcITpm tpm = context_.getTpmObject();
>
> TcIPolicy tpmPolicy =
> context_.createPolicyObject(TcTssConstants.TSS_POLICY_USAGE);
>
> TcBlobData ownerSecret = TcBlobData.newString("ownersecret");
> tpmPolicy.setSecret(TcTssConstants.TSS_SECRET_MODE_PLAIN,
> ownerSecret);
> tpmPolicy.assignToObject(tpm);
>
>
> TcIRsaKey srk =
> context_.createRsaKeyObject(TcTssConstants.TSS_KEY_TSP_SRK);
>
>
> srk.setAttribUint32(TcTssConstants.TSS_TSPATTRIB_KEY_INFO,
> TcTssConstants.TSS_TSPATTRIB_KEYINFO_AUTHDATAUSAGE,
> Utils
> .booleanToByte(true));
>
> TcIPolicy srkPolicy =
> context_.createPolicyObject(TcTssConstants.TSS_POLICY_USAGE);
> TcBlobData srkSecret =
> TcBlobData.newByteArray(TcTssConstants.TSS_WELL_KNOWN_SECRET);
> srkPolicy.setSecret(TcTssConstants.TSS_SECRET_MODE_SHA1,
> srkSecret);
> srkPolicy.assignToObject(srk);
> tpm.takeOwnership(srk, null);
>
> } catch (TcTpmException e) {
> if (e.getErrCode() == TcTpmErrors.TPM_E_OWNER_SET) {
> // this will happen in most cases
> System.out.println("TPM ownership already taken");
> } else if (e.getErrCode() == TcTpmErrors.TPM_E_DISABLED_CMD) {
> // this will happen in some cases
> System.out.println("TPM ownership command is disabled");
> } else if (e.getErrCode() == TcTpmErrors.TPM_E_DISABLED) {
> // this will happen in some cases
> System.out.println("TPM is disabled");
> } else {
> if (true) e.printStackTrace();
> System.out.println("takeOwnership failed");
> }
> } catch (TcTssException e) {
> if (true) e.printStackTrace();
> System.out.println("takeOwnership failed");
> }
> }
> }
>
>
>
>
>
>
>
> -----Original Message-----
> From: Mudassar Aslam
> Sent: Wednesday, March 09, 2011 12:39 PM
> To: tru...@li...
> Subject: How to set SRK secret to TSS_WELL_KNOWN_SECRET
>
>
> Hi
>
> I have initialized my tpm using tpm.msc utility in windows 7. It allowed me
> to set owner password. But I could not find any way to create/set SRK. I
> tried to execute take ownership code but it says "TPM ownership command is
> disabled". I have tried to list tpm keys using
>
> context_.getRegisteredKeysByUuid(null,TcTssConstants.TSS_PS_TYPE_SYSTEM);
>
> but I get null since SRK is not registered. How can I set SRK to
> TSS_WLL_KNOWN_SECRET?
>
> Regards.
>
> Mudassar.
>
>
--
Dipl.-Ing. Ronald Tögl phone +43 316/873-5502
Secure and Correct Systems fax +43 316/873-5520
IAIK ron...@ia...
Graz University of Technology http://www.iaik.tugraz.at
|
|
From: Mudassar A. <mud...@ho...> - 2011-03-11 11:22:49
|
Hi again,
I am running following code (the same in jTpmTools) to take ownership but
get "TPM ownership command is disabled". I have checked all windows group
policies to make sure that takeownership command is allowed. Still unable to
set SRK to WELL KNOWN SECRET.
note: I am not using jTpmTools because I could not run it even after placing
all jars in ext_lib folder (which is another issue)
Regards.
Mudassar.
