47e946e784719ae402ace34695f67b0e6e76ae5cWyllys Ingersoll * CDDL HEADER START
47e946e784719ae402ace34695f67b0e6e76ae5cWyllys Ingersoll * The contents of this file are subject to the terms of the
47e946e784719ae402ace34695f67b0e6e76ae5cWyllys Ingersoll * Common Development and Distribution License (the "License").
47e946e784719ae402ace34695f67b0e6e76ae5cWyllys Ingersoll * You may not use this file except in compliance with the License.
47e946e784719ae402ace34695f67b0e6e76ae5cWyllys Ingersoll * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
47e946e784719ae402ace34695f67b0e6e76ae5cWyllys Ingersoll * or http://www.opensolaris.org/os/licensing.
47e946e784719ae402ace34695f67b0e6e76ae5cWyllys Ingersoll * See the License for the specific language governing permissions
47e946e784719ae402ace34695f67b0e6e76ae5cWyllys Ingersoll * and limitations under the License.
47e946e784719ae402ace34695f67b0e6e76ae5cWyllys Ingersoll * When distributing Covered Code, include this CDDL HEADER in each
47e946e784719ae402ace34695f67b0e6e76ae5cWyllys Ingersoll * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
47e946e784719ae402ace34695f67b0e6e76ae5cWyllys Ingersoll * If applicable, add the following below this CDDL HEADER, with the
47e946e784719ae402ace34695f67b0e6e76ae5cWyllys Ingersoll * fields enclosed by brackets "[]" replaced with your own identifying
47e946e784719ae402ace34695f67b0e6e76ae5cWyllys Ingersoll * information: Portions Copyright [yyyy] [name of copyright owner]
47e946e784719ae402ace34695f67b0e6e76ae5cWyllys Ingersoll * CDDL HEADER END
47e946e784719ae402ace34695f67b0e6e76ae5cWyllys Ingersoll * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
47e946e784719ae402ace34695f67b0e6e76ae5cWyllys Ingersoll * Use is subject to license terms.
47e946e784719ae402ace34695f67b0e6e76ae5cWyllys Ingersollint cmd_status(TSS_HCONTEXT hContext, TSS_HTPM hTPM, int argc, char *argv[]);
47e946e784719ae402ace34695f67b0e6e76ae5cWyllys Ingersollint cmd_init(TSS_HCONTEXT hContext, TSS_HTPM hTPM, int argc, char *argv[]);
47e946e784719ae402ace34695f67b0e6e76ae5cWyllys Ingersollint cmd_clear(TSS_HCONTEXT hContext, TSS_HTPM hTPM, int argc, char *argv[]);
47e946e784719ae402ace34695f67b0e6e76ae5cWyllys Ingersollint cmd_auth(TSS_HCONTEXT hContext, TSS_HTPM hTPM, int argc, char *argv[]);
47e946e784719ae402ace34695f67b0e6e76ae5cWyllys Ingersollint cmd_keyinfo(TSS_HCONTEXT hContext, TSS_HTPM hTPM, int argc, char *argv[]);
47e946e784719ae402ace34695f67b0e6e76ae5cWyllys Ingersollint cmd_deletekey(TSS_HCONTEXT hContext, TSS_HTPM hTPM, int argc, char *argv[]);
47e946e784719ae402ace34695f67b0e6e76ae5cWyllys Ingersollprint_tpm_version(TSS_HCONTEXT hContext, TSS_HOBJECT hTPM)
47e946e784719ae402ace34695f67b0e6e76ae5cWyllys Ingersoll if (get_tpm_capability(hContext, hTPM, TSS_TPMCAP_VERSION_VAL,
47e946e784719ae402ace34695f67b0e6e76ae5cWyllys Ingersoll (void) printf(gettext("TPM Version: %d.%d (%c%c%c%c Rev: %d.%d, "
