RE: [Xen-devel] vtpm_managerd and default passwords

To:	"Luke" <secureboot@xxxxxxxxx>, <xen-devel@xxxxxxxxxxxxxxxxxxx>
Subject:	RE: [Xen-devel] vtpm_managerd and default passwords
From:	"Cihula, Joseph" <joseph.cihula@xxxxxxxxx>
Date:	Thu, 26 Jul 2007 13:53:35 -0700
Delivery-date:	Thu, 26 Jul 2007 13:51:17 -0700
Envelope-to:	www-data@xxxxxxxxxxxxxxxxxx
In-reply-to:	<46A8B61E.2000001@xxxxxxxxx>
List-help:	<mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id:	Xen developer discussion <xen-devel.lists.xensource.com>
List-post:	<mailto:xen-devel@lists.xensource.com>
List-subscribe:	<http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe:	<http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
References:	<46A8B61E.2000001@xxxxxxxxx>
Sender:	xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
Thread-index:	AcfPlTdBJeYtcltVQ+a9sjLCdcfQ4gAMGZIQ
Thread-topic:	[Xen-devel] vtpm_managerd and default passwords

Luke <> scribbled on Thursday, July 26, 2007 7:57 AM:
> Looking through the code in
> tools/vtpm_manager/manager/vtpm_manager.c, I see that when you start
> the vtpm_manager for the first time, that it takes ownership of the
> TPM and sets the password to be 20 unprintable ascii characters (0xff
> 20 times). 
> 
> This seems to work fine, but later, I want to create a key with the
>  TPM. I've made a file using python, using:
> 
> a = ""
> for i in range(20):
>       a = a + "\xff"
> open("ascii_file","w").write(a)
> 
> when I use that as the password, I still get TPM_AUTHFAIL.
> This is using the createkey utility found at:
>
http://domino.research.ibm.com/comm/research_projects.nsf/pages/gsal.TCG
.html/$FILE/tpm-3.2.0.tar.gz
> 
> It's pretty straightforward, so I'm wondering if I'm not understanding
> how the SRK password gets set in actuality.
> 
> Any ideas on what I might be doing wrong/how to fix this?

>From looking at the createkey utility source, it appears that it creates
a SHA-1 hash of the SRK auth provided on the command line.  The vTPM
Manager does not SHA the SRK auth.  So I think that you will need to add
another option to createkey that takes a provided auth as-is and then
try your file of all ff's.

> Specifically, should vtpm_managerd take an SRK password as a
>  parameter? This seems much more sane.  Does this exist already, and
> I've just missed it?

vTPM Manager is not intended to run alongside other TPM applications.
It does not use a TSS, and so it would not work well to try and use the
TPM simulataneously.  Similarly, it is not the expected use model that
once you have started using vTPM Manager that you will stop it, do some
things with the TPM, and then run it again.

Can you describe how you would like to use the TPM and vTPM?

> 
> Apologies if this is more xen-user than xen-devel.
> 
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@xxxxxxxxxxxxxxxxxxx
> http://lists.xensource.com/xen-devel

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

WARNING - OLD ARCHIVES

xen-devel

RE: [Xen-devel] vtpm_managerd and default passwords