package test;
import iaik.tc.tss.api.constants.tpm.TcTpmErrors;
import iaik.tc.tss.api.constants.tsp.TcTssConstants;
import iaik.tc.tss.api.exceptions.common.TcTssException;
import iaik.tc.tss.api.exceptions.tcs.TcTpmException;
import iaik.tc.tss.api.structs.common.TcBlobData;
import iaik.tc.tss.api.structs.tsp.TcTssKmKeyinfo2;
import iaik.tc.tss.api.structs.tsp.TcUuidFactory;
import iaik.tc.tss.api.tspi.TcIContext;
import iaik.tc.tss.api.tspi.TcIPolicy;
import iaik.tc.tss.api.tspi.TcIRsaKey;
import iaik.tc.tss.api.tspi.TcITpm;
import iaik.tc.tss.api.tspi.TcTssContextFactory;
import iaik.tc.utils.logging.Log;
import iaik.tc.utils.misc.Utils;
public class MainTakeOwnership {
/**
* @param args
*/
public static void main(String[] args) {
// TODO Auto-generated method stub
try {
TcIContext context_ = new
TcTssContextFactory().newContextObject();
context_.connect();
TcITpm tpm = context_.getTpmObject();
TcIPolicy tpmPolicy =
context_.createPolicyObject(TcTssConstants.TSS_POLICY_USAGE);
TcBlobData ownerSecret = TcBlobData.newString("ownersecret");
tpmPolicy.setSecret(TcTssConstants.TSS_SECRET_MODE_PLAIN,
ownerSecret);
tpmPolicy.assignToObject(tpm);
TcIRsaKey srk =
context_.createRsaKeyObject(TcTssConstants.TSS_KEY_TSP_SRK);
srk.setAttribUint32(TcTssConstants.TSS_TSPATTRIB_KEY_INFO,
TcTssConstants.TSS_TSPATTRIB_KEYINFO_AUTHDATAUSAGE,
Utils
.booleanToByte(true));
TcIPolicy srkPolicy =
context_.createPolicyObject(TcTssConstants.TSS_POLICY_USAGE);
TcBlobData srkSecret =
TcBlobData.newByteArray(TcTssConstants.TSS_WELL_KNOWN_SECRET);
srkPolicy.setSecret(TcTssConstants.TSS_SECRET_MODE_SHA1,
srkSecret);
srkPolicy.assignToObject(srk);
tpm.takeOwnership(srk, null);
} catch (TcTpmException e) {
if (e.getErrCode() == TcTpmErrors.TPM_E_OWNER_SET) {
// this will happen in most cases
System.out.println("TPM ownership already taken");
} else if (e.getErrCode() == TcTpmErrors.TPM_E_DISABLED_CMD) {
// this will happen in some cases
System.out.println("TPM ownership command is disabled");
} else if (e.getErrCode() == TcTpmErrors.TPM_E_DISABLED) {
// this will happen in some cases
System.out.println("TPM is disabled");
} else {
if (true) e.printStackTrace();
System.out.println("takeOwnership failed");
}
} catch (TcTssException e) {
if (true) e.printStackTrace();
System.out.println("takeOwnership failed");
}
}
}
-----Original Message-----
From: Mudassar Aslam
Sent: Wednesday, March 09, 2011 12:39 PM
To: tru...@li...
Subject: How to set SRK secret to TSS_WELL_KNOWN_SECRET
Hi
I have initialized my tpm using tpm.msc utility in windows 7. It allowed me
to set owner password. But I could not find any way to create/set SRK. I
tried to execute take ownership code but it says "TPM ownership command is
disabled". I have tried to list tpm keys using
context_.getRegisteredKeysByUuid(null,TcTssConstants.TSS_PS_TYPE_SYSTEM);
but I get null since SRK is not registered. How can I set SRK to
TSS_WLL_KNOWN_SECRET?
Regards.
Mudassar.
|
|
From: Ronald T. <ron...@ia...> - 2011-03-09 13:52:46
|
Hi, The SRK is not automatically registered in the TSS key database, as it is created within the TPM upon taking ownership. As a trick, you can repeat the taking ownership procedure with jTpmTools - the command will not clear the existing ownership and skip the actual TPM command to create a new SRK but it will in any case store the SRK in the persistent storage. AFAIR tpm.msc always uses the well known secret for the SRK. Regards, Ronald On 03/09/2011 12:39 PM, Mudassar Aslam wrote: > Hi > > I have initialized my tpm using tpm.msc utility in windows 7. It allowed me > to set owner password. But I could not find any way to create/set SRK. I > tried to execute take ownership code but it says "TPM ownership command is > disabled". I have tried to list tpm keys using > > context_.getRegisteredKeysByUuid(null,TcTssConstants.TSS_PS_TYPE_SYSTEM); > > but I get null since SRK is not registered. How can I set SRK to > TSS_WLL_KNOWN_SECRET? > > Regards. > > Mudassar. > > -- Dipl.-Ing. Ronald Tögl phone +43 316/873-5502 Secure and Correct Systems fax +43 316/873-5520 IAIK ron...@ia... Graz University of Technology http://www.iaik.tugraz.at |
|
From: Mudassar A. <mud...@ho...> - 2011-03-09 11:39:29
|
Hi I have initialized my tpm using tpm.msc utility in windows 7. It allowed me to set owner password. But I could not find any way to create/set SRK. I tried to execute take ownership code but it says "TPM ownership command is disabled". I have tried to list tpm keys using context_.getRegisteredKeysByUuid(null,TcTssConstants.TSS_PS_TYPE_SYSTEM); but I get null since SRK is not registered. How can I set SRK to TSS_WLL_KNOWN_SECRET? Regards. Mudassar. |
|
From: Martin P. <Mar...@ia...> - 2011-03-07 16:27:31
|