47e946e784719ae402ace34695f67b0e6e76ae5cWyllys Ingersoll "SpecLevel: %d, ErrataRev: %d)\n"),
47e946e784719ae402ace34695f67b0e6e76ae5cWyllys Ingersolltpm_is_owned(TSS_HCONTEXT hContext, TSS_HOBJECT hTPM)
47e946e784719ae402ace34695f67b0e6e76ae5cWyllys Ingersoll if (get_tpm_capability(hContext, hTPM, TSS_TPMCAP_PROPERTY,
47e946e784719ae402ace34695f67b0e6e76ae5cWyllys Ingersoll TSS_TPMCAP_PROP_OWNER, &owned, sizeof (owned)))
47e946e784719ae402ace34695f67b0e6e76ae5cWyllys Ingersollprint_tpm_resources(TSS_HCONTEXT hContext, TSS_HOBJECT hTPM)
47e946e784719ae402ace34695f67b0e6e76ae5cWyllys Ingersoll if (get_tpm_capability(hContext, hTPM, TSS_TPMCAP_PROPERTY,
47e946e784719ae402ace34695f67b0e6e76ae5cWyllys Ingersoll TSS_TPMCAP_PROP_MAXCONTEXTS, &max, sizeof (max)))
47e946e784719ae402ace34695f67b0e6e76ae5cWyllys Ingersoll if (get_tpm_capability(hContext, hTPM, TSS_TPMCAP_PROPERTY,
47e946e784719ae402ace34695f67b0e6e76ae5cWyllys Ingersoll TSS_TPMCAP_PROP_CONTEXTS, &avail, sizeof (avail)))
47e946e784719ae402ace34695f67b0e6e76ae5cWyllys Ingersoll (void) printf(gettext("\tContexts: %d/%d available\n"), avail, max);
47e946e784719ae402ace34695f67b0e6e76ae5cWyllys Ingersoll if (get_tpm_capability(hContext, hTPM, TSS_TPMCAP_PROPERTY,
47e946e784719ae402ace34695f67b0e6e76ae5cWyllys Ingersoll TSS_TPMCAP_PROP_MAXSESSIONS, &max, sizeof (max)))
47e946e784719ae402ace34695f67b0e6e76ae5cWyllys Ingersoll if (get_tpm_capability(hContext, hTPM, TSS_TPMCAP_PROPERTY,
47e946e784719ae402ace34695f67b0e6e76ae5cWyllys Ingersoll TSS_TPMCAP_PROP_SESSIONS, &avail, sizeof (avail)))
47e946e784719ae402ace34695f67b0e6e76ae5cWyllys Ingersoll (void) printf(gettext("\tSessions: %d/%d available\n"), avail, max);
47e946e784719ae402ace34695f67b0e6e76ae5cWyllys Ingersoll if (get_tpm_capability(hContext, hTPM, TSS_TPMCAP_PROPERTY,
47e946e784719ae402ace34695f67b0e6e76ae5cWyllys Ingersoll TSS_TPMCAP_PROP_MAXAUTHSESSIONS, &max, sizeof (max)))
47e946e784719ae402ace34695f67b0e6e76ae5cWyllys Ingersoll if (get_tpm_capability(hContext, hTPM, TSS_TPMCAP_PROPERTY,
47e946e784719ae402ace34695f67b0e6e76ae5cWyllys Ingersoll TSS_TPMCAP_PROP_AUTHSESSIONS, &avail, sizeof (avail)))
47e946e784719ae402ace34695f67b0e6e76ae5cWyllys Ingersoll (void) printf(gettext("\tAuth Sessions: %d/%d available\n"),
47e946e784719ae402ace34695f67b0e6e76ae5cWyllys Ingersoll if (get_tpm_capability(hContext, hTPM, TSS_TPMCAP_PROPERTY,
47e946e784719ae402ace34695f67b0e6e76ae5cWyllys Ingersoll TSS_TPMCAP_PROP_MAXKEYS, &max, sizeof (max)))
47e946e784719ae402ace34695f67b0e6e76ae5cWyllys Ingersoll if (get_tpm_capability(hContext, hTPM, TSS_TPMCAP_PROPERTY,
47e946e784719ae402ace34695f67b0e6e76ae5cWyllys Ingersoll TSS_TPMCAP_PROP_KEYS, &avail, sizeof (avail)))
47e946e784719ae402ace34695f67b0e6e76ae5cWyllys Ingersoll (void) printf(gettext("\tLoaded Keys: %d/%d available\n"), avail, max);
47e946e784719ae402ace34695f67b0e6e76ae5cWyllys Ingersollprint_tpm_pcrs(TSS_HCONTEXT hContext, TSS_HOBJECT hTPM)
