TrouSerS TSS with Atmel TPM on IBM T42p

I’m trying to get TrouSerS TSS working on my laptop.

Currently, I think I need to use this library, instead of libtpm-2.0 from IBM, to take ownership of the TPM. During this process, I *think* the storage root key (SRK) will be written to /usr/local/var/tpm/system.data. This is good, because so far it is quite beyond my comprehension how one might load the SRK.

I had already taken ownership of the TPM with IBM’s libtpm-2.0. This is a problem, since the TSS specification dictates that there can be only one TSS. Thus, I cleared the owner with the `clearown` utility from libtpm-2.0.
Now we want to clear all keys from the TPM, which requires physical presence to be demonstrated to the laptop. The process for doing this:

  • Power down the laptop.
  • Hold down the blue Fn key while powering on the laptop.
  • Once the splash screen comes with a message about hitting the “blue Access IBM key,” release Fn and press “Access IBM”!
  • Press F1 to enter the BIOS setup.
  • There will now be a new option under Security -> IBM Security Chip entitled something like “Clear Encryption Keys.” Clear away. You’re done.

I was then able to take ownership of the TPM with Tspi_TPM_TakeOwnership01.c, which is included in the testsuites of TrouSerS. I received a strange error message on my first attempt. It had to do with the inability to generate a nonce during the call to Tspi_TPM_GetPubEndorsementKey(). I did not save the exact error message. To fix this problem, I cleared the TPM using the IBM BIOS utility once more. I was then able to take ownership successfully. I wanted to try to recreate the problem, but I was unsuccessful. I suspected the problem was either: (1) failure to do a hard reboot after clearing the TPM’s owner, or (2) failure to have tcsd running. However I retried both these scenarios, and got meaningful error messages: TCPA_DEACTIVATED and TSS_E_COMM_FAILURE, respectively.

phpMyAdmin installation

I followed these instructions to install phpMyAdmin because I wanted to upgrade WordPress (this blog software) to a newer version. My main motivation for upgrading is because I get a lot of comment spam, and the old version I was using (2004-08-26) had a bug in the “delete checked comments” feature which prevented me from doing a mass delete of comment spam.

Just as I hoped, this upgrade seems to have fixed the problem. I wonder if it broke anything else. 🙂

The WordPress upgrade instructions are available here.

Right now, in all caps, it says upgrading to 1.5 will break my blog. However, it worked great for me. 🙂 I’m now using 2005-02-11. And it’s only the 10th right now!