paulkissinger / letstrust Goto Github PK
View Code? Open in Web Editor NEWTPM2 related stuff
License: MIT License
letstrust's People
Contributors
Stargazers
Watchers
Forkers
avlcloud tresmo hkscy tatac1 rrottmann mcr embhorn archivecrew mveplus danielklioc holgerfriedrich johnmatssonletstrust's Issues
Configure tpm2-tools
Hi Paul, great work, I like it. Could you please add a line
./configure
between line 41 and 42 in script tpm2_all.sh, so that tpm2_tools will be configured?
Thanks
Peter
build error
I get this error near the end of the scripting
root@raspberrypi:~/tpm2-tools# ./configure
configure: error: Invalid policy. Valid policies: git-directory, minor-version.
root@raspberrypi:~/tpm2-tools# uname -a
Linux raspberrypi 4.14.94-v7+ #1193 SMP Tue Jan 22 15:34:30 GMT 2019 armv7l GNU/Linux
root@raspberrypi:~/tpm2-tools# cat /etc/debian_version
9.3
Here's the full error list, there's no checking to see if it's worked so it just ploughs on when tpm2-tools fails
Cloning into 'tpm2-tools'...
remote: Enumerating objects: 101, done.
remote: Counting objects: 100% (101/101), done.
remote: Compressing objects: 100% (65/65), done.
remote: Total 15678 (delta 44), reused 67 (delta 36), pack-reused 15577
Receiving objects: 100% (15678/15678), 5.72 MiB | 4.62 MiB/s, done.
Resolving deltas: 100% (12404/12404), done.
Generating file lists: src_vars.mk
aclocal: installing 'm4/ax_ac_append_to_file.m4' from '/usr/share/aclocal/ax_ac_append_to_file.m4'
aclocal: installing 'm4/ax_ac_print_to_file.m4' from '/usr/share/aclocal/ax_ac_print_to_file.m4'
aclocal: installing 'm4/ax_add_am_macro_static.m4' from '/usr/share/aclocal/ax_add_am_macro_static.m4'
aclocal: installing 'm4/ax_am_macros_static.m4' from '/usr/share/aclocal/ax_am_macros_static.m4'
aclocal: installing 'm4/ax_check_compile_flag.m4' from '/usr/share/aclocal/ax_check_compile_flag.m4'
aclocal: installing 'm4/ax_check_enable_debug.m4' from '/usr/share/aclocal/ax_check_enable_debug.m4'
aclocal: installing 'm4/ax_check_link_flag.m4' from '/usr/share/aclocal/ax_check_link_flag.m4'
aclocal: installing 'm4/ax_check_preproc_flag.m4' from '/usr/share/aclocal/ax_check_preproc_flag.m4'
aclocal: installing 'm4/ax_code_coverage.m4' from '/usr/share/aclocal/ax_code_coverage.m4'
aclocal: installing 'm4/ax_file_escapes.m4' from '/usr/share/aclocal/ax_file_escapes.m4'
aclocal: installing 'm4/ax_is_release.m4' from '/usr/share/aclocal/ax_is_release.m4'
aclocal: installing 'm4/libtool.m4' from '/usr/share/aclocal/libtool.m4'
aclocal: installing 'm4/ltoptions.m4' from '/usr/share/aclocal/ltoptions.m4'
aclocal: installing 'm4/ltsugar.m4' from '/usr/share/aclocal/ltsugar.m4'
aclocal: installing 'm4/ltversion.m4' from '/usr/share/aclocal/ltversion.m4'
aclocal: installing 'm4/lt~obsolete.m4' from '/usr/share/aclocal/lt~obsolete.m4'
aclocal: installing 'm4/pkg.m4' from '/usr/share/aclocal/pkg.m4'
libtoolize: putting auxiliary files in '.'.
libtoolize: linking file './ltmain.sh'
configure.ac:8: installing './compile'
configure.ac:10: installing './config.guess'
configure.ac:10: installing './config.sub'
configure.ac:11: installing './install-sh'
configure.ac:11: installing './missing'
Makefile.am:416: warning: dist-hook was already defined in condition !HAVE_PANDOC, which is included in condition TRUE ...
