Menu
▾
▴
Tree [7673e4] master v2.3.2 / History
Mimi Zohar
Debora V Babb
Read Me
Linux Specific build notes
--------------------------
Written by Ken Goldman
IBM Thomas J. Watson Research Center
Prior to the autotools support, most users began by untarring the
tarball or cloning the git repo, and then executing 'make' or 'make -f
<makefile>' in the utils and utils12 directories. For autotools and the
existing makefiles to co-exist, the existing "makefile" was renamed to
"makefiletpmc".
$ cd utils
$ make -f makefiletpmc
$ cd utils12
$ make -f makefiletpmc
This builds a TSS
- with TPM 2.0 and TPM 1.2 support,
- connecting to a TPM 2.0 SW TPM,
- with TSS state files in cwd,
- with tracing support,
- and with elliptic curve support.
Refer to the "Advanced options", below, for additional compiler options.
Autotools - Linux
---------
On Linux (and probably other Unix systems), open source projects expect that
the normal shell command 'autoreconf -i && ./configure && make && make install'
should configure and build the package.
If --prefix is omitted, the default /usr/local is used.
The LD_LIBRARY_PATH environment variable must be set to the path
(either the default or a user specified path). E.g.,
export LD_LIBRARY_PATH=/usr/local/lib
Example 1: To configure the TSS library to use the software TPM, build and
install the package in ${HOME}/local/bin and ${HOME}/local/lib directories
execute the following shell commands:
$ autoreconf -i
$ ./configure --prefix=${HOME}/local --disable-hwtpm
$ make clean
$ make
$ make install
An initial set of the most common TSS "./configure" options are defined
to enable/disable different features.
--disable-tpm-2.0 - include only TPM 1.2 support
--disable-tpm-1.2 - include only TPM 2.0 support
--disable-hwtpm - don't use the hardware TPM, use a software one instead
--disable-rmtpm - when using a hardware TPM, don't use the resource manager
--enable-noprint - build a TSS library without tracing or prints
--enable-nofile - build a TSS library that does not use files to preserve state
(dependency on --disable-tpm-1.2)
The utilities (not the TSS library) require file support.
--enable-nocrypto - build a TSS library that does not require a crypto library
(dependency on "--enable-nofile")
--enable-noecc - build a TSS library that does not require OpenSSL elliptic curve support
--enable-debug - build a TSS library used for debugging.
--enable-nodeprecatedalgs - build a TSS library without SHA-1 support
Example 2: To configure the TSS library to use the hardware TPM, build and
install the package in the default /usr/local directories requires root
privileges. Executing the following shell commands will make and install the
package in the default directories.
$ autoreconf -i
$ ./configure
$ make clean
$ make
$ sudo make install
Other TSS features can be modified by specifying them directly as CFLAGS
"./configure" options.
CFLAGS='<options>'
options:
-O0 - change compiler optimization (default: 02)
-DTPM_DEVICE_DEFAULT="\"/dev/tpmrm0\"" - change hardware TPM (default: /dev/tpm0)
-DTPM_DATA_DIR_DEFAULT="\"<pathname>\"" - specify directory for TSS state files
-DTPM_TRACE_LEVEL_DEFAULT="\"<level>\"" - change level of tracing (default: 0)
0 - no tracing
1 - trace errors
2 - trace errors and execution flow
Example 3: To install the package in ${HOME}/local/bin and ${HOME}/local/lib
directories, compile for the gdb debugger, and connect by default to a socket
simulator TPM at command port 3333, execute the following shell commands:
$ autoreconf -i
$ ./configure --prefix=${HOME}/local --enable-debug --disable-hwtpm \
CFLAGS='-DTPM_INTERFACE_TYPE_DEFAULT="\"socsim\"" -DTPM_COMMAND_PORT_DEFAULT="\"3333\""'
$ make clean
$ make
$ make install
The TPM utility binaries are stored in utils/.lib and utils12/.lib directories
of the source directory.[1] To debug using these binaries in the source tree,
use either the binary stored in .lib or the libtool command.
$ libtool --mode=execute gdb <.lib/utility>
[1] For an explanation, refer to the GNU documentation
https://www.gnu.org/software/libtool/manual/libtool.html#Debugging-executables.
Mac Build - Mac
---------
These are two sets of contributed instructions for a Mac autotools
build. There is also a contributed utils/makefile.mac.
brew install openssl
brew install gawk
brew install automake
brew install autconf
brew install libtool
brew link libtool
brew install pkg-config
1)
PATH=/usr/local/Cellar/openssl\@1.1/1.1.1h/bin/:$PATH
PATH=/usr/local/Cellar/gawk/5.1.0/bin/:$PATH
LD_LIBRARY_PATH=/usr/local/Cellar/openssl\@1.1/1.1.1h
autoreconf -i
./configure \
CPPFLAGS="-I/usr/local/Cellar/openssl@1.1/1.1.1h/include -DTPM_POSIX" \
LDFLAGS=-L/usr/local/Cellar/openssl@1.1/1.1.1h/lib \
PKG_CONFIG_PATH=/usr/local/Cellar/openssl@1.1/1.1.1h/lib/pkgconfig
make clean
make
sudo make install
2)
autoreconf -i
./configure \
CPPFLAGS="-I/usr/local/opt/openssl/include -DTPM_POSIX" \
LDFLAGS=-L/usr/local/opt/openssl/lib \
PKG_CONFIG_PATH=/usr/local/opt/openssl/lib/pkgconfig
make clean
make
sudo make install
Advanced options
----------------
For all options and details, see the documentation in ibmtss.docx or
ibmtss.html.
Some of the more common options are below.
1-3 can also be specified in an environment variable or at run time.
4-8, which are used to reduce the size of the library, must be
specified at compile time.
1) To default to a hardware TPM (rather than the SW TPM)
Add to CCLFLAGS:
-DTPM_INTERFACE_TYPE_DEFAULT="\"dev\""
2) To default to /dev/tpmrm0 (rather than /dev/tpm0)
Add to CCLFLAGS:
-DTPM_DEVICE_DEFAULT="\"/dev/tpm0\""
3) To default to a different directory for TSS state files (rather
than cwd)
Add to CCLFLAGS:
-DTPM_DATA_DIR_DEFAULT="\"directory\""
4) To remove TPM 1.2 support
Delete from CCLFLAGS and CCAFLAGS
-DTPM_TPM12
5) To remove the requirement for a filesystem (see documentation for
limitations)
Add to CCFLAGS
-DTPM_TSS_NOFILE
6) To remove the requirement for crypto (see documentation for
limitations)
Add to CCFLAGS
-DTPM_TSS_NOCRYPTO
7) To remove print tracing support
Add to CCFLAGS
-DTPM_TSS_NO_PRINT
8) To remove elliptic curve dependencies
Add to CCFLAGS
-DTPM_TSS_NOECC