User Activity

  • Committed [23acf5]

    Updates to rev 1045

  • Posted a comment on discussion General Discussion on IBM's TPM 2.0 TSS

    To lock nvwrite to only a policy, also turn off owner write, and platform write. Set policy write. Then your expectation is correct. When you close the session, NV will be inaccessible only until someone opens a session. If the PCR hasn't changed, write will then be permitted again. From the command line, create a policy session using "startauthsession -se p", or use it as sample code. Using that session handle, run policypcr, and then nvwrite. When debugging, policygetdigest at every step can help....

  • Posted a comment on discussion General Discussion on IBM's TPM 2.0 TSS

    My guess is that this is an old Intel firmware TPM - PTT. If so, I recall that it only implemented SHA-1. TPMs in general have a "field upgrade" facility to add new features. I don't know if it had this. If you only have a SHA-1 bank and no PCR allocate command, you cannot have SHA-256 PCRs. If you can confirm the TPM vendor and firmware details, try contacting Intel. If you can't find a contact, try the TPM WG or the PC Client WG. If you're not a TCG member, I can try to find a contact. However,...

  • Posted a comment on discussion General Discussion on IBM's TPM 2.0 TSS

    Take a look at makefile.min. cryptoutils.c is never part of the TSS. tsscryptoh.c and tsscrypto.c are not linked to the no-crypto version. They are, however used by many of the sample utilities that need crypto. I assume that your application won't need crypto either.

  • Modified a comment on a wiki page on IBM's TPM 2.0 TSS

    The Software TPM requires a simulated power cycle before it will function. See the "powerup" command sample. Any TPM needs TPM2_Startup as its first command. A BIOS supporting a hardware TPM 2.0 will send this command. Otherwise, see the "startup" sample. The subdirectory TPM proxy contains a lightly tested Windows 8/10 socket <-> TBS proxy, required when using the utilities (not the TSS) through the Windows 8/10 TBS. (More documentation soon.) The download is a compressed tarball. Evidently, some...

  • Modified a comment on a wiki page on IBM's TPM 2.0 TSS

    The Software TPM requires a simulated power cycle before it will function. See the "powerup" command sample. Any TPM needs TPM2_Startup as its first command. A BIOS supporting a hardware TPM 2.0 will send this command. Otherwise, see the "startup" sample. The subdirectory TPM proxy contains a lightly tested Windows 8/10 socket <-> TBS proxy, required when using the utilities (not the TSS) through the Windows 8/10 TBS. (More documentation soon.) The download is a compressed tarball. Evidently, some...

  • Modified a comment on a wiki page on IBM's Software TPM 2.0

    Use OpenSSL 1.0.x, not 1.1.x, which is a major API departure from previous versions. Raspian is 32-bit (at least its openssl is 32-bit) while the TPM crypto defaults to 64-bit. For Raspian, change Implementation.h RADIX_BITS from 64 to 32. #ifdef TPM_POSIX #define RADIX_BITS 32 The download is a compressed tarball. Evidently, some versions of gnu tar for Windows aren't built to handle compressed files. If the untar fails, try this: > gzip -d ibmtssnnn.tar.gz # unzip > tar xvf ibmtssnnn.tar # untar...

  • Posted a comment on discussion General Discussion on IBM's TPM 2.0 TSS

    Check this thread. (I'll add it to the documentation.) https://sourceforge.net/p/ibmswtpm2/discussion/general/thread/3b53a700/ The most likely cause is that you have a 32-bit openssl but a 64-bit TPM build switch. If so, either install a 64-bit openssl or change the build switch to 32-bit.

View All

Personal Data

Username:
kagoldman
Joined:
2010-04-30 19:27:53

Projects

Skills

  • No skills entered.

Personal Tools

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:

JavaScript is required for this form.





No, thanks