On 03/07/11 17:14, Mudassar Aslam wrote: > I also tried to dump contents to a file but the resultant file is not a > proper certificate file. proper == ? If you got a file of 1704 bytes as indicated by nv_decode the file should be fine. > Because it could not be parsed by keytool or my > default windows certificate viewer. :-( try standard utils like dumpasn1 ekcert.der or openssl asn1parse -inform DER -in ekcert.der You may also try the examples from the Infineon homepage with your favourite tools first. HTH, Martin |
|
From: Mudassar A. <mud...@ho...> - 2011-03-07 16:14:15
|
Hi again.. I also tried to dump contents to a file but the resultant file is not a proper certificate file. Because it could not be parsed by keytool or my default windows certificate viewer. :-( regards. Mudassar. -----Original Message----- From: Martin Pirker Sent: Monday, March 07, 2011 4:25 PM To: Mudassar Aslam Cc: tru...@li... Subject: Re: [Trustedjava-support] How to read EK Certificate from TPM On 03/07/11 16:19, Mudassar Aslam wrote: > When I execute jTpmTools command that is read_ekcert, I get following > error: > 05:03:49:253 [INFO] ReadEkCert::execute (147): Unable to obtain EK > certificate for this TPM. Hmm... > My TPM has EK certificate which is shown when I use nv_decode command > using > jTpmTools. The output is as follows: > Index Size TPUD Description > ------------------------------------------------------------------------ > 0x10000001 20 bytes ...D deprecated DIR command area from TPM 1.1 > 0x30000001 576 bytes ..UD unknown index > 0x1000f000 1704 bytes ...D TPM Endorsement Key Certificate > 0x50000002 64 bytes .P.D Intel TXT INDEX_AUX Alternatively you can also run jtt nv_decode --index 0x1000f000 --dump-file ekcert.der HTH, Martin |
|
From: Martin P. <Mar...@ia...> - 2011-03-07 15:26:25
|
On 03/07/11 16:19, Mudassar Aslam wrote: > When I execute jTpmTools command that is read_ekcert, I get following error: > 05:03:49:253 [INFO] ReadEkCert::execute (147): Unable to obtain EK > certificate for this TPM. Hmm... > My TPM has EK certificate which is shown when I use nv_decode command using > jTpmTools. The output is as follows: > Index Size TPUD Description > ------------------------------------------------------------------------ > 0x10000001 20 bytes ...D deprecated DIR command area from TPM 1.1 > 0x30000001 576 bytes ..UD unknown index > 0x1000f000 1704 bytes ...D TPM Endorsement Key Certificate > 0x50000002 64 bytes .P.D Intel TXT INDEX_AUX Alternatively you can also run jtt nv_decode --index 0x1000f000 --dump-file ekcert.der HTH, Martin |
|
From: Mudassar A. <mud...@ho...> - 2011-03-07 15:19:36
|
Thanks for your reply. The problem still remains unsolved for me. When I execute jTpmTools command that is read_ekcert, I get following error: 05:03:49:253 [INFO] ReadEkCert::execute (147): Unable to obtain EK certificate for this TPM. My TPM has EK certificate which is shown when I use nv_decode command using jTpmTools. The output is as follows: Index Size TPUD Description ------------------------------------------------------------------------ 0x10000001 20 bytes ...D deprecated DIR command area from TPM 1.1 0x30000001 576 bytes ..UD unknown index 0x1000f000 1704 bytes ...D TPM Endorsement Key Certificate 0x50000002 64 bytes .P.D Intel TXT INDEX_AUX -----Original Message----- From: Martin Pirker Sent: Monday, March 07, 2011 2:54 PM To: Mudassar Aslam Cc: tru...@li... Subject: Re: [Trustedjava-support] How to read EK Certificate from TPM On 03/07/11 14:25, Mudassar Aslam wrote: > 1. How can I read this EK certificate and store it in some folder > (programmatically using jTSS or something else) jTpmTools provides a command for this > 2. Do you have an idea that from where I can get root certificate (of e.g. > Infinion) of EK Certificate provided by Infinion so that I can verify > signature on EK Certificate. http://www.infineon.com/tpm/ HTH, Martin |
|
From: Martin P. <Mar...@ia...> - 2011-03-07 14:29:43
|
On 03/07/11 14:25, Mudassar Aslam wrote: > 1. How can I read this EK certificate and store it in some folder > (programmatically using jTSS or something else) jTpmTools provides a command for this > 2. Do you have an idea that from where I can get root certificate (of e.g. > Infinion) of EK Certificate provided by Infinion so that I can verify > signature on EK Certificate. http://www.infineon.com/tpm/ HTH, Martin |
|
From: Mudassar A. <mud...@ho...> - 2011-03-07 13:25:47
|
Hi I have Infinion TPM which is shipped with EK certificate in TPM NV storage. 1. How can I read this EK certificate and store it in some folder (programmatically using jTSS or something else) 2. Do you have an idea that from where I can get root certificate (of e.g. Infinion) of EK Certificate provided by Infinion so that I can verify signature on EK Certificate. Regards. Mudassar Aslam |
|
From: FADY F. <fad...@ya...> - 2011-02-02 17:40:12
|
Dear Thomas,
I will be very Grateful if you could point me to these papers.
