paulkissinger / letstrust Goto Github PK
View Code? Open in Web Editor NEWTPM2 related stuff
License: MIT License
TPM2 related stuff
License: MIT License
Hi Paul, great work, I like it. Could you please add a line
./configure
between line 41 and 42 in script tpm2_all.sh, so that tpm2_tools will be configured?
Thanks
Peter
I get this error near the end of the scripting
root@raspberrypi:~/tpm2-tools# ./configure
configure: error: Invalid policy. Valid policies: git-directory, minor-version.
root@raspberrypi:~/tpm2-tools# uname -a
Linux raspberrypi 4.14.94-v7+ #1193 SMP Tue Jan 22 15:34:30 GMT 2019 armv7l GNU/Linux
root@raspberrypi:~/tpm2-tools# cat /etc/debian_version
9.3
Here's the full error list, there's no checking to see if it's worked so it just ploughs on when tpm2-tools fails
Cloning into 'tpm2-tools'...
remote: Enumerating objects: 101, done.
remote: Counting objects: 100% (101/101), done.
remote: Compressing objects: 100% (65/65), done.
remote: Total 15678 (delta 44), reused 67 (delta 36), pack-reused 15577
Receiving objects: 100% (15678/15678), 5.72 MiB | 4.62 MiB/s, done.
Resolving deltas: 100% (12404/12404), done.
Generating file lists: src_vars.mk
aclocal: installing 'm4/ax_ac_append_to_file.m4' from '/usr/share/aclocal/ax_ac_append_to_file.m4'
aclocal: installing 'm4/ax_ac_print_to_file.m4' from '/usr/share/aclocal/ax_ac_print_to_file.m4'
aclocal: installing 'm4/ax_add_am_macro_static.m4' from '/usr/share/aclocal/ax_add_am_macro_static.m4'
aclocal: installing 'm4/ax_am_macros_static.m4' from '/usr/share/aclocal/ax_am_macros_static.m4'
aclocal: installing 'm4/ax_check_compile_flag.m4' from '/usr/share/aclocal/ax_check_compile_flag.m4'
aclocal: installing 'm4/ax_check_enable_debug.m4' from '/usr/share/aclocal/ax_check_enable_debug.m4'
aclocal: installing 'm4/ax_check_link_flag.m4' from '/usr/share/aclocal/ax_check_link_flag.m4'
aclocal: installing 'm4/ax_check_preproc_flag.m4' from '/usr/share/aclocal/ax_check_preproc_flag.m4'
aclocal: installing 'm4/ax_code_coverage.m4' from '/usr/share/aclocal/ax_code_coverage.m4'
aclocal: installing 'm4/ax_file_escapes.m4' from '/usr/share/aclocal/ax_file_escapes.m4'
aclocal: installing 'm4/ax_is_release.m4' from '/usr/share/aclocal/ax_is_release.m4'
aclocal: installing 'm4/libtool.m4' from '/usr/share/aclocal/libtool.m4'
aclocal: installing 'm4/ltoptions.m4' from '/usr/share/aclocal/ltoptions.m4'
aclocal: installing 'm4/ltsugar.m4' from '/usr/share/aclocal/ltsugar.m4'
aclocal: installing 'm4/ltversion.m4' from '/usr/share/aclocal/ltversion.m4'
aclocal: installing 'm4/lt~obsolete.m4' from '/usr/share/aclocal/lt~obsolete.m4'
aclocal: installing 'm4/pkg.m4' from '/usr/share/aclocal/pkg.m4'
libtoolize: putting auxiliary files in '.'.
libtoolize: linking file './ltmain.sh'
configure.ac:8: installing './compile'
configure.ac:10: installing './config.guess'
configure.ac:10: installing './config.sub'
configure.ac:11: installing './install-sh'
configure.ac:11: installing './missing'
Makefile.am:416: warning: dist-hook was already defined in condition !HAVE_PANDOC, which is included in condition TRUE ...
