source-git / tpm-quote-tools

Clone
Source Code
GIT

Files

c8 c8s master
  1.   c8
History
SPECS
include
.packit.yaml
AUTHORS
COPYING
ChangeLog
INSTALL
Makefile.am
Makefile.in
NEWS
README
README_win32.txt
aclocal.m4
config.h.in
configure.ac
control
createek.c
loadkey.c
pcr_mask.c
quote.c
quote_nonce.c
takeownership.c
tidy.c
toutf16le.c
tpm-quote-tools.spec.in
tpm_getpcrhash.8
tpm_getpcrhash.c
tpm_getquote.8
tpm_getquote.c
tpm_loadkey.8
tpm_loadkey.c
tpm_mkaik.8
tpm_mkaik.c
tpm_mkuuid.8
tpm_mkuuid.c
tpm_quote.h
tpm_quote_tools.8
tpm_unloadkey.8
tpm_unloadkey.c
tpm_updatepcrhash.8
tpm_updatepcrhash.c
tpm_verifyquote.8
tpm_verifyquote.c
tss_err.c
win32.txt
compile
config.guess
config.sub
configure
depcomp
install-sh
missing
README 
			   TPM Quote Tools

The TPM Quote Tools is a collection of programs that provide support
for TPM based attestation using the TPM quote mechanism.  The manual
page for tpm_quote_tools provides a usage overview.

TPM Quote Tools has been tested with TrouSerS on Linux and NTRU on
Windows XP.  It was ported to Windows using MinGW and MSYS.

DEPENDENCIES

This package requires the TSS TSPI libraries and the TPM tools.
On Debian, the packages are:

libtspi1      	  TCG Software Stack (library)
libtspi-dev	  TCG Software Stack (development)
trousers	  TCG Software Stack (daemon)
tpm-tools	  Management tools for the TPM hardware (tools)

On Red Hat Linux, the packages are:

trousers      	  TCG Software Stack (library and daemon)
trousers-devel	  TCG Software Stack (development)
tpm-tools	  Management tools for the TPM hardware (tools)

The manangement tools are only used to take ownership of a TPM.

TO CONFIGURE AND BUILD

$ ./configure
$ make

On Windows, if the name of the TSS library is not tspi, specify the
library during configuration by defining LIBS.

$ ./configure LIBS=-l<library>

TO RUN:

Make one UUID for all of your TPMs, and then on each machine, do the
following.

Ensure TPM driver is present with

$ dmesg | grep tpm

If nothing, sudo modprobe tpm_tis, and do check.

If nothing, ensure your TPM is turned on in the BIOS setup.

You can run the TPM daemon in the foreground with:

$ sudo tcsd -f

Start the daemon with:

$ sudo /etc/init.d/trousers start

To load the TPM driver at boot time, add the name of the driver on a
separate line of text in the file /etc/modules.  The trousers daemon
will be started for you at boot time.

Next, make sure you have an endorsement key by running

$ tpm_getpubek

If you don't have one, run

$ tpm_createek

Be patient, it takes a while to create the key.

I took ownership with the command:

$ tpm_takeownership -y -z

Now generate an AIK with tpm_mkaik, load and register the key with
tpm_loadkey, generate a PCR composite hash with tpm_getpcrhash,
produce a quote with tpm_getquote, and validate it with
tpm_verifyquote.

When getting the quote, make a nonce with:

$ openssl sha1 -binary tpm_verifyquote > nonce

REMOTE ACCESS

Some TPM Quote Tools programs can access a TPM on a remote machine.
To allow remote access to a TPM, the local daemon must allow both
quote and loadkey operations.  For TrouSerS, add the folowing to
/etc/tcsg.conf.

	remote_ops = loadkey,quote

TPM QUOTE VERSION

By default, this package will use TPM quote 2 when available.  Use the
configure option --without-tss12 to force the use of the original
version of TPM quote.

RED HAT PACKAGE BUILD

Within a distribution, type:

$ rpmbuild -ba tpm-quote-tools.spec

DEBIAN PACKAGE BUILD

Within a distribution, type:

$ dh_make -s --createorig -c bsd -e "John D. Ramsdell <ramsdell@mitre.org>"
$ cp control debian
$ dpkg-buildpackage

ACKNOWLEDGMENT

Early on, code was inspired by Hal Finney's code on
http://privacyca.com.

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation