Hardware Reference
In-Depth Information
Taking ownership of the TPM
Before we use the TPM, we must first take ownership of it. Taking ownership establishes
an owner password for maintenance operations and a password for one of the root keys in-
side the TPM, the
Storage Root Key
(
SRK
) (pronounced
shark
). You can set the adminis-
trator password to any password you want, but to work with legacy software, you'll want to
set the SRK to the
well-known password
of twenty zeros. You can set a unique SRK pass-
word if you want, but the TrouSerS software, the software used to control the TPM, in-
cludes a command-line parameter to set the password to its well-known value for a reason.
First install
tpm-tools
:
sudo apt-get install tpm-tools
Then you should restart your BBB with the CryptoCape attached. This will ensure that the
TPM kernel driver and associate software load correctly. To check if everything is working
properly issue the following command:
dmesg | grep TPM
This should return:
[ 5.370109] tpm_i2c_atmel 1-0029: Issuing TPM_STARTUP
Then check for the daemon by issuing:
ps aux | grep tcsd
This command should return something like this:
tss 799 0.0 0.1 11492 980 ? Ss Jun08 0:00 /usr/sbin/
tcsd
Then you can take ownership of the TPM as follows:
tpm_takeownership -z -l debug
You'll be prompted to enter an owner password. The
-z
option sets the SRK to the well-
known passphrase. The response should be:
