Patrick Callaghan
2017-05-23 20:43:40 UTC
Hello,
I see from previous postings and from FAQ number 1.7 that the system.data (for me in /var/lib/tpm), should be copied from one operating system, call it operating_system1, to another, call it operating_system2, if the take ownership was performed on operating_system1 and a call to get the SRK handle is performed on operating_system 2 using the Tspi_Context_LoadKeyByUUID call, passing in the SRK UUID.
However, I observe that if a take ownership is performed on multiple operating systems on multiple systems with different TPMs, all using the same SRK password and the SRK is the only key stored in the persistent storage, the system.data files created have identical contents amongst the operating systems. Therefore, the information in system.data is not TPM specific so instead of copying the system.data file around amongst the operating systems, can I call some trouser API to add the SRK key to the persistent storage given the code shares a common SRK secret and so that the Tspi_Context_LoadKeyByUUID call of the SRK UUID is successful ? Alternatively, is there some other way to get the SRK handle given take ownership has been previously performed and the caller knows the SRK secret but does not have the system.data file?
Thank you for any help.
I see from previous postings and from FAQ number 1.7 that the system.data (for me in /var/lib/tpm), should be copied from one operating system, call it operating_system1, to another, call it operating_system2, if the take ownership was performed on operating_system1 and a call to get the SRK handle is performed on operating_system 2 using the Tspi_Context_LoadKeyByUUID call, passing in the SRK UUID.
However, I observe that if a take ownership is performed on multiple operating systems on multiple systems with different TPMs, all using the same SRK password and the SRK is the only key stored in the persistent storage, the system.data files created have identical contents amongst the operating systems. Therefore, the information in system.data is not TPM specific so instead of copying the system.data file around amongst the operating systems, can I call some trouser API to add the SRK key to the persistent storage given the code shares a common SRK secret and so that the Tspi_Context_LoadKeyByUUID call of the SRK UUID is successful ? Alternatively, is there some other way to get the SRK handle given take ownership has been previously performed and the caller knows the SRK secret but does not have the system.data file?
Thank you for any help.