On 07/08/2011 05:06 PM, Kent Yoder wrote:
> Sorry for the ongoing review Stefan,
No problem...
>> +++ tpm-tools/src/tpm_mgmt/tpm_nvdefine.c
> [cut]
>> +
>> + if (ownerpass || ownerWellKnown) {
>> + if (policyGet(hTpm,&hTpmPolicy) != TSS_SUCCESS)
>> + goto out_close;
>> + if (ownerpass) {
>> + if (opswd_len< 0)
>> + opswd_len = strlen(ownerpass);
>> + if (policySetSecret(hTpmPolicy, opswd_len,
>> + (BYTE *)ownerpass) !=
>> TSS_SUCCESS)
>> + goto out_close;
>> + } else {
>> + if (policySetSecret(hTpmPolicy,
>> TCPA_SHA1_160_HASH_LEN,
>> + (BYTE *)well_known_secret) !=
>> TSS_SUCCESS)
>> + goto out_close;
>> + }
>> + }
> Since ownerauth is required for define space we should throw an error here.
>
It's not required as long as one doesn't define the location 0xffffffff.
After that it's a fault and at least the tool will report an eror.
>> +
>> + if (askDataPass) {
>> + datapass = _GETPASSWD(_("Enter NVRAM data password:
>> "),&dpswd_len,
>> + FALSE, useUnicode );
> Let's set confirm to TRUE here, so that the user doesn't accidentally enter
> a bad password.
Ok. Will fix.
Stefan
> Kent
------------------------------------------------------------------------------
All of the data generated in your IT infrastructure is seriously valuable.
Why? It contains a definitive record of application performance, security
threats, fraudulent activity, and more. Splunk takes this data and makes
sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-d2d-c2
_______________________________________________
TrouSerS-tech mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/trousers-tech
