Yep. 0's didn't work, but null password did. Thanx. Can you help me understand why this would be an expected, or even acceptable behaviour? Or for that matter why the tools have the 'known password' options. Seems like setting the passwords to widely known ones runs counter to the whole point of the operation.
I'm guessing its for situations where who you are isn't as important as if your running on the box you think your running on. Which actually is consistent with what I'm trying to accomplish. It still seems like null or known passwords is ill advised though. On Tue, Jun 10, 2008 at 12:53 PM, Kent Yoder <[EMAIL PROTECTED]> wrote: > Hmm, ecryptfs_generate_tpm_key may rely on a known SRK password. Try > setting it to all zero's or a hash of zero bytes using tpm-tools and > try again... > > Kent > > On Tue, Jun 10, 2008 at 11:59 AM, Steve Ensley <[EMAIL PROTECTED]> wrote: >> trying to test tpm support on a new motherboard we are evaluating. >> I've been able to install trousers and test it by using tpm_sealdata >> to encrypt a test file but after configuring ecryptfs with the >> --enable-tspi option and making and installing it, when I try to >> generate a key using ecrypt-generate-tpm-key -p 1 I get the following >> error. It doesnt challenge for the owner or srk passwords, just >> immediatly throws the error. >> >> ecryptfs_generate_tpm_key.c:235: Error: Tspi_Key_CreateKey failed: >> Authentication failed >> >> This is on rhel 5.2 with kernel 2.6.18-92. messages shows nothing >> useful and I dont see an arguement to ecrypt-generate-tpm-key to make >> it more verbose.. I've gotten the same result with ecrypt 46 and >> ecrypt 41 which was installed by default and was the version I >> successfully tested previously(after some troubleshooting) on some >> other hardware. >> >> Any advice??? >> >> ------------------------------------------------------------------------- >> Check out the new SourceForge.net Marketplace. >> It's the best place to buy or sell services for >> just about anything Open Source. >> http://sourceforge.net/services/buy/index.php >> _______________________________________________ >> eCryptfs-users mailing list >> eCryptfs-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/ecryptfs-users >> > > > > -- > Kent Yoder > IBM LTC Security Dev. > -- Quotes that make you go Hmm... http://www.globaldialog.com/~steve/ ------------------------------------------------------------------------- Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://sourceforge.net/services/buy/index.php _______________________________________________ eCryptfs-users mailing list eCryptfs-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ecryptfs-users
