Wind River Support Network

HomeDefectsSCP8-273
Fixed

SCP8-273 : wrapping software key into tpm storage failed when SRK key is not the well-known secret

Created: Jun 7, 2016    Updated: Feb 11, 2019
Resolved Date: Jun 22, 2016
Found In Version: 8.0
Severity: Standard
Applicable for: Wind River Linux 8
Component/s: Userspace

Description

root@128:~# create_tpm_key -w softkey.pem -s 1024 rootkey.pem
SRK Password: 
create_tpm_key.c:498 set_srk_readable result: 0x1 (Authentication failed)
root@128:~# 

Steps to Reproduce

1. build project with 
wrlinux/configure --enable-board=intel-x86-64 --enable-kernel=secure --enable-rootfs=secure-core --with-template=feature/firewall,feature/ids-basic,feature/secure-backup,feature/session-manager,feature/task-scheduler,feature/selinux,feature/polyinstantiation,feature/secure-configuration,feature/package-management,feature/certification-test,feature/nfsd,feature/ima,feature/tpm1.2,feature/tpm2 --with-layer=/lpg-build/cdc/WASSP_LINUX_80/testcases/wrlinux/wr-testing/security-test/,meta-security --with-package=cryptsetup,scp-initramfs,freeradius,pam-radius-auth,libpam-ldap,libpam-krb5,libpam-tacplus,nss-pam-ldapd,bind-utils,sample-openssl-tpm-engine,openssl-tpm-engine,tss-testsuite --enable-test=yes --enable-internet-download=yes --enable-jobs=8 --enable-parallel-pkgbuilds=8 --enable-reconfig=yes --with-rcpl-version=0
make fs
2. boot target with "ip=dhcp enforcing=0"
3. on a host , generate a soft key:
  $openssl genrsa -out softkey.pem 1024
4. Transfer the key from the host to the SCP target.
  $ scp softkey.pem root@IP-Address-of-SCP-Target
5. on target, execute following command:
 # tpm_takeownership -y -z
 # tpm_changeownerauth -z -s -o
Enter new SRK password: 
Confirm password: 
Enter new owner password: 
Confirm password: 

# create_tpm_key -w softkey.pem -s 1024 rootkey.pem



Live chat
Online