Makefile.am:344: ... 'dist-hook' previously defined here
Makefile.am: installing './depcomp'
parallel-tests: installing './test-driver'
configure: error: Invalid policy. Valid policies: git-directory, minor-version.
make: *** No targets specified and no makefile found. Stop.
make: *** No rule to make target 'install'. Stop.
clear the TPM? -> tpm2_clear -p
Takeownership of changeauth
./tpm2_all.sh: line 50: tpm2_changeauth: command not found
File En/Decrypt
./tpm2_all.sh: line 56: tpm2_createprimary: command not found
./tpm2_all.sh: line 57: tpm2_create: command not found
./tpm2_all.sh: line 58: tpm2_loadexternal: command not found
./tpm2_all.sh: line 59: tpm2_rsaencrypt: command not found
./tpm2_all.sh: line 60: tpm2_load: command not found
./tpm2_all.sh: line 61: tpm2_rsadecrypt: command not found
input_data
ECC sign
./tpm2_all.sh: line 65: tpm2_create: command not found
./tpm2_all.sh: line 66: tpm2_load: command not found
./tpm2_all.sh: line 67: tpm2_sign: command not found
./tpm2_all.sh: line 68: tpm2_verifysignature: command not found
In ubuntu focal 20.04 arm64 the module tpm_tis_spi need to be loaded to get the /dev/tpm0 device
despite /usr/bin/gdbus-codegen exising, the ./configure did not find it, as it uses pkg_config in some way that I didn't understand.
I had to do:
GDBUS_CODEGEN=/usr/bin/gdbus-codegen ./configure --with-dbuspolicydir=/etc/dbus-1/system.d --with-systemdsystemunitdir=/lib/systemd/system --with-systemdpresetdir=/lib/systemd/system-preset --datarootdir=/usr/share
After cloning the latest code and executing Scripts/tpm2_install.sh
I execute the following test code from the repo and receive a ContextLoad Error
:
root@raspberrypi:/home/pi/git/LetsTrust/Scripts/tpm2-tools/test/system# cat /etc/debian_version
10.3
root@raspberrypi:/home/pi/git/LetsTrust/Scripts/tpm2-tools/test/system# uname -a
Linux raspberrypi 4.14.98+ #1200 Tue Feb 12 20:11:02 GMT 2019 armv6l GNU/Linux
root@raspberrypi:/home/pi/git/LetsTrust/Scripts/tpm2-tools/test/system#./test.sh test_tpm2_unseal.sh
-ERROR: ContextLoad Error. TPM Error:0x902
ERROR: Unable to run tpm2_unseal
tpm2_unseal -Q -c $file_unseal_key_ctx -o $file_unseal_output_data on line 79 failed: 1
test_tpm2_unseal.sh ... FAILED
Tests passed: 0
Tests Failed: 1
Fail summary:
test_tpm2_unseal.sh
My goal is to create command snippets for basic operations like sign/verify or seal/unseal.
I follow the basic guidelines of how to work with a TPM but it seems that tpm2-tools
changes parameters quite often and I cannot follow the examples from the man page or code snippets I find online without modification. So I thought that maybe the test suite contains a source of truth that I can use for troubleshooting.
The module works so far as I could create a seal object manually by executing:
mkdir -p /tmp/tpm && cd /tmp/tpm
# clear tpm and take ownership
tpm2_takeownership -c
# create a primary object (rsa key)
tpm2_createprimary --hierarchy=o --halg=sha256 --kalg=rsa --context=prim.ctx
# store rsa key in persistent tpm region
tpm2_evictcontrol --auth=o --context=prim.ctx --persistent 0x81010001
# seal secret key in tpm - step 1 create seal object of random secret
head -c 32 /dev/urandom | base64 | tpm2_create --halg sha256 --kalg keyedhash --pubfile seal.pub --privfile seal.priv --in-file - --context-parent prim.ctx
# ...
# profit
Is there currently a bug or is there some error in my approach? Would it be possible to document some basic examples of how to work with the LetsTrust module?
Hello Paul,
I am one of the creators of TPM Developer Community with the goal to make Developer-friendly Trusted Computing. We are summarizing the TPM tools with brief comparison and our newest member actually reference your blog page :-)
Would it be okay to summarize the information from your blog on the Community website?
Would be great to join us and participate - https://developers.tpm.dev The website is in early stage, but I am committed to adding all proposal for TPM tools on www.tpm.dev in an easy to compare, so people could find the best tool for their TPM challenge.
ps: This is an issue of type "question", but Github does not allow me to qualify it myself ;-)
Thanks,
Dimi
I'm working on an update to a custom board with the Pi Compute Module to add TPM. What is the purpose of the IRQ pin? Our board already has that pin (GPIO 25 on the hat) used for something else. From my understanding the TPM module shouldn't interrupt any processes and only responds when asked for data. The datasheet for the Infineon SLB9670 isn't clear why it's needed, and looking through the overlay, there isn't a GPIO pin specified for the IRQ, which makes me think it's not used. Any input would be appreciated.
Just found out about your LetsTrust-TPM board/project, pretty interesting. I'm ordering one of those boards to try it out.
To make the design more easily incorporated in other boards, what do you think about uploading the schematics/pcb into https://easyeda.com/?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.