2

I want to run a script which calls tpm_sealdata many times and I don't want to enter the SRK password each time.

In the man page I found this:

-z, --well-known
    Use TSS_WELL_KNOWN_SECRET (20 zero bytes) as the SRK password.
    You will not be prompted for the SRK password with this option.

However, I couldn't figure out which value I have to use as TSS_WELL_KNOWN_SECRET.

Scolytus
  • 16,338
  • 6
  • 46
  • 69
Hayro
  • 126
  • 2
  • 12
  • What do you mean by 'getting TSS_WELL_KNOWN_SECRET'? What exactly do you want/need? – Scolytus Apr 24 '13 at 17:37
  • I want to run tpm_saladata without entering SRK each time. In the documentation it says you can run the command with -z option and Use TSS_WELL_KNOWN_SECRET (20 zero bytes) as the SRK password. So I thought I need to get that secret and use it as an argument for -z option not to enter SRK. – Hayro Apr 24 '13 at 18:26

1 Answers1

1

As the name of the constant implies, the value of TSS_WELL_KNOWN_SECRET is well known. It is just 20 bytes of zero.

But you don't actually need the value. The -z option does not require a value, it's just a switch to tell the program to use the well known secret. The help text you cite also states this fact.

So a call to tpm_sealdata might look like this:

tpm_sealdata -z -i data.in -o data.out

However, to use this method the SRK must have been created with the well known secret of course. When using tpm_takeownership:

tpm_takeownership -z
Scolytus
  • 16,338
  • 6
  • 46
  • 69
  • So can you tell the steps that I need to take, How can I run tpm_sealdata command without asking me SRK? Or setting the SRK to 20 bytes of zero enough? – Hayro Apr 24 '13 at 21:17
  • You can't set the SRK to something. The SRK is a key. You can specify the SRK's usage secret. This is done when you create the SRK, which happens when you take ownership of the TPM. So be sure that the SRK's usage secret is set to TSS_WELL_KNOWN_SECRET. – Scolytus Apr 24 '13 at 21:27
  • How about the obvious: tpm_takeownership? – Scolytus Apr 25 '13 at 06:51