Makefile.am:344: ... 'dist-hook' previously defined here
Makefile.am: installing './depcomp'
parallel-tests: installing './test-driver'
configure: error: Invalid policy. Valid policies: git-directory, minor-version.
make: *** No targets specified and no makefile found. Stop.
make: *** No rule to make target 'install'. Stop.
clear the TPM? -> tpm2_clear -p
Takeownership of changeauth
./tpm2_all.sh: line 50: tpm2_changeauth: command not found
File En/Decrypt
./tpm2_all.sh: line 56: tpm2_createprimary: command not found
./tpm2_all.sh: line 57: tpm2_create: command not found
./tpm2_all.sh: line 58: tpm2_loadexternal: command not found
./tpm2_all.sh: line 59: tpm2_rsaencrypt: command not found
./tpm2_all.sh: line 60: tpm2_load: command not found
./tpm2_all.sh: line 61: tpm2_rsadecrypt: command not found
input_data
ECC sign
./tpm2_all.sh: line 65: tpm2_create: command not found
./tpm2_all.sh: line 66: tpm2_load: command not found
./tpm2_all.sh: line 67: tpm2_sign: command not found
./tpm2_all.sh: line 68: tpm2_verifysignature: command not found
Module tpm_tis_spi
In ubuntu focal 20.04 arm64 the module tpm_tis_spi need to be loaded to get the /dev/tpm0 device
gdbus-codegen is not found
despite /usr/bin/gdbus-codegen exising, the ./configure did not find it, as it uses pkg_config in some way that I didn't understand.
I had to do:
GDBUS_CODEGEN=/usr/bin/gdbus-codegen ./configure --with-dbuspolicydir=/etc/dbus-1/system.d --with-systemdsystemunitdir=/lib/systemd/system --with-systemdpresetdir=/lib/systemd/system-preset --datarootdir=/usr/share
test_tpm2_unseal.sh ContextLoad Error. TPM Error:0x902
After cloning the latest code and executing Scripts/tpm2_install.shI execute the following test code from the repo and receive a ContextLoad Error:
root@raspberrypi:/home/pi/git/LetsTrust/Scripts/tpm2-tools/test/system# cat /etc/debian_version
10.3
root@raspberrypi:/home/pi/git/LetsTrust/Scripts/tpm2-tools/test/system# uname -a
Linux raspberrypi 4.14.98+ #1200 Tue Feb 12 20:11:02 GMT 2019 armv6l GNU/Linux
root@raspberrypi:/home/pi/git/LetsTrust/Scripts/tpm2-tools/test/system#./test.sh test_tpm2_unseal.sh
-ERROR: ContextLoad Error. TPM Error:0x902
ERROR: Unable to run tpm2_unseal
tpm2_unseal -Q -c $file_unseal_key_ctx -o $file_unseal_output_data on line 79 failed: 1
test_tpm2_unseal.sh ... FAILED
Tests passed: 0
Tests Failed: 1
Fail summary:
test_tpm2_unseal.sh
My goal is to create command snippets for basic operations like sign/verify or seal/unseal.
I follow the basic guidelines of how to work with a TPM but it seems that tpm2-tools changes parameters quite often and I cannot follow the examples from the man page or code snippets I find online without modification. So I thought that maybe the test suite contains a source of truth that I can use for troubleshooting.
The module works so far as I could create a seal object manually by executing:
mkdir -p /tmp/tpm && cd /tmp/tpm
# clear tpm and take ownership
tpm2_takeownership -c
# create a primary object (rsa key)
tpm2_createprimary --hierarchy=o --halg=sha256 --kalg=rsa --context=prim.ctx
# store rsa key in persistent tpm region
tpm2_evictcontrol --auth=o --context=prim.ctx --persistent 0x81010001
# seal secret key in tpm - step 1 create seal object of random secret
head -c 32 /dev/urandom | base64 | tpm2_create --halg sha256 --kalg keyedhash --pubfile seal.pub --privfile seal.priv --in-file - --context-parent prim.ctx
# ...
# profit
Is there currently a bug or is there some error in my approach? Would it be possible to document some basic examples of how to work with the LetsTrust module?
Summarizing TPM tools with brief comparison
Hello Paul,
I am one of the creators of TPM Developer Community with the goal to make Developer-friendly Trusted Computing. We are summarizing the TPM tools with brief comparison and our newest member actually reference your blog page :-)
Would it be okay to summarize the information from your blog on the Community website?
Would be great to join us and participate - https://developers.tpm.dev The website is in early stage, but I am committed to adding all proposal for TPM tools on www.tpm.dev in an easy to compare, so people could find the best tool for their TPM challenge.
ps: This is an issue of type "question", but Github does not allow me to qualify it myself ;-)
Thanks,
Dimi
purpose of IRQ pin?
I'm working on an update to a custom board with the Pi Compute Module to add TPM. What is the purpose of the IRQ pin? Our board already has that pin (GPIO 25 on the hat) used for something else. From my understanding the TPM module shouldn't interrupt any processes and only responds when asked for data. The datasheet for the Infineon SLB9670 isn't clear why it's needed, and looking through the overlay, there isn't a GPIO pin specified for the IRQ, which makes me think it's not used. Any input would be appreciated.
Upload LetsTrust-TPM to easyeda.com
Just found out about your LetsTrust-TPM board/project, pretty interesting. I'm ordering one of those boards to try it out.
To make the design more easily incorporated in other boards, what do you think about uploading the schematics/pcb into https://easyeda.com/?
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.