Thank you a lot for your Great informations.
This message was a part of a long mail in my inbox, this was the reason of the
latency in my replay
i just saw all my old mails, and i just replay.
Thanks,
Fady
Date: Thu, 18 Nov 2010 08:05:44 +0100
From: Thomas Winkler <tc...@to...>
Subject: Re: [Trustedjava-support] How to Sign by the private part of
AIK
To: tru...@li...
Message-ID: <201...@to...>
Content-Type: Text/Plain; charset="iso-8859-15"
Hi,
Out of curiosity I had a brief look at the paper. It looks like the authors
actually claim to use an AIK for encryption of arbitrary data. This clearly
should not be possible with a TPM that conforms to the spec. Maybe they use a
binding key that was certified with an AIK and just forgot to mention that in
the paper....
Honestly, I could point you to a number of papers (published at scientific
conferences) that claim to do all sorts of interesting things with TPMs which
should not be possible (such as using the EK for data encryption and signing).
So be careful with what papers claim (even if they are published at peer-
reviewed conferences or workshops).
Bye,
Thomas
On Wednesday 17 November 2010 16:35:09 Ronald T?gl wrote:
> Hello,
>
> I don't know how the authors of this workshop papers implemented this.
> Please consult the TPM spec on the detailed capabilities of and
> operations using identity keys.
>
> Regards,
> Ronald
>
> On 11/17/2010 04:24 PM, FADY FADY wrote:
> > Hello
> >
> > Thanks A Lot for your support,
> >
> > Ok, This means AIK is only capable of quote and certify, is this true?
> > But really, I found a paper on IEEE Computer Magazine
> > http://ieeexplore.ieee.org/Xplore/login.jsp?url=http%3A%2F%2Fieeexplore.i
> > eee.org%2Fiel5%2F5319074%2F5319075%2F05319186.pdf%3Farnumber%3D5319186&au
> > thDecision=-203
> > <http://ieeexplore.ieee.org/Xplore/login.jsp?url=http%3A%2F%2Fieeexplore
> > .ieee.org%2Fiel5%2F5319074%2F5319075%2F05319186.pdf%3Farnumber%3D5319186&
> > authDecision=-203> that speaks about encryption by AIK Public one a
> > remote machine and decryption by AIK private in the key owner machine,
> > this specified in section 3.2 of the paper.
> > The paper is attached in the email.
> >
> > So is this really can be happened and how?
> > Thanks
> >
> > ------------------------------------------------------------------------
> > *From:* Ronald T?gl <ron...@ia...>
> > *To:* FADY FADY <fad...@ya...>
> > *Cc:* tru...@li...
> > *Sent:* Mon, November 8, 2010 10:50:36 AM
> > *Subject:* Re: How to Sign by the private part of AIK
> >
> > Hello,
> >
> > I was referring to the TPM_CertifyKey resp. TPM_CertifyKey2
> > mechanisms, not quote.
> >
> > Ronald
> >
> > On 11/07/2010 02:10 PM, FADY FADY wrote:
> >> Hello,
> >>
> >> Thank You for your response about my last question.
> >>
> >> But does that mean the only way to sign myEnkKey by AIK
> >> is to send
> >>
> >> quote(aik,pcr,nonce) + myEncKey
> >>
> >> To the other party
> >>
> >> Or in general, to sign any data by AIK then encrypt we send
> >>
> >> {quote(aik,pcr,nonce) + theDataToBeSigned} all of these encrypted
> >>
> >> by the other entity encryption key
> >>
> >> Or there is another Way to sign the myEnkKey by AIK?
