| OLD | NEW |
|---|
| 1 _____ ____ __ __ _____ _ _ | 1 _____ ____ __ __ _____ _ _ |
| 2 |_ _| _ \| \/ | | ____|_ __ ___ _ _| | __ _| |_ ___ _ __ | 2 |_ _| _ \| \/ | | ____|_ __ ___ _ _| | __ _| |_ ___ _ __ |
| 3 | | | |_) | |\/| | _____ | _| | '_ ` _ \| | | | |/ _` | __/ _ \| '__| | 3 | | | |_) | |\/| | _____ | _| | '_ ` _ \| | | | |/ _` | __/ _ \| '__| |
| 4 | | | __/| | | | |_____| | |___| | | | | | |_| | | (_| | || (_) | | | 4 | | | __/| | | | |_____| | |___| | | | | | |_| | | (_| | || (_) | | |
| 5 |_| |_| |_| |_| |_____|_| |_| |_|\__,_|_|\__,_|\__\___/|_| | 5 |_| |_| |_| |_| |_____|_| |_| |_|\__,_|_|\__,_|\__\___/|_| |
| 6 | 6 |
| 7 TPM-Emulator v0.6 - | 7 TPM-Emulator v0.7 - |
| 8 A Software-based Trusted Platform Module (TPM) Emulator for Linux. | 8 A Software-based TPM and MTM Emulator. |
| 9 -------------------------------------------------------------------------- | 9 -------------------------------------------------------------------------- |
| 10 | 10 |
| 11 $Id$ | 11 $Id: README 424 2010-02-22 16:36:14Z mast $ |
| 12 | 12 |
| 13 Copyright | 13 Copyright |
| 14 -------------------------------------------------------------------------- | 14 -------------------------------------------------------------------------- |
| 15 Copyright (C) 2004-2006 Mario Strasser <mast@gmx.net> and Swiss Federal | 15 Copyright (C) 2004-2010 Mario Strasser <mast@gmx.net>, ETH Zurich. |
| 16 Institute of Technology (ETH) Zurich. | |
| 17 | 16 |
| 18 This program is free software; you can redistribute it and/or modify | 17 This program is free software; you can redistribute it and/or modify |
| 19 it under the terms of the GNU General Public License as published by | 18 it under the terms of the GNU General Public License as published by |
| 20 the Free Software Foundation; either version 2 of the License, or | 19 the Free Software Foundation; either version 2 of the License, or |
| 21 (at your option) any later version. | 20 (at your option) any later version. |
| 22 | 21 |
| 23 This program is distributed in the hope that it will be useful, | 22 This program is distributed in the hope that it will be useful, |
| 24 but WITHOUT ANY WARRANTY; without even the implied warranty of | 23 but WITHOUT ANY WARRANTY; without even the implied warranty of |
| 25 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | 24 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
| 26 GNU General Public License for more details. | 25 GNU General Public License for more details. |
| 27 | 26 |
| 28 | 27 |
| 29 Package | 28 Package |
| 30 -------------------------------------------------------------------------- | 29 -------------------------------------------------------------------------- |
| 31 Since version 0.5, the tpm emulator package comprises four main parts: | 30 The tpm emulator package comprises four main parts: |
| 32 | 31 |
| 33 a) tpmd - a user-space daemon that implements the actual TPM emulator | 32 a) tpmd - a user-space application that implements the actual emulator |
| 34 and can be accessed by means of unix domain sockets. | 33 and can be accessed by means of Unix domain sockets (Unix) or |
| 34 named pipes (Windows). |
| 35 | 35 |
| 36 b) tpmd_dev - a kernel module that provides the device /dev/tpm for | 36 b) tpmd_dev - a kernel module that provides the device /dev/tpm for |
| 37 backward compatibility and forwards the received commands to tpmd. | 37 backward compatibility and forwards the received commands to tpmd |
| 38 (Unix and Mac OS X only). |
| 38 | 39 |
| 39 c) tddl - a TSS conform device driver library for the TPM emulator. | 40 c) tddl - a TSS conform device driver library for the emulator. |
| 40 | 41 |
| 41 d) tpm_dev - the (obsolete) kernel-space TPM emulator. | |
| 42 | |
| 43 | |
| 44 Configuration | |
| 45 -------------------------------------------------------------------------- | |
| 46 First of all, you have to make sure that the GNU MP library (http:// | |
| 47 www.gnu.org/software/gmp/gmp.html) is properly installed on your system; | |
