cannot use tpm-fido when tpm has owner password set

psanford / tpm-fido

A WebAuthn/U2F token protected by a TPM (Go/Linux)

MIT License

285 stars 17 forks source link

cannot use tpm-fido when tpm has owner password set #31

Open monperrus opened 3 months ago

monperrus commented 3 months ago

Thanks for the great tool.

FYI, I notice that tpm-fido does not work when the owner password is set on the tpm.

psanford commented 3 months ago

That's correct. We could add support for accepting an owner password out of band from fido operations, but whatever that solution is will be fairly clunky.

Did you set the owner password on your tpm yourself, or was it set for you by an application or administrator?

monperrus commented 3 months ago

Thanks for the answer.

I'm admin on my machine, so I set myself both the owner and endorsement passwords.