Seiji Munetoh
seiji****@gmail*****
Mon Nov 28 23:24:45 JST 2011
Hi Edward, The workaround is not implemented yet. I have to modify the code from now. regards, -- Seiji On Mon, Nov 28, 2011 at 7:11 PM, Yang, Xiao (Linux) <Xiao.Yang �� windriver.com> wrote: > Hi Seiji, > > Glad to hear quick workaround for this issue does exist if modify OpenPTS. > >>Hi, >> >>On Mon, Nov 28, 2011 at 5:48 PM, Yang, Xiao (Linux) >><Xiao.Yang �� windriver.com> wrote: >>>> Ok, I had same error. >>>> Probably the reason is that this TPM does not support old TPM (v1.1b?) >>>> behavior. >>> >>> Hi Seiji, >>> >>> Exactly, now Wind River and Intel and Infineon's developers all involved. >>> >>> We got this information from Infineon that their chip (IFX SLB9635) on my >>> system 'exclusively' support TSS 1.2 spec. >> >>That explains everything. >> >>The next problem is TrouSerS's LoadKeyByUUID function does not support >>auth secret. >> >>The quick workaround is OpenPTS uses LoadKeyByBlob in place of >>LoadKeyByUUID for this TPM. >>So the key blob will be stored in some place. e.g. /var/lib/openpts/key.blob >>And the key auth type and storage location will be configured by /etc/ptsc.conf. > > Could you please tell more about how to write ptsc.conf to use this work > around ? > > According to my study into your souce code, seems replacing LoadKeyByUUID > to LoadKeyByBlob can not be triggered with only configurations' change. > > From my understanding, currently openpts-0.2.5 hard-coding use SYSTEM as > ps_type, TSS_PS_TYPE_USER as 1, TSS_PS_TYPE_SYSTEM as 2, but 0 for > key blob will never happen unless modify source code. Is it correct ? > > $ vi src/ptsc.c > 490 int main(int argc, char *argv[]) { > 491 int rc; > 679 rc = getTssPubKey( > 680 conf->uuid->uuid, > 681 TSS_PS_TYPE_SYSTEM, > 682 conf->srk_password_mode, > 683 conf->tpm_resetdalock, > 684 NULL, > > I saw ps_type is hard-coding 'SYSTEM', and filename arg is 'NULL'. > > $ vi src/tss.c > 653 int getTssPubKey( > 654 PTS_UUID *uuid, > 655 int ps_type, > 656 int srk_password_mode, > 657 int resetdalock, > 658 char *filename, int *pubkey_length, BYTE **pubkey) { > 754 /* Load AIK or Sign key */ > 755 if (ps_type == 0) { > 756 /* Blob file */ > 757 FILE *fp; > 777 } else { > 778 /* TSS PS*/ > 779 result = Tspi_Context_LoadKeyByUUID( > 780 hContext, > 781 (UINT32) ps_type, // TSS_PS_TYPE_SYSTEM, > > So... when you say 'workaround', do you mean further modify code in this call > trace, pass 0 as 2nd arg and /var/lig/openpts/key.blob as 5th arg to getTssPubKey()? > > Thanks. > > Best Regards > Edward.Yang (#7023) > >> >>regards, >>-- >>Seiji