| 48 in particular that the required shared library and header files exist | |
| 49 and are located within the search path of the compiler and linker. | |
| 50 | |
| 51 The compilation and installation process of the kernel modules uses the | |
| 52 build environment for external kernel modules of the 2.5.X Linux kernels, | |
| 53 which must therefore be set up properly. If you are using a pre-compiled | |
| 54 standard kernel of some distribution, install the appropriate kernel-source | |
| 55 packages and call the following commands: | |
| 56 | |
| 57 # cd /usr/src/linux | |
| 58 # zcat /proc/config.gz > .config | |
| 59 # make oldconfig | |
| 60 # make modules_prepare | |
| 61 | 42 |
| 62 Compilation and Installation | 43 Compilation and Installation |
| 63 -------------------------------------------------------------------------- | 44 -------------------------------------------------------------------------- |
| 64 The actual compilation and installation of the TPM emulator package is | 45 The compilation and installation of the TPM emulator package is based on |
| 65 done as follows: | 46 the CMake build environment (version 2.6 or better) and requires that the |
| 47 GNU MP library (version 4.0 or better) is properly installed on your |
| 48 system. A working MinGW compiler suite is further required on Windows |
| 49 (see http://www.mingw.org/). To compile and install the package execute: |
| 66 | 50 |
| 67 # tar -xvzf tpm_emulator-X.Y.tar.gz | 51 # tar -xvzf tpm_emulator-X.Y.tar.gz |
| 68 # cd tpm_emulator-X.Y | 52 # cd tpm_emulator-X.Y |
| 53 # mkdir build |
| 54 # cd build |
| 55 # cmake ../ |
| 69 # make | 56 # make |
| 70 # make install | 57 # make install |
| 71 | 58 |
| 72 Please note that the user and group 'tss' must exists on the target host. | 59 The script files build.sh and build.bat automate this process. |
| 60 |
| 61 On Windows, the TPM emulator system service has additionally to be |
| 62 registered by calling: |
| 63 # control_tpmd.bat install |
| 64 |
| 65 MTM support can be enabled by replacing |
| 66 # cmake ../ |
| 67 with |
| 68 # cmake ../ -DMTM_EMULATOR=ON |
| 73 | 69 |
| 74 | 70 |
| 75 Startup | 71 Startup |
| 76 -------------------------------------------------------------------------- | 72 -------------------------------------------------------------------------- |
| 77 In order to use the TPM emulator, one has to start the TPM emulator daemon | 73 In order to use the TPM emulator on Unix or Mac OS X, one has to start the |
| 78 and, if required, load the TPM device forwarding module. The startup mode | 74 TPM emulator daemon and load the TPM device forwarding module. On Linux, |
| 79 of the TPM (see TPM Spec. Part 1) is defined by the startup mode argument | 75 this is done by executing: |
| 80 and can either be set to clear, save (default) or deactivated. | |
| 81 | 76 |
| 82 # modprobe tpmd_dev | 77 # modprobe tpmd_dev |
| 83 # tpmd save | 78 # tpmd |
| 84 | 79 |
| 85 Furthermore, the argument -d enables debug mode, -f forces the emulator | 80 On Windows, the TPM emulator service can either be started with the |
| 86 to run in the foreground, and -h print the following help message: | 81 Microsoft Management Console or with the control_tpmd.bat script: |
| 87 | 82 |
| 88 usage: tpmd/tpmd [-d] [-f] [-h] [startup mode] | 83 # control_tpmd.bat start |
| 84 # control_tpmd.bat status |
| 85 |
| 86 The startup mode of the TPM (see TPM Spec. Part 1) is defined by the |
| 87 startup mode argument and can either be set to clear, save (default) |
| 88 or deactivated. Additionally supported arguments are |
| 89 |
| 90 usage: tpmd [-d] [-f] [-s storage file] [-u unix socket name] |
| 91 [-o user name] [-g group name] [-h] [startup mode] |
| 89 d : enable debug mode | 92 d : enable debug mode |
| 90 f : forces the application to run in the foreground | 93 f : forces the application to run in the foreground |
| 94 s : storage file to use (default: /var/lib/tpm/tpm_emulator-1_2_0_7) |
| 95 u : unix socket name to use (default: /var/run/tpm/tpmd_socket:0) |
