Jarkko Sakkinen
jarkko
While developing asymmetric TPM2 keys, and reviewing TPM bus encryption earlier, I came to realize that both tpm2-tools and ibmtss feel unintuitive.
So I started to seek, if some had ever backed up my old tpm2-scripts, from which kselftest was inherited. I did not have anymore any repo for that one.
With Google I luckily found a backup from the Github profile of @colinianking, so thank you for that. Then I just copied over latest version of just tpm2.py (GPL/BSD dual-licensed file).
Probably will have some incompatibility issues with old scripts and updated main module (less than 10 updates in its total life-time tho) but I will fix them as soon as I need to test anything.
Anyway, a new and to-be-lean TPM2 hacking tool has been initiated: tpm2ctl (there’s no even file of that name yet but definitely will be at some point ;-)).
1
1
1
1
0
0
So the first goal would be to make this dump into two commands:
tpm2_createprimary --hierarchy o -G ecc -c owner.txt
tpm2_evictcontrol -c owner.txt 0x81000001
openssl ecparam -name prime256v1 -genkey -noout -out private.pem
tpm2_import -C 0x81000001 -G ecc -i private.pem -u key.pub -r key.priv
tpm2_encodeobject -C 0x81000001 -u key.pub -r key.priv -o key.priv.pem
openssl asn1parse -inform pem -in key.priv.pem -noout -out key.priv.der
The.idea is to make it more like use-case oriented tool rather than one that maps the protocol as “plumbing” commands.
1
0
0
I'm planning to first get all features of tpm2-scripts to it and then add those key generation functionalities. Rust felt natural choice because it is like "Java of system programming", i.e. I can get OpenSSL functionalities for instance by doing cargo add for the crate containing libssl bindings and writing few lines of code :-)
There is also tpm-rs endorsed by TCG but after looking at it a bit I though that yet another TPM stack that makes simple problem more complex than it should be. Did not feel lean and mean enough for kernel testing.
0
0
0