Tpm 2.0 takeownership not creating SRK

2.3k views Asked by At

I am totally new and working on TPM 2.0 commands based on link below

https://manpages.debian.org/testing/tpm2-tools/index.html

I am trying to take ownership of TPM in previous version I tried taking ownership it asks password for owner and SRK for TPM 2 its not asking

I have some questions on TPM

  1. How to get EK and SRK using command
  2. How to take ownership
  3. How can i load/retrieve the certificate/key in/from TPM. Is there ant tool to interact with TPM as of now I am using tpm2-tools I googled a lot for it but I am confused wether I am right or not.

Any help many thanks

1

There are 1 answers

3
mnistic On BEST ANSWER

First you would take ownership with tpm2_takeownership. This gives you the hierarchy passwords you will need later on.

Then you would create the endorsement key with tpm2_createek.

Then you would create the storage root key with tpm2_createprimary, under TPM_RH_OWNER. Then you would make the SRK persistent with tpm2_evictcontrol.

It is not clear what you mean by loading the certificate to the TPM... But if you mean signing a key certificate by a root CA and storing it in the TPM, then you would store it in NV RAM and make it persistent (again with tpm2_evictcontrol) at the appropriate index handle (for example, in accordance with the TCG guidance).

NOTE: tpm2_takeownership has been split into tpm2_clear and tpm2_changeauth.