| 96 o : effective user the application should run as |
| 97 g : effective group the application should run as |
| 91 h : print this help message | 98 h : print this help message |
| 92 startup mode : must be 'clear', 'save' (default) or 'deactivated | 99 startup mode : must be 'clear', 'save' (default) or 'deactivated |
| 93 | 100 |
| 101 and |
| 102 |
| 103 usage: tpmd.exe [-d] [-f] [-s storage file] [-u windows pipe name] |
| 104 [-l log file] [-h] [startup mode] |
| 105 d : enable debug mode |
| 106 f : forces the application to run in the foreground |
| 107 s : storage file to use (default: |
| 108 C:/Program Files/TPM_Emulator/tpm_emulator-1_2_0_7) |
| 109 u : windows named pipe name to use (default: //./pipe/tpmd:0) |
| 110 l : name of the log file (default: C:/Program Files/TPM_Emulator/tpmd.log) |
| 111 h : print this help message |
| 112 startup mode : must be 'clear', 'save' (default) or 'deactivated |
| 113 |
| 114 on Unix and Windows, respectively. |
| 115 |
| 94 If the emulator is started in mode save and fails to load a previously | 116 If the emulator is started in mode save and fails to load a previously |
| 95 stored TPM state, it will go into fail-stop mode and has to be reloaded. | 117 stored TPM state, it will go into fail-stop mode and has to be reloaded. |
| 96 Therefore, the first time the TPM emulator is started, the argument must | 118 Therefore, the first time the TPM emulator is started, the argument must |
| 97 be set to 'clear'. Recovering a TPM emulator that is in fail-stop mode | 119 be set to 'clear'. Recovering a TPM emulator that is in fail-stop mode |
| 98 is done by first deactivating it and then reloading it in mode 'clear': | 120 is done by first deactivating it and then reloading it in mode 'clear': |
| 99 | 121 |
| 100 # tpmd deactivated | 122 # tpmd deactivated |
| 101 # killall tpmd | 123 # killall tpmd |
| 102 # tpmd clear | 124 # tpmd clear |
| 103 | 125 |
| 104 | 126 |
| 105 Usage and Backward Compatibility | 127 Usage and Backward Compatibility |
| 106 -------------------------------------------------------------------------- | 128 -------------------------------------------------------------------------- |
| 107 The most correct and convenient way to access the tpm emulator is to use | 129 The most correct and convenient way to access the tpm emulator is to use |
| 108 the provided device driver library (tddl). For a comprehensive description | 130 the provided device driver library (tddl). For a comprehensive description |
| 109 of its functionality we refer to the official TCG specification (see | 131 of its functionality we refer to the official TCG specification (see |
| 110 https://www.trustedcomputinggroup.org/specs/TSS), an example of use is | 132 https://www.trustedcomputinggroup.org/specs/TSS), an example of use is |
| 111 given by the test application tddl/test_tddl. | 133 given by the test application tddl/test_tddl. |
| 112 | 134 |
| 113 For backward compatibility with existing applications, the kernel module | 135 Note that on Windows the tddl is called ifxtpm.dll as many applications |
| 114 tpmd_dev forwards any command sent to the device /dev/tpm to the tpm | 136 (e.g., TPM/J) expect this name and do not support alternative drivers. |
| 115 emulator daemon. In order to access the emulator directly (i.e., without | 137 |
| 116 using the device driver library or the device dev/tpm) all one has to do | 138 For backward compatibility with existing Unix applications, the kernel |
| 117 is to include the header files sys/socket.h and sys/un.h and to replace | 139 module tpmd_dev forwards any command sent to the device /dev/tpm to the |
| 118 the open("/dev/tpm") call with something like: | 140 tpm emulator daemon. In order to access the emulator directly (i.e., |
| 141 without using the device driver library or the device dev/tpm) all one |
| 142 has to do is to include the header files sys/socket.h and sys/un.h and |
| 143 to replace the open("/dev/tpm") call with something like: |
| 119 | 144 |