> >>
> >> Thanks, I Really appreciate your help,
> >> Fady
--
Thomas Winkler
mail: tc...@to...
|
|
From: Ronald T. <ron...@ia...> - 2011-01-25 13:26:55
|
Hi, Tom is right, and I'll just add some explanation to the discussion. Remember that a TSS such as jTSS consists of TSP and TCS layers, connected by some binding interface (local := reliance on the Java class loader or soap := XML over TCP/IP). You alwayse need a single TCS per hardware TPM, because the TCS has been designed to be a software abstraction and management layer of the chip. There can only be one TCS instance per singleton TPM. You can however run arbitrarily many TCS daemons on your system, if you assign them separate TPMs, storage directories and SOAP port numbers. In each of your applications, you can also load just one instance of the TSP library. However, you can create as many TPMContexts and connections to the TCS layer there as you like. You can also connect those contextes to different TCS services (using the hotfix I sent you). Note that you must use SOAP bindings for this. Thus you should be able to use different TPMs at the same time. Still, this has not been tested and side effects might occur. hth, Ronald On 01/25/2011 12:36 PM, Thomas Winkler wrote: >> I just noticed that even iaik.tc.tss.impl.java.tddl.TcTddl is >> implemented as singleton. Doesn't that make it impossible to create >> different TPM connections inside the same runtime JVM? > I still have not understood why you need several TCS instances in one single > JVM. I can understand that you might need several connections to different TCS > instances running in different JVMs. From your application's point of view this > does not look very different than the (hypothetical) case of multiple > connections to different TCS instances in the same VM. And that's something > that should be doable with jTSS without much effort. -- Dipl.-Ing. Ronald Tögl phone +43 316/873-5502 Secure and Correct Systems fax +43 316/873-5520 IAIK ron...@ia... Graz University of Technology http://www.iaik.tugraz.at |
|
From: Thomas W. <tc...@to...> - 2011-01-25 11:36:34
|
Hi, > I just noticed that even iaik.tc.tss.impl.java.tddl.TcTddl is > implemented as singleton. Doesn't that make it impossible to create > different TPM connections inside the same runtime JVM? Well - not impossible but probably a lot of work (not sure how much). It was never the intention of the jTSS design to run multiple TCS instances in one single JVM. But you have all the jTSS source so if you really need that feature... ;-) I still have not understood why you need several TCS instances in one single JVM. I can understand that you might need several connections to different TCS instances running in different JVMs. From your application's point of view this does not look very different than the (hypothetical) case of multiple connections to different TCS instances in the same VM. And that's something that should be doable with jTSS without much effort. Regards, -- Thomas Winkler mail: tc...@to... |
|
From: Sebastian L. <seb...@gm...> - 2011-01-25 11:27:19
|
Hi list, it's me again. I just noticed that even iaik.tc.tss.impl.java.tddl.TcTddl is implemented as singleton. Doesn't that make it impossible to create different TPM connections inside the same runtime JVM? Regards, Sebastian. |
|
From: Sebastian L. <seb...@gm...> - 2011-01-24 15:12:20
|
Hi Thomas, > I'm not sure if jTSS has seen a re-design but I'd say that the TCS layer of > jTSS has been designed to work with one single TPM instance. If you have > multiple TPMs you most likely will end up with one TCS instance per TPM. You, > however, should be able to open connections to several different TCS (and hence > TPM) instances at the TSP level. > > If you really want to follow your approach of handling mutliple TPMs with one > single TCS, this likely will result in a (partial) rewrite of the jTSS TCS > layer. That's exactly what I want. I have one Java application (equals one TSP) running on one JVM and there I want to instantiate several TCS, each with one TDDL connection to one TPM. The problem is: How can I pass different configuration options to each TCS? I can create multiple contexts (connection between TSP and TCS) with TcIContext context0 = new TcTssContextFactory().newContextObject(); but when they accessing TcTcsProperties from inside (i.e. inside TDDL) they all will get the same property values because it is singleton. To summarize: I need a possibility to pass different values to each TCS (TDDL) instance. Regards, Sebastian. |
|
From: Thomas W. <tc...@to...> - 2011-01-24 12:41:04
|
Hi, > Is jTSS even designed to work with multiple TPM devices (software > emulators)? Any Idea on how to be able to pass an ID over to TCS so it > knows which TPM device to talk to? I'm not sure if jTSS has seen a re-design but I'd say that the TCS layer of jTSS has been designed to work with one single TPM instance. If you have multiple TPMs you most likely will end up with one TCS instance per TPM. You, however, should be able to open connections to several different TCS (and hence TPM) instances at the TSP level. If you really want to follow your approach of handling mutliple TPMs with one single TCS, this likely will result in a (partial) rewrite of the jTSS TCS layer. Regards, -- Thomas Winkler mail: tc...@to... |
87 messages has been excluded from this view by a project administrator.