47e946e784719ae402ace34695f67b0e6e76ae5cWyllys Ingersoll if (get_tpm_capability(hContext, hTPM, TSS_TPMCAP_PROPERTY,
47e946e784719ae402ace34695f67b0e6e76ae5cWyllys Ingersoll TSS_TPMCAP_PROP_PCR, &num_pcrs, sizeof (num_pcrs)))
47e946e784719ae402ace34695f67b0e6e76ae5cWyllys Ingersoll (void) printf(gettext("Platform Configuration Registers (%u)\n"),
47e946e784719ae402ace34695f67b0e6e76ae5cWyllys Ingersoll /* Print each PCR */
47e946e784719ae402ace34695f67b0e6e76ae5cWyllys Ingersoll for (i = 0; i < num_pcrs; i++) {
47e946e784719ae402ace34695f67b0e6e76ae5cWyllys Ingersoll ret = Tspi_TPM_PcrRead(hTPM, i, &datalen, &data);
47e946e784719ae402ace34695f67b0e6e76ae5cWyllys Ingersoll ret = Tspi_Context_FreeMemory(hContext, data);
47e946e784719ae402ace34695f67b0e6e76ae5cWyllys Ingersoll print_error(ret, gettext("Free PCR memory"));
47e946e784719ae402ace34695f67b0e6e76ae5cWyllys Ingersollcmd_status(TSS_HCONTEXT hContext, TSS_HTPM hTPM, int argc, char *argv[])
304d8f901e34de2a80ef006bfa8a8a927d23d56cScott Rotondo if (set_object_policy(hTPM, TSS_SECRET_MODE_POPUP, NULL, 0, NULL))
47e946e784719ae402ace34695f67b0e6e76ae5cWyllys Ingersoll (void) print_tpm_resources(hContext, hTPM);
47e946e784719ae402ace34695f67b0e6e76ae5cWyllys Ingersoll (void) printf(gettext("No TPM owner installed.\n"));
47e946e784719ae402ace34695f67b0e6e76ae5cWyllys Ingersoll * Key Information
47e946e784719ae402ace34695f67b0e6e76ae5cWyllys Ingersolltypedef struct {
47e946e784719ae402ace34695f67b0e6e76ae5cWyllys Ingersoll { TSS_SS_RSASSAPKCS1V15_SHA1, "RSASSAPKCS1v15_SHA1" },
47e946e784719ae402ace34695f67b0e6e76ae5cWyllys Ingersoll { TSS_SS_RSASSAPKCS1V15_DER, "RSASSAPKCS1v15_DER" },
47e946e784719ae402ace34695f67b0e6e76ae5cWyllys Ingersoll { TSS_ES_RSAESOAEP_SHA1_MGF1, "RSAESOAEP_SHA1_MGF1" },
47e946e784719ae402ace34695f67b0e6e76ae5cWyllys Ingersoll (void) snprintf(buf, sizeof (buf), gettext("Unknown (%u)"), code);
47e946e784719ae402ace34695f67b0e6e76ae5cWyllys Ingersollprint_key_info(TSS_HCONTEXT hContext, TSS_HOBJECT hKey)
47e946e784719ae402ace34695f67b0e6e76ae5cWyllys Ingersoll /* Key size */
47e946e784719ae402ace34695f67b0e6e76ae5cWyllys Ingersoll ret = Tspi_GetAttribUint32(hKey, TSS_TSPATTRIB_KEY_INFO,
47e946e784719ae402ace34695f67b0e6e76ae5cWyllys Ingersoll (void) printf(gettext("Key Size: %d bits\n"), attrib);
47e946e784719ae402ace34695f67b0e6e76ae5cWyllys Ingersoll /* Key usage */
47e946e784719ae402ace34695f67b0e6e76ae5cWyllys Ingersoll ret = Tspi_GetAttribUint32(hKey, TSS_TSPATTRIB_KEY_INFO,
47e946e784719ae402ace34695f67b0e6e76ae5cWyllys Ingersoll print_error(ret, gettext("Get key usage"));
47e946e784719ae402ace34695f67b0e6e76ae5cWyllys Ingersoll (void) printf(gettext("Key Usage: %s\n"), decode(key_usage, attrib));
47e946e784719ae402ace34695f67b0e6e76ae5cWyllys Ingersoll /* Algorithm */
47e946e784719ae402ace34695f67b0e6e76ae5cWyllys Ingersoll ret = Tspi_GetAttribUint32(hKey, TSS_TSPATTRIB_KEY_INFO,
