Conversation

Jarkko Sakkinen

Edited 2 days ago

The current feature set of upcoming tpm2sh 0.11. It’s quite basic but everything is tested with care and e.g., load does all the import dance for PKCS8 RSA and ECC keys without having to mess with openssl command line. I.e. single robust load command instead of:

tpm2_createprimary --hierarchy o -G ecc -c owner.txt
tpm2_evictcontrol -c owner.txt 0x81000001
openssl ecparam -name prime256v1 -genkey -noout -out private.pem
tpm2_import -C 0x81000001 -G ecc -i private.pem -u key.pub -r key.priv
tpm2_encodeobject -C 0x81000001 -u key.pub -r key.priv -o key.priv.pem
openssl asn1parse -inform pem -in key.priv.pem -noout -out key.priv.der

And generally flows are somewhat polished and will be polished further before released to not have any rough corners. Finally most of non-trivial functionality is tested against built-in TPM emulator MockTPM.

Sometime after 0.11 release I’ll add also --dry-run switch that can exercise TPM commands with the emulator before applying them to the chip.

#linux #rust #tpm

1
0
0
The current feature set is pretty much scoped with kernel testing in mind. E.g., that's why I have implemented pcr-event but not pcr-extend (which can be of course done some day) :-)
1
0
0

Jarkko Sakkinen

Edited 2 days ago
https://github.com/puavo-org/tpm2sh/blob/main/src/mocktpm.rs

It's pretty limited as of today but looking at code I'd say it's on right track :-) Likely split to a separate project some day as it grows too large (like over 2 KSLOC). I guess it's first pure Rust TPM emulator trial with like legit grounds that it is built on top of.
0
0
0