kgoldman / ibmtss Goto Github PK

One thing that is really convenient about the tpm2-tools is that they generally can consume / produce saved contexts in places where normally one would expect other items like public areas and so on. This does mean that those utilities need to be able to execute more commands than their names imply, but this seems pretty normal. This use of saved contexts means that "loaded objects disappear" doesn't happen as much. Yes, "loaded objects disappear" could still happen when using a TPM directly while racing with other users of the same TPM because one has to keep flushing transient objects to make it all work, but racing like that should be rare.

Can you provide examples to use duplicate and rewrite, TCG's documentation is difficult to understand, or can you provide some website addresses where there are examples

While implementing a Trusted Computing protocol with the TPM(SW TPM ibmtpm1661) , we 've encountered an error upon creating a KEYEDHASH key(reserved bits shall be set to zero),when using your template found in the file ObjectTemplates.c .The issue was resolved by adding to the attributes of the public key template TPA_OBJECT_RESERVED.
Kind regards ,
Stefanos Vasileiadis,
Alexandros Sampanis,
Ubitech Athens DST GROUP

Could this be a copy-paste error?

Suppose you're talking to multiple TPMs -- remote ones, probably. Then reentrance and thread-safety seem useful.

The use-case I've in mind is doing something like password validation using remote TPMs -- remote because they could be a software TPM running on fast general-purpose hardware on a system built like an HSM.

My building system and software details are listed below.

• Raspberry Pi 4 B
• 2023-05-03-raspios-bullseye-arm64.img.xz
• ibmtss2.1.1.tar.gz
• Built for SWTPM
• Built for both TPM 1.2 & 2.0

Build command:

# Set Env Var
export TPM_INTERFACE_TYPE=socsim
export TPM_COMMAND_PORT=2321
# Clear Previous Build
cd "${ibmtss_path}/utils/"
make -f makefiletpmc clean
cd "${ibmtss_path}/utils12/"
make -f makefiletpmc clean
# Build
cd "${ibmtss_path}/utils/"
make -f makefiletpmc
cd "${ibmtss_path}/utils12/"
make -f makefiletpmc

The following issue appears when using 2023-05-03-raspios-bullseye-arm64.img.xz, but not in Ubuntu 18.04.6 VM.

/usr/bin/ld: ../utils/cryptoutils.o:/opt/ibmtss2.1.1/utils/cryptoutils.c:118: multiple definition of `tssUtilsVerbose'; nvreadvalueauth.o:/opt/ibmtss2.1.1/utils12/nvreadvalueauth.c:56: first defined here
collect2: error: ld returned 1 exit status
make: *** [makefiletpmc:175: nvreadvalueauth] Error 1

Currently, trying to downgrade to version 1.6.0 which this problem doesn't exist according to my research colleague's test on the same platform. Hope this issue can help solving this issue.

Hello,

I am conducting an experiment based on "AttestProv.doc" from your other repository "acs".
I have read the EK certificate(sm2_ek_cert.pem) using "nvread" and generate an attestation public attestation key(sm2_ak.pub) on the client and sent them to the server.
I would like to know how to complete the "The server extracts the EK public key from the EK certificate" in section 3.2 "Server Challenge", and how to load the public attestation key using "loadexternal" correctly. I have tried many times, but all have failed.

Can you help me solve these problems , thank you！