TPM test guides

最新推荐文章于 2023-10-17 19:41:50 发布

weixin_46156844

最新推荐文章于 2023-10-17 19:41:50 发布

阅读量354

点赞数 1

文章标签： kernel tpm

本文链接：https://blog.csdn.net/weixin_46156844/article/details/104989467

版权

Hardware Requirement

TPM hardware device support

Preparation Environment

BIOS turn on tpm

security -> TPM2 enabled

Check software and hardware support for TPM

hardware: dmesg | grep tpm
software: cat /proc/devices | grep tpm

localhost:~$ dmesg | grep tpm
[    1.173042] tpm_tis IFX0785:00: 2.0 TPM (device-id 0x1B, rev-id 22)

localhost:~$ cat /proc/devices | grep tpm
241 tpm

Service startup

sudo systemctl start  tpm2-abrmd

localhost:~$ systemctl status tpm2-abrmd.service
● tpm2-abrmd.service - TPM2 Access Broker and Resource Management Daemon
   Loaded: loaded (/usr/lib/systemd/system/tpm2-abrmd.service; disabled; vendor preset: disabled)
   Active: active (running) since 五 2020-03-20 03:33:57 UTC; 2h 2min ago
 Main PID: 2973 (tpm2-abrmd)
    Tasks: 6
   Memory: 1.7M
   CGroup: /system.slice/tpm2-abrmd.service
           └─2973 /usr/sbin/tpm2-abrmd

Testing Procedure

Set TPM related password

$ tpm2_takeownership -o ownerpass -e endorsepass -l lockpass

Create a Primary Object

Create a Primary Object in endorsement hierarchy, with objectpass as the object password, with RSA keys & SHA256 name hash algorithm, with object context saved in file po.ctx.

$ tpm2_createprimary -H e -K objectpass -g 0x000b -G 0x0001 -C po.ctx -P endorsepass

Create a RSA key under the previous primary key

Create a RSA key under the previous primary key, with subobjectpass as the object password, with SHA256 name hash algorithm, with public portion saved in key.pub and private portion saved in key.priv.

$ tpm2_create -c po.ctx -P objectpass -K subobjectpass -g 0x000b -G 0x0001 -u key.pub -r key.priv

Load the created RSA key

$ tpm2_load -c po.ctx -P objectpass -u key.pub -r key.priv -n key.name -C obj.ctx

Encrypt with RSA key

$ tpm2_rsaencrypt -c obj.ctx -o data.encrypt data.in

Decrypt with RSA key

$ tpm2_rsadecrypt -c obj.ctx -P subobjectpass -I data.encrypted -o data.out

Sign on data with RSA key
Sign on data with RSA key, using SHA256 as hash algorithm.

$ tpm2_sign -c obj.ctx -P subobjectpass -g 0x000b -m msg.in -s sig.out

Verify signature with RSA key

$ tpm2_verifysignature -c obj.ctx -g 0x000b -m msg.in -s sig.out -t tk.sig

weixin_46156844

关注

1
点赞
踩
2

收藏

觉得还不错? 一键收藏
0
评论
TPM test guides

Hardware RequirementTPM hardware device supportPreparation EnvironmentBIOS turn on tpmsecurity -> TPM2 enabledCheck software and hardware support for TPMhardware: dmesg | grep tpmsoftw...
复制链接

扫一扫