|
|
|
|
|
|
by vladvasiliu
1041 days ago
|
|
|
> Can't you already do that with an existing TPM? You just set an owner authentication password and an endorsement authentication password and no application can use it anymore unless you provide the password. How would one go about doing that? |
|
|
To set the owner password (mainly for Storage) ``` tpm2_changeauth -c owner file:- ```
To set the endorsement password (e.g. to verify that the TPM is authentic): ``` tpm2_changeauth -c endorsement file:- ```
To set the lockout password (to recover the system without requiring a full reset): ``` tpm2_changeauth -c endorsement file:- ```