The SRK is the parent of all keys used by the chip, so every user on the box will have a need to load it....
On Tue, Jun 10, 2008 at 1:56 PM, Steve Ensley <[EMAIL PROTECTED]> wrote: > Yep. 0's didn't work, but null password did. Thanx. > > Can you help me understand why this would be an expected, or even > acceptable behaviour? Or for that matter why the tools have the > 'known password' options. Seems like setting the passwords to widely > known ones runs counter to the whole point of the operation. > > I'm guessing its for situations where who you are isn't as important > as if your running on the box you think your running on. Which > actually is consistent with what I'm trying to accomplish. It still > seems like null or known passwords is ill advised though. > > On Tue, Jun 10, 2008 at 12:53 PM, Kent Yoder <[EMAIL PROTECTED]> wrote: >> Hmm, ecryptfs_generate_tpm_key may rely on a known SRK password. Try >> setting it to all zero's or a hash of zero bytes using tpm-tools and >> try again... >> >> Kent >> >> On Tue, Jun 10, 2008 at 11:59 AM, Steve Ensley <[EMAIL PROTECTED]> wrote: >>> trying to test tpm support on a new motherboard we are evaluating. >>> I've been able to install trousers and test it by using tpm_sealdata >>> to encrypt a test file but after configuring ecryptfs with the >>> --enable-tspi option and making and installing it, when I try to >>> generate a key using ecrypt-generate-tpm-key -p 1 I get the following >>> error. It doesnt challenge for the owner or srk passwords, just >>> immediatly throws the error. >>> >>> ecryptfs_generate_tpm_key.c:235: Error: Tspi_Key_CreateKey failed: >>> Authentication failed >>> >>> This is on rhel 5.2 with kernel 2.6.18-92. messages shows nothing >>> useful and I dont see an arguement to ecrypt-generate-tpm-key to make >>> it more verbose.. I've gotten the same result with ecrypt 46 and >>> ecrypt 41 which was installed by default and was the version I >>> successfully tested previously(after some troubleshooting) on some >>> other hardware. >>> >>> Any advice??? >>> >>> ------------------------------------------------------------------------- >>> Check out the new SourceForge.net Marketplace. >>> It's the best place to buy or sell services for >>> just about anything Open Source. >>> http://sourceforge.net/services/buy/index.php >>> _______________________________________________ >>> eCryptfs-users mailing list >>> eCryptfs-users@lists.sourceforge.net >>> https://lists.sourceforge.net/lists/listinfo/ecryptfs-users >>> >> >> >> >> -- >> Kent Yoder >> IBM LTC Security Dev. >> > > > > -- > Quotes that make you go Hmm... > http://www.globaldialog.com/~steve/ > -- Kent Yoder IBM LTC Security Dev. ------------------------------------------------------------------------- Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://sourceforge.net/services/buy/index.php _______________________________________________ eCryptfs-users mailing list eCryptfs-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ecryptfs-users