| 120 struct sockaddr_un addr; | 145 struct sockaddr_un addr; |
| 121 fh = socket(PF_UNIX, SOCK_STREAM, 0); | 146 fh = socket(PF_UNIX, SOCK_STREAM, 0); |
| 122 if (fh < 0) { /* handle error */ } | 147 if (fh < 0) { /* handle error */ } |
| 123 addr.sun_family = AF_UNIX; | 148 addr.sun_family = AF_UNIX; |
| 124 strncpy(addr.sun_path, "/var/run/tpm/tpmd_socket:0", sizeof(addr.sun_path)); | 149 strncpy(addr.sun_path, "/var/run/tpm/tpmd_socket:0", sizeof(addr.sun_path)); |
| 125 res = connect(fh, (struct sockaddr*)&addr, sizeof(struct sockaddr_un)); | 150 res = connect(fh, (struct sockaddr*)&addr, sizeof(struct sockaddr_un)); |
| 126 if (res < 0) { /* handle error */ } | 151 if (res < 0) { /* handle error */ } |
| 127 | 152 |
| 128 All subsequent calls of read(), write(), and close() should work as | 153 All subsequent calls of read(), write(), and close() should work as |
| 129 expected. | 154 expected. |
| 130 | 155 |
| 131 | 156 |
| 157 Usage Examples for TPM/J |
| 158 -------------------------------------------------------------------------- |
| 159 |
| 160 === Linux |
| 161 # modprobe tpmd_dev |
| 162 # tpmd -d |
| 163 |
| 164 # cd <path to tpmj>/lib |
| 165 # export CLASSPATH=tpmj.jar:bcprov-jdk15-131.jar:$CLASSPATH |
| 166 # java edu.mit.csail.tpmj.tools.TPMInfo |
| 167 |
| 168 |
| 169 === Mac OS X |
| 170 # sudo kextload /System/Library/Extensions/tpm_bridge.kext |
| 171 # sudo tpmd -d |
| 172 |
| 173 # cd <path to tpmj>/lib |
| 174 # export CLASSPATH=tpmj.jar:bcprov-jdk15-131.jar:$CLASSPATH |
| 175 # sudo java edu.mit.csail.tpmj.tools.TPMInfo |
| 176 |
| 177 |
| 178 === Windows |
| 179 # set PATH=%PROGRAMFILES%\TPM_Emulator;%PATH% |
| 180 # set PATH=%PROGRAMFILES%\TPM_Emulator\lib;%PATH% |
| 181 # control_tpmd.bat start |
| 182 |
| 183 # cd <path to tpmj>\lib |
| 184 # set CLASSPATH=tpmj.jar;bcprov-jdk15-131.jar:%CLASSPATH% |
| 185 # java edu.mit.csail.tpmj.tools.TPMInfo |
| 186 |
| 187 |
| 132 Notes | 188 Notes |
| 133 -------------------------------------------------------------------------- | 189 -------------------------------------------------------------------------- |
| 190 * Since release 0.7 the emulator also runs on Darwin (Mac OS X) and on |
| 191 Windows; thanks go to Amit Singh and Domenic Schröder. In addition, |
| 192 the emulator now also supports MTM emulation; thanks go to Jan-Erik |
| 193 Ekberg and Markku Kylänpää from Nokia. |
| 134 * Since release 0.5.1 the emulator supports Free- and OpenBSD; thanks go | 194 * Since release 0.5.1 the emulator supports Free- and OpenBSD; thanks go |
| 135 to Sebastian Schuetz. | 195 to Sebastian Schuetz. |
| 136 * Since release 0.5 the kernel-based emulator (tpm_dev) is obsolete. | 196 * Since release 0.5 the kernel-based emulator (tpm_dev) is obsolete. |
| 137 * The name and format of the persistent-storage file has changed between | 197 * The name and format of the persistent-storage file has changed between |
| 138 release 0.2 and 0.3 as well as between release 0.4 and 0.4.1. | 198 release 0.2 and 0.3, 0.4 and 0.4.1., 0.5 and 0.6, and 0.6 and 0.7. |
| 139 * The DAA support was tested with the IBM DAA Test Suite and should work | 199 * The DAA support was tested with the IBM DAA Test Suite and should work |
| 140 now as expected. Thanks go to Roger Zimmermann for his kindly help. | 200 now as expected. Thanks go to Roger Zimmermann for his kindly help. |
| 141 | 201 |
| 142 | 202 |
| 143 Contact | 203 Contact |
| 144 -------------------------------------------------------------------------- | 204 -------------------------------------------------------------------------- |
| 145 Any comments, suggestions and bug reports are welcome. Please, mention | 205 Any comments, suggestions and bug reports are welcome. Please, mention |
| 146 the keyword 'TPM emulator' in the subject. | 206 the keyword 'TPM emulator' in the subject. |
| 147 Mario Strasser <mast@gmx.net> | 207 Mario Strasser <mast@gmx.net> |
| 148 | 208 |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 660204:
Upgrade to tpm-emulator version 0.7. (Closed)