47e946e784719ae402ace34695f67b0e6e76ae5cWyllys Ingersoll print_error(ret, gettext("Get key algorithm"));
47e946e784719ae402ace34695f67b0e6e76ae5cWyllys Ingersoll /* Authorization required */
47e946e784719ae402ace34695f67b0e6e76ae5cWyllys Ingersoll ret = Tspi_GetAttribUint32(hKey, TSS_TSPATTRIB_KEY_INFO,
47e946e784719ae402ace34695f67b0e6e76ae5cWyllys Ingersoll print_error(ret, gettext("Get key authusage"));
47e946e784719ae402ace34695f67b0e6e76ae5cWyllys Ingersoll (void) printf(gettext("Authorization required: %s\n"),
47e946e784719ae402ace34695f67b0e6e76ae5cWyllys Ingersoll /* Signature scheme */
47e946e784719ae402ace34695f67b0e6e76ae5cWyllys Ingersoll ret = Tspi_GetAttribUint32(hKey, TSS_TSPATTRIB_KEY_INFO,
47e946e784719ae402ace34695f67b0e6e76ae5cWyllys Ingersoll print_error(ret, gettext("Get key signature scheme"));
47e946e784719ae402ace34695f67b0e6e76ae5cWyllys Ingersoll (void) printf(gettext("Signature scheme: %s\n"),
47e946e784719ae402ace34695f67b0e6e76ae5cWyllys Ingersoll /* Encoding scheme */
47e946e784719ae402ace34695f67b0e6e76ae5cWyllys Ingersoll ret = Tspi_GetAttribUint32(hKey, TSS_TSPATTRIB_KEY_INFO,
47e946e784719ae402ace34695f67b0e6e76ae5cWyllys Ingersoll print_error(ret, gettext("Get key encoding scheme"));
47e946e784719ae402ace34695f67b0e6e76ae5cWyllys Ingersoll (void) printf(gettext("Encoding scheme: %s\n"),
47e946e784719ae402ace34695f67b0e6e76ae5cWyllys Ingersoll /* Key blob */
47e946e784719ae402ace34695f67b0e6e76ae5cWyllys Ingersoll ret = Tspi_GetAttribData(hKey, TSS_TSPATTRIB_KEY_BLOB,
47e946e784719ae402ace34695f67b0e6e76ae5cWyllys Ingersoll TSS_TSPATTRIB_KEYBLOB_BLOB, &keyInfoSize, &keyInfo);
47e946e784719ae402ace34695f67b0e6e76ae5cWyllys Ingersoll ret = Tspi_Context_FreeMemory(hContext, keyInfo);
47e946e784719ae402ace34695f67b0e6e76ae5cWyllys Ingersoll print_error(ret, gettext("Free key info buffer"));
47e946e784719ae402ace34695f67b0e6e76ae5cWyllys Ingersollhash_insert(TSS_UUID uuid, TSS_KM_KEYINFO2 *key_data)
47e946e784719ae402ace34695f67b0e6e76ae5cWyllys Ingersoll for (i = 0; i < sizeof (TSS_UUID); i++)
47e946e784719ae402ace34695f67b0e6e76ae5cWyllys Ingersoll for (node = hash_table[index]; node != NULL; node = node->next) {
47e946e784719ae402ace34695f67b0e6e76ae5cWyllys Ingersoll if (memcmp(&(node->uuid), &uuid, sizeof (TSS_UUID)) == 0)
47e946e784719ae402ace34695f67b0e6e76ae5cWyllys Ingersolladd_child(hash_node_t *parent, hash_node_t *child)
47e946e784719ae402ace34695f67b0e6e76ae5cWyllys Ingersoll for (node = parent->child; node != NULL; node = node->next) {
47e946e784719ae402ace34695f67b0e6e76ae5cWyllys Ingersoll char uuidstr[UUID_PRINTABLE_STRING_LENGTH];
47e946e784719ae402ace34695f67b0e6e76ae5cWyllys Ingersoll uuid_unparse(*(uuid_t *)&parent->uuid, uuidstr);
47e946e784719ae402ace34695f67b0e6e76ae5cWyllys Ingersoll type = (parent->key_data->persistentStorageType == TSS_PS_TYPE_USER) ?
