4

Ok, starting with some ground concepts, just incase I'm mistaken:

  • Ownership of the TPM simply means to have the owner password.
  • Taking ownership means to clear the tpm and to initialize the owner password.

1) When taking ownership, is the owner password assigned or generated? And then how is it communicated securely?

2) After the password is communicated once, I'm thinking it is never communicated again. Only a Hash with a Nonce is ever sent (proof of knowledge). Correct?

3) Are the concepts "clear TPM" and "take ownership" one operation, or separate operations? (can only take ownership of a TPM that has been cleared)?

4) What is AuthData? Is that the owner password, or instead the measurements checked against the PCRs, or both?

Michael
  • 351
  • 2
  • 4
  • 11
  • 1
    This reply may answer a bit of your question: "Simply, 'taking ownership' creates a new Storage Root Key. The password insures the user doing the 'owning' is the same person again". (Alas, I have a lot of TPM questions too and feel hard to get the clear answers..) – yaobin May 12 '23 at 17:48

0 Answers0