All of lore.kernel.org
 help / color / mirror / Atom feed
* [tpm2] Re: Has the take_ownership tool been deprecated in the last release of tpm2-tools?
@ 2020-04-30  0:01 Steven Clark
  0 siblings, 0 replies; 3+ messages in thread
From: Steven Clark @ 2020-04-30  0:01 UTC (permalink / raw)
  To: tpm2

[-- Attachment #1: Type: text/plain, Size: 1799 bytes --]

Also some hardware TPMs come with randomized authorizations to prevent an
attacker from taking control of an unused TPM.  These can usually be
cleared from the BIOS menu, which uses the platform authorization, to prove
physical control/ownership of the machine.

On Wed, Apr 29, 2020 at 2:06 PM Roberts, William C <
william.c.roberts(a)intel.com> wrote:

> The take ownership tool was a combination of tpm2_changeauth and
> tpm2_clear, so you can use those tools
> To do it.
>
> The old tools -c would call tpm2_clear using the lockout hierarchy, which
> is the default for the tool tpm2_clear.
> Tpm2_changeauth, you can just pick what hierarchy and the old and new
> passwords respectively.
>
> Bill
>
>
> > -----Original Message-----
> > From: eduardolfalcao(a)gmail.com [mailto:eduardolfalcao(a)gmail.com]
> > Sent: Wednesday, April 29, 2020 3:59 PM
> > To: tpm2(a)lists.01.org
> > Subject: [tpm2] Has the take_ownership tool been deprecated in the last
> release
> > of tpm2-tools?
> >
> > I know it may be a silly question, but where is the take_ownership
> utility
> > (https://github.com/tpm2-software/tpm2-tools/tree/master/tools)?
> > In previous versions of tpm2-tool, the first step to use the TPM was
> taking
> > ownership.
> > Has this process changed? Do I still need to take ownership?
> >
> > Best regards.
> > _______________________________________________
> > tpm2 mailing list -- tpm2(a)lists.01.org
> > To unsubscribe send an email to tpm2-leave(a)lists.01.org
> > %(web_page_url)slistinfo%(cgiext)s/%(_internal_name)s
> _______________________________________________
> tpm2 mailing list -- tpm2(a)lists.01.org
> To unsubscribe send an email to tpm2-leave(a)lists.01.org
> %(web_page_url)slistinfo%(cgiext)s/%(_internal_name)s
>

[-- Attachment #2: attachment.htm --]
[-- Type: text/html, Size: 2651 bytes --]

^ permalink raw reply	[flat|nested] 3+ messages in thread
* [tpm2] Re: Has the take_ownership tool been deprecated in the last release of tpm2-tools?
@ 2020-04-29 21:06 Roberts, William C
  0 siblings, 0 replies; 3+ messages in thread
From: Roberts, William C @ 2020-04-29 21:06 UTC (permalink / raw)
  To: tpm2

[-- Attachment #1: Type: text/plain, Size: 1152 bytes --]

The take ownership tool was a combination of tpm2_changeauth and tpm2_clear, so you can use those tools
To do it.

The old tools -c would call tpm2_clear using the lockout hierarchy, which is the default for the tool tpm2_clear.
Tpm2_changeauth, you can just pick what hierarchy and the old and new passwords respectively.

Bill


> -----Original Message-----
> From: eduardolfalcao(a)gmail.com [mailto:eduardolfalcao(a)gmail.com]
> Sent: Wednesday, April 29, 2020 3:59 PM
> To: tpm2(a)lists.01.org
> Subject: [tpm2] Has the take_ownership tool been deprecated in the last release
> of tpm2-tools?
> 
> I know it may be a silly question, but where is the take_ownership utility
> (https://github.com/tpm2-software/tpm2-tools/tree/master/tools)?
> In previous versions of tpm2-tool, the first step to use the TPM was taking
> ownership.
> Has this process changed? Do I still need to take ownership?
> 
> Best regards.
> _______________________________________________
> tpm2 mailing list -- tpm2(a)lists.01.org
> To unsubscribe send an email to tpm2-leave(a)lists.01.org
> %(web_page_url)slistinfo%(cgiext)s/%(_internal_name)s

^ permalink raw reply	[flat|nested] 3+ messages in thread
* [tpm2] Re: Has the take_ownership tool been deprecated in the last release of tpm2-tools?
@ 2020-04-29 21:04 Steven Clark
  0 siblings, 0 replies; 3+ messages in thread
From: Steven Clark @ 2020-04-29 21:04 UTC (permalink / raw)
  To: tpm2

[-- Attachment #1: Type: text/plain, Size: 843 bytes --]

Yes, I think the name was a holdover from TPM 1.2.  You should be able to
use tpm2_changeauth to directly change the auths of the
individual hierarchies now (like "-c o" for owner being the object you're
changing the auth on).

On Wed, Apr 29, 2020 at 1:59 PM <eduardolfalcao(a)gmail.com> wrote:

> I know it may be a silly question, but where is the take_ownership utility
> (https://github.com/tpm2-software/tpm2-tools/tree/master/tools)?
> In previous versions of tpm2-tool, the first step to use the TPM was
> taking ownership.
> Has this process changed? Do I still need to take ownership?
>
> Best regards.
> _______________________________________________
> tpm2 mailing list -- tpm2(a)lists.01.org
> To unsubscribe send an email to tpm2-leave(a)lists.01.org
> %(web_page_url)slistinfo%(cgiext)s/%(_internal_name)s
>

[-- Attachment #2: attachment.htm --]
[-- Type: text/html, Size: 1355 bytes --]

^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2020-04-30  0:01 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-04-30  0:01 [tpm2] Re: Has the take_ownership tool been deprecated in the last release of tpm2-tools? Steven Clark
  -- strict thread matches above, loose matches on Subject: below --
2020-04-29 21:06 Roberts, William C
2020-04-29 21:04 Steven Clark

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.