Now available for download is tpm-tools 1.3.1, which adds additional TSS 1.2 support lacking in 1.3.0, and also fixes a bug.
A new command was added to the tools, tpm_restrictsrk, which controls who can read the SRK's public key, toggling between only the owner (the default in a 1.2 TPM) and both the owner and those who know the SRK password. You can see the current setting using the -s flag.
Additionally support for the TSS 1.2's popup hash mode flag was added, which fixes a bug in 1.3.0. Previous versions of tpm-tools did not remove the NULL terminating character from unicode passwords, which kept them from working when entered through the GUI dialog.... read more
New releases of both the TrouSerS TSS 1.1 and 1.2 branches are now
available, as well as a new version of tpm-tools with TPM 1.2 support.
These new releases are:
The first release of tpm-tools with TPM 1.2 support now allows for
the creation of a revokable endorsement key (with the ability to
revoke the key as well), a tpm_resetdalock command to reset the
dictionary attack lock, support for setting secrets as the TSS's
"well known" secret of all zeros (for compatibility with Windows TSS's)
and a tpm_setoperatorauth command, to set the authorization for
a set temp deactivated call. Also, this release's tpm_version command
will print TPM 1.2 specific version information.... read more
TrouSerS 0.3.0 is now available for download. Version 0.3.0 contains TSS 1.2 support, with the exception of:
o DAA support
o SOAP TCS interface
o Delegated authorizations
The package previously known as "Trusted Grub" has changed names and is now known as Grub-IMA, to avoid confusion with other TCG-aware Grub patches.
This patch is authored by Seiji Munetoh and supports:
- trusted boot support for CD-ROM boot O/S
- improved measurement strategy
- change the patch name to IMA
- the patch is created for GRUB version 0.97 which distributed by RedHat EL5 (and CentOS5)... read more
Trousers 0.2.9.1 fixes a few bugs in trousers 0.2.9, most importantly the --enable-policy-copying feature, which was meant to help users convert their apps from trousers 0.2.8 to 0.2.9.
Please see this thread in the mailing list for more details:
Release notes for OpenSSL TPM engine 0.4.1 --
o This release updates the engine and create_tpm_key utility for compatibility with trousers 0.2.9
o The engine now makes multiple calls to the TSS when a random number larger than 4K is requested
o Now, when RAND_add calls are made with more than 255 bytes of data, the engine will divide up the data and make multiple TSS calls to send the entropy to the TPM
TrouSerS release 0.2.9 is now available. This is the most tested, stable and spec-compiant version of trousers currently available. Please see the release notes and ChangeLog file for information on updates included in trousers 0.2.9.
tpm-tool release 18.104.22.168 is a compatibility update for trousers 0.2.9. No new functionality has been added.
TPM Keyring is a PyQt key manager for TPM based eCryptfs keys.
TPM Keyring generates software RSA keys using
OpenSSL, then wraps them using the Storage Root Key (SRK) in your TPM. Each key is assigned a
name and becomes an identifier for a group, which you can add any number of other people to by wrapping the key using their TPM's SRK.
eCryptfs is a VFS layer cryptographic file system for Linux. When a file is created in an eCryptfs mount, a randomly generated symmetric key is used to transparently encrypt the file. That key is then encrypted either by a passphrase or an asymmetric key and then stored inside the file itself. Using TPM Keyring, you can create a key and share it amongst a group of people, all using it to wrap the keys encrypting your eCryptfs files. You can then share the files with the people in the group securely using any means you'd like. ... read more
This release updates the engine to work with trousers 0.2.8 and adds support for passing SRK auth through engine control commands.
TrouSerS version 0.2.8 release notes
This is probably the most substantial release of TrouSerS yet, with nearly 10% of the code changing from 0.2.7, tons of bug fixes and an
API change. All users are strongly encouraged to update to 0.2.8.
An upcoming errata to the TSS 1.1 header files by the TSSWG is included in 0.2.8. All applications that reference the TSS_VALIDATION
structure must be updated. Because of this incompatible API change, the libtool library major version number for libtspi has been bumped. Installing TrouSerS 0.2.8 will therefore require a run of ldconfig and a recompile of all applications that link against it.... read more
The latest and greatest version of TrouSerS, 0.2.7 is now available for download. All users are strongly encouraged to upgrade to this version. Please see the ChangeLog file for details.
This update includes fixes for the tpm_sealdata command compiler warning fixes.
The most bug free, stable version of trousers yet is now available for download. See the ChangeLog file for info.
tpm-tools 1.2.3 adds support for specifying a PKCS#11 token label to the data management commands.
The latest version of TrouSerS, 0.2.5, is now available. Changes in this version include the backporting of TSS 1.2 style callbacks as well as TSS 1.2 flags for controlling whether the NULL terminator is considered in hashes of passwords. See the ChangeLog file and http://trousers.sf.net/faq.html for more info.
Link to the tarball:
See the ChangeLog file for details on all the bug fixes that have been piling up in the last month!
Version 0.3 fixes a bug when attempting to use RSA objects that weren't loaded/created by the engine code itself. This can happen for instance when using a TPM-based client key with a stunnel software only certificate.
This release of the OpenSSL TPM engine fixes 2 memory leaks and also some bugs that kept the RSA public decrypt path from functioning correctly.
Also, the create_tpm_key utility now prompts for SRK authorization when its needed.
Released today is an OpenSSL 0.9.8 TPM engine. This engine is compiled as a shared object and can be loaded using an included openssl.cnf file for apps that have openssl config support.
Right now, RAND and RSA are supported by the engine. RSA key generation is done inside the TPM. Also included is create_tpm_key, a utility to create a TPM key and write it to disk, which can then be loaded through the engine using OpenSSL's ENGINE_load_private_key function.... read more
The latest version of TrouSerS is now 0.2.3. Please download and test it out. The tarball is available at:
TrouSerS 0.2.1 Release Notes
For those upgrading from *any* previous version of TrouSerS: The format of the persistent storage file has changed. In order for the 0.2.1 tcsd to read your old persistent storage file correctly, you will need to run
# tools/ps_convert [filename]
on your system.data file. After running ps_convert, its safe to start the trousers-0.2.1 tcsd. Also provided in the tools directory is ps_inspect, which will print out your system.data file, regardless of its version. The ps_convert and ps_inspect utilities are not installed by default, they must be run from the tools directory.... read more
The latest TrouSerS release is now available for download from sf.net/projects/trousers.
Updates in 0.2.0 include:
* Integration with the TSS working group header files, which are now found in $includedir/tss
* A rewritten TSP object manager; cleaner, easier to read code that locks correctly.
* Bugfixes and new features; see ChangeLog at http://cvs.sourceforge.net/viewcvs.py/trousers/trousers/ChangeLog?view=markup... read more
tpm-tools is a package that contains 2 sets of programs, one set for manipulating TPM states and another for manipulating a PKCS#11 data store. See the installed manpages for details of each of the commands.
See the opencryptoki project for a PKCS#11 interface to your TPM: http://sf.net/projects/opencryptoki
TrouSerS 0.1.11 has been released in tarball form and is available at:
See the ChangeLog for excruciating detail, but the big changes are:
1. Bugfixes and warning fixes
2. A libtoolized libtspi.so
3. Trspi_Error functions for easy application error logging
TrouSerS 0.1.10 has been released in tarball form and is available at:
Originally the plan was to release 0.2.0 next, but the change log was getting pretty lengthy with mostly bugfixes and I hadn't even gotten around to starting the major changes I have planned for 0.2.0. So, for now, enjoy a more bugless 0.1 version of TrouSerS.