47e946e784719ae402ace34695f67b0e6e76ae5cWyllys Ingersoll loaded = parent->key_data->fIsLoaded ? "(loaded)" : "";
47e946e784719ae402ace34695f67b0e6e76ae5cWyllys Ingersoll (void) printf("%*s[%s] %s %s\n", indent, "",
47e946e784719ae402ace34695f67b0e6e76ae5cWyllys Ingersoll for (node = parent->child; node != NULL; node = node->sibling)
47e946e784719ae402ace34695f67b0e6e76ae5cWyllys Ingersollcmd_keyinfo(TSS_HCONTEXT hContext, TSS_HTPM hTPM, int argc, char *argv[])
47e946e784719ae402ace34695f67b0e6e76ae5cWyllys Ingersoll /* Print key hierarchy */
47e946e784719ae402ace34695f67b0e6e76ae5cWyllys Ingersoll ret = Tspi_Context_GetRegisteredKeysByUUID2(hContext,
47e946e784719ae402ace34695f67b0e6e76ae5cWyllys Ingersoll print_error(ret, gettext("Get key hierarchy"));
47e946e784719ae402ace34695f67b0e6e76ae5cWyllys Ingersoll for (i = 0; i < num_keys; i++) {
47e946e784719ae402ace34695f67b0e6e76ae5cWyllys Ingersoll parent = hash_insert(keys[i].parentKeyUUID, NULL);
47e946e784719ae402ace34695f67b0e6e76ae5cWyllys Ingersoll child = hash_insert(keys[i].keyUUID, &keys[i]);
47e946e784719ae402ace34695f67b0e6e76ae5cWyllys Ingersoll sizeof (TSS_UUID)) == 0)
47e946e784719ae402ace34695f67b0e6e76ae5cWyllys Ingersoll ret = Tspi_Context_FreeMemory(hContext, (BYTE *) keys);
47e946e784719ae402ace34695f67b0e6e76ae5cWyllys Ingersoll print_error(ret, gettext("Free key list"));
47e946e784719ae402ace34695f67b0e6e76ae5cWyllys Ingersoll /* Print detailed info about a single key */
47e946e784719ae402ace34695f67b0e6e76ae5cWyllys Ingersoll ret = Tspi_Context_GetKeyByUUID(hContext, TSS_PS_TYPE_USER,
47e946e784719ae402ace34695f67b0e6e76ae5cWyllys Ingersoll if (ret == TSP_ERROR(TSS_E_PS_KEY_NOTFOUND)) {
47e946e784719ae402ace34695f67b0e6e76ae5cWyllys Ingersoll print_error(ret, gettext("Get key by UUID"));
47e946e784719ae402ace34695f67b0e6e76ae5cWyllys Ingersoll (void) fprintf(stderr, gettext("Usage:\n"));
47e946e784719ae402ace34695f67b0e6e76ae5cWyllys Ingersoll (void) fprintf(stderr, "\tkeyinfo [uuid]\n");
47e946e784719ae402ace34695f67b0e6e76ae5cWyllys Ingersollcmd_deletekey(TSS_HCONTEXT hContext, TSS_HTPM hTPM, int argc, char *argv[])
47e946e784719ae402ace34695f67b0e6e76ae5cWyllys Ingersoll (void) fprintf(stderr, gettext("Usage:\n"));
47e946e784719ae402ace34695f67b0e6e76ae5cWyllys Ingersoll (void) fprintf(stderr, "\tdeletekey [uuid]\n");
47e946e784719ae402ace34695f67b0e6e76ae5cWyllys Ingersoll ret = Tspi_Context_UnregisterKey(hContext, TSS_PS_TYPE_USER,
47e946e784719ae402ace34695f67b0e6e76ae5cWyllys Ingersoll if (ret == TSP_ERROR(TSS_E_PS_KEY_NOTFOUND)) {
47e946e784719ae402ace34695f67b0e6e76ae5cWyllys Ingersoll ret = Tspi_Context_UnregisterKey(hContext, TSS_PS_TYPE_SYSTEM,
