The last few days I was looking at the security issues with TPM, and found out that this topic is not addressed very well. Actually, I had hard times finding a good entry point to the world of trusted platforms. I thought, for someone things that I found might be useful, so here we go:
1. First go to the BIOS and enable your TPM there (if you don't have such option, probably you don't have the TPM).
2. Then, check if your TPM module is loaded:
$ lsmod | grep tpm
You can also check your dmesg, if your TPM is active, you should see something like that:
$ dmesg | grep tpm3. Here is a nice web-page showing how to use your TPM. Probably, you need to take ownership on the TPM to use it (tpm_takeownership comand).
[ 9.132580] tpm_tis 00:09: 1.2 TPM (device-id 0x0, rev-id 78)
4. But we want something really simple, right? I think, generating a random number is a nice thing to do first.
There is a package rng-tools, which allows us to use the TPM as a hardware random number generator, but for some reason it didn't work for me, you can find more details here. Then I found the other really nice page showing exactly what we want. Unfortunately, there is no description how to compile the code. So, here is what I did:
First install the trousers-dbg package to get required header files:
$ sudo apt-get install trousers-dbgYou need tspi library to compile the program. So, try compile to compile it as following:
$ gcc -o getrand tpm-getrand.c -ltspiIf compiles without any errors run it as it was described in the original page:
$ ./getrand | hexdump -CCongratulations! These are your true-random bytes.
00000000 97 37 73 96 98 ad 07 08 f3 bc 14 90 c6 10 73 aa |.7s...........s.|
00000010
No comments:
Post a Comment