I am totally new and working on TPM 2.0 commands based on link below
https://manpages.debian.org/testing/tpm2-tools/index.html
I am trying to take ownership of TPM in previous version I tried taking ownership it asks password for owner and SRK for TPM 2 its not asking
I have some questions on TPM
- How to get EK and SRK using command
- How to take ownership
- How can i load/retrieve the certificate/key in/from TPM. Is there ant tool to interact with TPM as of now I am using tpm2-tools I googled a lot for it but I am confused wether I am right or not.
Any help many thanks
First you would take ownership with
tpm2_takeownership
. This gives you the hierarchy passwords you will need later on.Then you would create the endorsement key with
tpm2_createek
.Then you would create the storage root key with
tpm2_createprimary
, underTPM_RH_OWNER
. Then you would make the SRK persistent withtpm2_evictcontrol
.It is not clear what you mean by loading the certificate to the TPM... But if you mean signing a key certificate by a root CA and storing it in the TPM, then you would store it in NV RAM and make it persistent (again with
tpm2_evictcontrol
) at the appropriate index handle (for example, in accordance with theTCG guidance
).NOTE: tpm2_takeownership has been split into tpm2_clear and tpm2_changeauth.