47e946e784719ae402ace34695f67b0e6e76ae5cWyllys Ingersoll print_error(ret, gettext("Unregister key"));
304d8f901e34de2a80ef006bfa8a8a927d23d56cScott Rotondo if (set_object_policy(hTPM, TSS_SECRET_MODE_POPUP,
304d8f901e34de2a80ef006bfa8a8a927d23d56cScott Rotondo gettext("= TPM owner passphrase ="), 0, NULL))
47e946e784719ae402ace34695f67b0e6e76ae5cWyllys Ingersoll print_error(ret, gettext("Clear TPM owner"));
304d8f901e34de2a80ef006bfa8a8a927d23d56cScott Rotondo if (set_object_policy(hTPM, TSS_SECRET_MODE_POPUP,
304d8f901e34de2a80ef006bfa8a8a927d23d56cScott Rotondo gettext("= TPM owner passphrase ="), 0, NULL))
47e946e784719ae402ace34695f67b0e6e76ae5cWyllys Ingersoll ret = Tspi_TPM_SetStatus(hTPM, TSS_TPMSTATUS_RESETLOCK, TRUE);
47e946e784719ae402ace34695f67b0e6e76ae5cWyllys Ingersollcmd_clear(TSS_HCONTEXT hContext, TSS_HTPM hTPM, int argc, char *argv[])
47e946e784719ae402ace34695f67b0e6e76ae5cWyllys Ingersoll if (subcmd && strcmp(subcmd, "lock") == 0) {
47e946e784719ae402ace34695f67b0e6e76ae5cWyllys Ingersoll } else if (subcmd && strcmp(subcmd, "owner") == 0) {
47e946e784719ae402ace34695f67b0e6e76ae5cWyllys Ingersoll (void) fprintf(stderr, gettext("Usage:\n"));
47e946e784719ae402ace34695f67b0e6e76ae5cWyllys Ingersoll * TPM initialization
47e946e784719ae402ace34695f67b0e6e76ae5cWyllys Ingersoll (void) fprintf(stderr, gettext("Unable to open /dev/random"));
47e946e784719ae402ace34695f67b0e6e76ae5cWyllys Ingersoll while (size > 0) {
47e946e784719ae402ace34695f67b0e6e76ae5cWyllys Ingersollcreateek(TSS_HCONTEXT hContext, TSS_HTPM hTPM)
47e946e784719ae402ace34695f67b0e6e76ae5cWyllys Ingersoll /* Create the empty key struct for EK */
47e946e784719ae402ace34695f67b0e6e76ae5cWyllys Ingersoll ret = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_RSAKEY,
47e946e784719ae402ace34695f67b0e6e76ae5cWyllys Ingersoll (TSS_KEY_NO_AUTHORIZATION | TSS_KEY_NON_VOLATILE |
47e946e784719ae402ace34695f67b0e6e76ae5cWyllys Ingersoll TSS_KEY_NOT_MIGRATABLE | TSS_KEY_TYPE_STORAGE |
47e946e784719ae402ace34695f67b0e6e76ae5cWyllys Ingersoll TSS_KEY_SIZE_2048 | TSS_KEY_NOT_CERTIFIED_MIGRATABLE |
47e946e784719ae402ace34695f67b0e6e76ae5cWyllys Ingersoll print_error(ret, gettext("Create endorsement key object"));
47e946e784719ae402ace34695f67b0e6e76ae5cWyllys Ingersoll ValidationData.ulExternalDataLength = sizeof (nonce);
47e946e784719ae402ace34695f67b0e6e76ae5cWyllys Ingersoll ValidationData.rgbExternalData = (BYTE *) &nonce;
47e946e784719ae402ace34695f67b0e6e76ae5cWyllys Ingersoll ret = get_random(sizeof (nonce), (BYTE *) &nonce);
47e946e784719ae402ace34695f67b0e6e76ae5cWyllys Ingersoll ValidationData.ulValidationDataLength = sizeof (digest);
