[prev in list] [next in list] [prev in thread] [next in thread] 

List:       trousers-users
Subject:    Re: [TrouSerS-users] clearing out keys?
From:       Rajiv Andrade <srajiv () linux ! vnet ! ibm ! com>
Date:       2011-01-26 15:22:44
Message-ID: 4D403C44.5020303 () linux ! vnet ! ibm ! com
[Download RAW message or body]

On 11/29/2010 07:24 PM, Wyllys Ingersoll wrote:
> I have a TPM that apparently has a bunch of keys loaded that I need to evict.
> Is it possible to do so without knowing their handle's or without doing
> a complete reset?
>
> TSS_TPMCAP_PROP_MAXKEYS = 21 and TSS_TPMCAP_PROP_KEYS = 10.
> Where is the rest of the space for the other 11 keys?  I know that no one else
> is using this machine or TPM.  EvictKey or UnloadKey only work if you know
> the handle, but I dont see how to get the handles.
>
> thanks,
>    Wyllys

Hi Wyllys,

You must probe the list of handles first, and then flush one by one 
IIRC. However, the next TSS Errata will contain a command to perform 
such job, and this very command should be incorporated in TrouSerS 
shortly. For meanwhile reference, TrouSerS cleans the TPM out of keys 
that are in the TCS cache, and the code that does so is inside 
clearUnknownKeys() function.

Additionally, TrouSerS should also handle loaded keys that aren't in 
such cache for some reason (do you know how yours specifically were left 
there?), probably by cleaning it at every tcsd restart, since they are 
backed up in /var/lib/tpm/system.data?

Thanks,
Rajiv Andrade
Security Development
IBM Linux Technology Center
> ------------------------------------------------------------------------------
> Increase Visibility of Your 3D Game App&  Earn a Chance To Win $500!
> Tap into the largest installed PC base&  get more eyes on your game by
> optimizing for Intel(R) Graphics Technology. Get started today with the
> Intel(R) Software Partner Program. Five $500 cash prizes are up for grabs.
> http://p.sf.net/sfu/intelisp-dev2dev
> _______________________________________________
> TrouSerS-users mailing list
> TrouSerS-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/trousers-users


------------------------------------------------------------------------------
Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)!
Finally, a world-class log management solution at an even better price-free!
Download using promo code Free_Logger_4_Dev2Dev. Offer expires 
February 28th, so secure your free ArcSight Logger TODAY! 
http://p.sf.net/sfu/arcsight-sfd2d
_______________________________________________
TrouSerS-users mailing list
TrouSerS-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/trousers-users
[prev in list] [next in list] [prev in thread] [next in thread]