Version 6 - History - Trusted Platform Module 2.0 - strongSwan

Trusted Platform Module 2.0 » History » Version 6

Andreas Steffen, 18.02.2017 17:08

-Andreas Steffen
+h1. Trusted Platform Module
 Andreas Steffen
-Andreas Steffen
+{{>toc}}
 Andreas Steffen
-Andreas Steffen
+h2. Connect to a TPM 2.0 device
 Andreas Steffen
-Andreas Steffen
+In order to connect to a TPM 2.0 hardware or firmware device, the TSS2 software stack developed by Intel is needed. Because the official Ubuntu *tpm2-tss* package is rather outdated (e.g. since version 0.98 the TCTI interface to the TPM 2.0 resource manager has changed several times), strongSwan is currently based on a recent version directly drawn from the TPM2-TSS git repository https://github.com/01org/TPM2.0-TSS. Avoid any TCTI interface incompatibilities by fetching the latest *tpm2-tools* version from https://github.com/01org/tpm2.0-tools as well.
 Andreas Steffen
-Andreas Steffen
+Build and install both the *tpm2-tss* stack and the *tpm2.0-tools*, start the *tpm2-resourcemgr* as a service and try to connect to the TPM 2.0 e.g. by listing the contents of the SHA-1 bank of PCR registers
 Andreas Steffen
-Andreas Steffen
+   tpm2_listpcrs -g 0x0004
 Andreas Steffen
-Andreas Steffen
+  Bank/Algorithm: TPM_ALG_SHA1(0x0004)
-Andreas Steffen
+PCR_00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
-Andreas Steffen
+PCR_01: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
-Andreas Steffen
+PCR_02: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
-Andreas Steffen
+PCR_03: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
-Andreas Steffen
+PCR_04: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
-Andreas Steffen
+PCR_05: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
-Andreas Steffen
+PCR_06: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
-Andreas Steffen
+PCR_07: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
-Andreas Steffen
+PCR_08: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
-Andreas Steffen
+PCR_09: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
-Andreas Steffen
+PCR_10: a9 45 e7 0f 42 a2 79 f0 78 ca d4 64 60 39 39 da 9d 6a d1 a5
-Andreas Steffen
+PCR_11: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
-Andreas Steffen
+PCR_12: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
-Andreas Steffen
+PCR_13: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
-Andreas Steffen
+PCR_14: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
-Andreas Steffen
+PCR_15: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
-Andreas Steffen
+PCR_16: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
-Andreas Steffen
+PCR_17: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
-Andreas Steffen
+PCR_18: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
-Andreas Steffen
+PCR_19: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
-Andreas Steffen
+PCR_20: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
-Andreas Steffen
+PCR_21: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
-Andreas Steffen
+PCR_22: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
-Andreas Steffen
+PCR_23: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 Andreas Steffen
-Andreas Steffen
+h2. TPM Private Key Access via VICI Interface
 Andreas Steffen
-Andreas Steffen
+Configuration of TPM private key access in *swanctl.conf*
 Andreas Steffen
-Andreas Steffen
+  secrets {
-Andreas Steffen
+    token_ak_rsa {
-Andreas Steffen
+      handle = 81010002
 Andreas Steffen
-Andreas Steffen
+    token_ak_ecc {
-Andreas Steffen
+      handle = 81010004
 Andreas Steffen
 Andreas Steffen

Project

General

Profile

strongSwan

Trusted Platform Module 2.0 » History » Version 6