January 8, 2013

Where to start: TPM on Linux

It is extremely hard to find any useful examples of using TPM. There is a lot of theoretical stuff, like discussion is it good or bad, but really few code examples that one can use to play with.

The last few days I was looking at the security issues with TPM, and found out that this topic is not addressed very well. Actually, I had hard times finding a good entry point to the world of trusted platforms. I thought, for someone things that I found might be useful, so here we go:

1. First go to the BIOS and enable your TPM there (if you don't have such option, probably you don't have the TPM).

2. Then, check if your TPM module is loaded:

$ lsmod | grep tpm

You can also check your dmesg, if your TPM is active, you should see something like that:
$ dmesg | grep tpm
[    9.132580] tpm_tis 00:09: 1.2 TPM (device-id 0x0, rev-id 78)
3. Here is a nice web-page showing how to use your TPM. Probably, you need to take ownership on the TPM to use it (tpm_takeownership comand).

4. But we want something really simple, right? I think, generating a random number is a nice thing to do first.

There is a package rng-tools, which allows us to use the TPM as a hardware random number generator, but for some reason it didn't work for me, you can find more details here. Then I found the other really nice page showing exactly what we want. Unfortunately, there is no description how to compile the code. So, here is what I did:

First install the trousers-dbg package to get required header files:
$ sudo apt-get install trousers-dbg
You need tspi library to compile the program. So, try compile to compile it as following:
 $ gcc -o getrand tpm-getrand.c -ltspi
If compiles without any errors run it as it was described in the original page:
$ ./getrand | hexdump -C
00000000  97 37 73 96 98 ad 07 08  f3 bc 14 90 c6 10 73 aa  |.7s...........s.|
Congratulations! These are your true-random bytes.

No comments:

Post a Comment