TrouSerS / News: Recent posts

tpm-tools 1.3.1 released

Now available for download is tpm-tools 1.3.1, which adds additional TSS 1.2 support lacking in 1.3.0, and also fixes a bug.

A new command was added to the tools, tpm_restrictsrk, which controls who can read the SRK's public key, toggling between only the owner (the default in a 1.2 TPM) and both the owner and those who know the SRK password. You can see the current setting using the -s flag.

Additionally support for the TSS 1.2's popup hash mode flag was added, which fixes a bug in 1.3.0. Previous versions of tpm-tools did not remove the NULL terminating character from unicode passwords, which kept them from working when entered through the GUI dialog.... read more

Posted by Kent Yoder 2007-11-21

New Releases of TrouSerS, tpm-tools


New releases of both the TrouSerS TSS 1.1 and 1.2 branches are now
available, as well as a new version of tpm-tools with TPM 1.2 support.
These new releases are:


The first release of tpm-tools with TPM 1.2 support now allows for
the creation of a revokable endorsement key (with the ability to
revoke the key as well), a tpm_resetdalock command to reset the
dictionary attack lock, support for setting secrets as the TSS's
"well known" secret of all zeros (for compatibility with Windows TSS's)
and a tpm_setoperatorauth command, to set the authorization for
a set temp deactivated call. Also, this release's tpm_version command
will print TPM 1.2 specific version information.... read more

Posted by Kent Yoder 2007-11-02

TrouSerS 0.3.0 released

TrouSerS 0.3.0 is now available for download. Version 0.3.0 contains TSS 1.2 support, with the exception of:

o DAA support
o SOAP TCS interface
o Delegated authorizations


Posted by Kent Yoder 2007-08-31

Updated version of "Trusted Grub" (Grub-IMA) released

The package previously known as "Trusted Grub" has changed names and is now known as Grub-IMA, to avoid confusion with other TCG-aware Grub patches.

This patch is authored by Seiji Munetoh and supports:

- trusted boot support for CD-ROM boot O/S
- improved measurement strategy
- change the patch name to IMA
- the patch is created for GRUB version 0.97 which distributed by RedHat EL5 (and CentOS5)... read more

Posted by Kent Yoder 2007-07-20

Trousers released

Trousers fixes a few bugs in trousers 0.2.9, most importantly the --enable-policy-copying feature, which was meant to help users convert their apps from trousers 0.2.8 to 0.2.9.

Please see this thread in the mailing list for more details:

Posted by Kent Yoder 2007-04-12

OpenSSL TPM Engine 0.4.1 released

Release notes for OpenSSL TPM engine 0.4.1 --

o This release updates the engine and create_tpm_key utility for compatibility with trousers 0.2.9

o The engine now makes multiple calls to the TSS when a random number larger than 4K is requested

o Now, when RAND_add calls are made with more than 255 bytes of data, the engine will divide up the data and make multiple TSS calls to send the entropy to the TPM

Posted by Kent Yoder 2007-02-05

TrouSerS 0.2.9, tpm-tools released

TrouSerS release 0.2.9 is now available. This is the most tested, stable and spec-compiant version of trousers currently available. Please see the release notes and ChangeLog file for information on updates included in trousers 0.2.9.

tpm-tool release is a compatibility update for trousers 0.2.9. No new functionality has been added.


Posted by Kent Yoder 2007-02-05

TPM Keyring 0.1 released

TPM Keyring is a PyQt key manager for TPM based eCryptfs keys.

TPM Keyring generates software RSA keys using
OpenSSL, then wraps them using the Storage Root Key (SRK) in your TPM. Each key is assigned a
name and becomes an identifier for a group, which you can add any number of other people to by wrapping the key using their TPM's SRK.

eCryptfs is a VFS layer cryptographic file system for Linux. When a file is created in an eCryptfs mount, a randomly generated symmetric key is used to transparently encrypt the file. That key is then encrypted either by a passphrase or an asymmetric key and then stored inside the file itself. Using TPM Keyring, you can create a key and share it amongst a group of people, all using it to wrap the keys encrypting your eCryptfs files. You can then share the files with the people in the group securely using any means you'd like. ... read more

Posted by Kent Yoder 2006-09-28

OpenSSL TPM engine 0.4 released

This release updates the engine to work with trousers 0.2.8 and adds support for passing SRK auth through engine control commands.

Posted by Kent Yoder 2006-09-22

TrouSerS 0.2.8 now available

TrouSerS version 0.2.8 release notes

This is probably the most substantial release of TrouSerS yet, with nearly 10% of the code changing from 0.2.7, tons of bug fixes and an
API change. All users are strongly encouraged to update to 0.2.8.