47e946e784719ae402ace34695f67b0e6e76ae5cWyllys Ingersoll ValidationData.rgbValidationData = (BYTE *) &digest;
47e946e784719ae402ace34695f67b0e6e76ae5cWyllys Ingersoll ret = Tspi_TPM_CreateEndorsementKey(hTPM, hKeyEK, &ValidationData);
47e946e784719ae402ace34695f67b0e6e76ae5cWyllys Ingersoll print_error(ret, gettext("Create endorsement key"));
47e946e784719ae402ace34695f67b0e6e76ae5cWyllys Ingersollcmd_init(TSS_HCONTEXT hContext, TSS_HTPM hTPM, int argc, char *argv[])
304d8f901e34de2a80ef006bfa8a8a927d23d56cScott Rotondo if (set_object_policy(hTPM, TSS_SECRET_MODE_POPUP,
304d8f901e34de2a80ef006bfa8a8a927d23d56cScott Rotondo gettext("= TPM owner passphrase ="), 0, NULL))
47e946e784719ae402ace34695f67b0e6e76ae5cWyllys Ingersoll ret = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_RSAKEY,
47e946e784719ae402ace34695f67b0e6e76ae5cWyllys Ingersoll TSS_KEY_TSP_SRK | TSS_KEY_AUTHORIZATION, &hKeySRK);
47e946e784719ae402ace34695f67b0e6e76ae5cWyllys Ingersoll print_error(ret, gettext("Create storage root key"));
304d8f901e34de2a80ef006bfa8a8a927d23d56cScott Rotondo if (set_object_policy(hKeySRK, TSS_SECRET_MODE_SHA1, NULL,
47e946e784719ae402ace34695f67b0e6e76ae5cWyllys Ingersoll ret = Tspi_TPM_TakeOwnership(hTPM, hKeySRK, NULL);
47e946e784719ae402ace34695f67b0e6e76ae5cWyllys Ingersoll ret = Tspi_TPM_TakeOwnership(hTPM, hKeySRK, NULL);
47e946e784719ae402ace34695f67b0e6e76ae5cWyllys Ingersoll print_error(ret, gettext("Take ownership"));
47e946e784719ae402ace34695f67b0e6e76ae5cWyllys Ingersollcmd_auth(TSS_HCONTEXT hContext, TSS_HTPM hTPM, int argc, char *argv[])
304d8f901e34de2a80ef006bfa8a8a927d23d56cScott Rotondo if (set_object_policy(hTPM, TSS_SECRET_MODE_POPUP,
304d8f901e34de2a80ef006bfa8a8a927d23d56cScott Rotondo gettext("= TPM owner passphrase ="), 0, NULL))
304d8f901e34de2a80ef006bfa8a8a927d23d56cScott Rotondo /* policy object for new passphrase */
47e946e784719ae402ace34695f67b0e6e76ae5cWyllys Ingersoll ret = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_POLICY,
47e946e784719ae402ace34695f67b0e6e76ae5cWyllys Ingersoll print_error(ret, gettext("Create policy object"));
304d8f901e34de2a80ef006bfa8a8a927d23d56cScott Rotondo if (set_policy_options(hNewPolicy, TSS_SECRET_MODE_POPUP,
304d8f901e34de2a80ef006bfa8a8a927d23d56cScott Rotondo gettext("= New TPM owner passphrase ="), 0, NULL))
47e946e784719ae402ace34695f67b0e6e76ae5cWyllys Ingersoll ret = Tspi_ChangeAuth(hTPM, NULL, hNewPolicy);
304d8f901e34de2a80ef006bfa8a8a927d23d56cScott Rotondo if (ret && ret != TSP_ERROR(TSS_E_POLICY_NO_SECRET)) {
47e946e784719ae402ace34695f67b0e6e76ae5cWyllys Ingersoll print_error(ret, gettext("Change authorization"));