Hello,
> My first question is: why doesn't it work on the software TPM Emulator?
There are several reasons for that:
- Version 0.3 of TPM Emulator now implements the TPM_MakeIdentity
command but expects TPM_KEY12 idKeyParams instead of TPM_KEY
idKeyParams (see tpm/tpm_identity.c, line 163). At the same time, the
execute_TPM_MakeIdentity function in tpm_cmd_handler.c assumes that the
idKeyParams are of type TPM_KEY. To sum up, TPM Emulator seems to be
inconsistent regarding what data it expects to receive from upper layers
(1.1 vs 1.2 structures). In addition to that, the TrouSerS TSS is
currently only 1.1 compatible and therefore will not send TPM_KEY12 structs.
- To activate the identity, the TPM_ActivateIdentity in the emulator is
required which currently is not implemented (see tpm/tpm_identity.c,
line 339).
To sum up: Currently the TPM Emulator does not provide the required
functionality to do a full AIK creation cycle.
> So my second question is: is this even possible? That is to print out the blob of the AIK key pair.
As said above, the TPM Emulator is not complete regarding AIK creation.
The error you see, most likely is related to that.
Aside from the TPM Emulator problems, printing the AIK is possible. With
the provided toString() method however, all you will get is the
keyHandle of the key. The actual key blobs of a key can be extracted
using the getAttribData method.
> Third question: is it possible to load a TPM key created outside of TPM into the TPM?
It is possible to load an external key into the TPM.
For example, code please have a look at the TestKeys.testWrapKey()
shipped with the jTSS Wrapper.
Regards,
Thomas Winkler
IAIK, TU Graz
|