An upcoming errata to the TSS 1.1 header files by the TSSWG is included in 0.2.8. All applications that reference the TSS_VALIDATION
structure must be updated. Because of this incompatible API change, the libtool library major version number for libtspi has been bumped. Installing TrouSerS 0.2.8 will therefore require a run of ldconfig and a recompile of all applications that link against it.... read more

Posted by Kent Yoder 2006-09-22

TrouSerS 0.2.7 released

The latest and greatest version of TrouSerS, 0.2.7 is now available for download. All users are strongly encouraged to upgrade to this version. Please see the ChangeLog file for details.


Posted by Kent Yoder 2006-07-17

tpm-tools 1.2.4 released

This update includes fixes for the tpm_sealdata command compiler warning fixes.

Posted by Kent Yoder 2006-06-07

TrouSerS 0.2.6 released

The most bug free, stable version of trousers yet is now available for download. See the ChangeLog file for info.



Posted by Kent Yoder 2006-04-07

tpm-tools 1.2.3 released

tpm-tools 1.2.3 adds support for specifying a PKCS#11 token label to the data management commands.


Posted by Kent Yoder 2006-04-05

TrouSerS 0.2.5 now available


The latest version of TrouSerS, 0.2.5, is now available. Changes in this version include the backporting of TSS 1.2 style callbacks as well as TSS 1.2 flags for controlling whether the NULL terminator is considered in hashes of passwords. See the ChangeLog file and for more info.


Link to the tarball:

Posted by Kent Yoder 2006-01-13

TrouSerS 0.2.4 "Trustigious" now available

See the ChangeLog file for details on all the bug fixes that have been piling up in the last month!


Posted by Kent Yoder 2005-12-02

OpenSSL TPM Engine 0.3 available

Version 0.3 fixes a bug when attempting to use RSA objects that weren't loaded/created by the engine code itself. This can happen for instance when using a TPM-based client key with a stunnel software only certificate.


Posted by Kent Yoder 2005-12-02

OpenSSL TPM Engine 0.2 available

This release of the OpenSSL TPM engine fixes 2 memory leaks and also some bugs that kept the RSA public decrypt path from functioning correctly.

Also, the create_tpm_key utility now prompts for SRK authorization when its needed.



Posted by Kent Yoder 2005-11-10

[RFC] OpenSSL TPM Engine alpha code available

Released today is an OpenSSL 0.9.8 TPM engine. This engine is compiled as a shared object and can be loaded using an included openssl.cnf file for apps that have openssl config support.

Right now, RAND and RSA are supported by the engine. RSA key generation is done inside the TPM. Also included is create_tpm_key, a utility to create a TPM key and write it to disk, which can then be loaded through the engine using OpenSSL's ENGINE_load_private_key function.... read more

Posted by Kent Yoder 2005-10-05

TrouSerS 0.2.3 released

The latest version of TrouSerS is now 0.2.3. Please download and test it out. The tarball is available at:


Posted by Kent Yoder 2005-09-29

TrouSerS 0.2.1 released

TrouSerS 0.2.1 Release Notes

For those upgrading from *any* previous version of TrouSerS: The format of the persistent storage file has changed. In order for the 0.2.1 tcsd to read your old persistent storage file correctly, you will need to run

# tools/ps_convert [filename]

on your file. After running ps_convert, its safe to start the trousers-0.2.1 tcsd. Also provided in the tools directory is ps_inspect, which will print out your file, regardless of its version. The ps_convert and ps_inspect utilities are not installed by default, they must be run from the tools directory.... read more

Posted by Kent Yoder 2005-07-29

TrouSerS 0.2.0 released

The latest TrouSerS release is now available for download from

Updates in 0.2.0 include:

* Integration with the TSS working group header files, which are now found in $includedir/tss
* A rewritten TSP object manager; cleaner, easier to read code that locks correctly.
* Bugfixes and new features; see ChangeLog at read more

Posted by Kent Yoder 2005-07-05

tpm-tools 1.0.0 released

tpm-tools is a package that contains 2 sets of programs, one set for manipulating TPM states and another for manipulating a PKCS#11 data store. See the installed manpages for details of each of the commands.

See the opencryptoki project for a PKCS#11 interface to your TPM:



Posted by Kent Yoder 2005-06-01

TrouSerS 0.1.11 released

TrouSerS 0.1.11 has been released in tarball form and is available at:

See the ChangeLog for excruciating detail, but the big changes are:

1. Bugfixes and warning fixes
2. A libtoolized
3. Trspi_Error functions for easy application error logging



Posted by Kent Yoder 2005-06-01

TrouSerS 0.1.10 released

TrouSerS 0.1.10 has been released in tarball form and is available at:

Originally the plan was to release 0.2.0 next, but the change log was getting pretty lengthy with mostly bugfixes and I hadn't even gotten around to starting the major changes I have planned for 0.2.0. So, for now, enjoy a more bugless 0.1 version of TrouSerS.


Posted by Kent Yoder 2005-05-10