'[TrouSerS-users] Delegating Migration Authority'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       trousers-users
Subject:    [TrouSerS-users] Delegating Migration Authority
From:       Wyllys Ingersoll <wyllys.ingersoll () sun ! com>
Date:       2009-02-19 19:31:22
Message-ID: 499DB38A.7080809 () sun ! com
[Download RAW message or body]


I'm trying to set up a system where the AuthorizeMigrationKey ability
is delegated so that the users do not need to know the owner PIN in order
to use the Tspi_TPM_AuthorizeMigrationTicket and create a migration
blob.  It doesn't appear to be working correctly.

I set it up as follows:
1. Create a new usage policy object
2. set the secret to a new "well known" secret - "foobar", for example.
3. set the TSS_TSPATTRIB_POLDEL_TYPE to TSS_DELEGATIONTYPE_OWNER
4. set the TSS_TSPATTRIB_POLDEL_PER1 to TPM_DELEGATE_AuthorizeMigrationKey
5. Add a Delegation Family (label 'A')
6. Enable the family state to TRUE
7. Create a delegation on the TPM using the family created in step 5 (index 0)
8. Verify the delegation
9. Extract the TSS_TSPATTRIB_POLDEL_OWNERBLOB blob and save it to a file.


I try to use it later as follows:
1. Create a new USAGE policy
2. set the policy secret to same secret as above in step 2 (foobar)
3. set the TSS_TSPATTRIB_POLDEL_TYPE to TSS_DELEGATIONTYPE_OWNER
4. set the TSS_TSPATTRIB_POLDEL_PER1 to TPM_DELEGATE_AuthorizeMigrationKey
5. set the TSS_TSPATTRIB_POLDEL_INDEX to 0 (from step 7 above)
6. load the save delegation blob from step 9 above
7. Set the TSS_TSPATTRIB_POLDEL_OWNERBLOB to the blob loaded from disk
8. Verify the Delegation policy
9. Call Tspi_TPM_AuthorizeMigrationTicket.  
     It fails with TPM_E_AUTHFAIL.


Any idea what I am doing wrong?  Delegation is not well documented (and neither is 
migration, but thats another story).

-Wyllys Ingersoll


------------------------------------------------------------------------------
Open Source Business Conference (OSBC), March 24-25, 2009, San Francisco, CA
-OSBC tackles the biggest issue in open source: Open Sourcing the Enterprise
-Strategies to boost innovation and cut costs with open source participation
-Receive a $600 discount off the registration fee with the source code: SFAD
http://p.sf.net/sfu/XcvMzF8H
_______________________________________________
TrouSerS-users mailing list
TrouSerS-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/trousers-users
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic