This is a user space TSS for TPM 2.0. It implements the functionality equivalent to (but not API compatible with) the TCG TSS working group's ESAPI, SAPI, and TCTI API's (and perhaps more) but with a hopefully simpler interface.
One thing that is really convenient about the tpm2-tools is that they generally can consume / produce saved contexts in places where normally one would expect other items like public areas and so on. This does mean that those utilities need to be able to execute more commands than their names imply, but this seems pretty normal. This use of saved contexts means that "loaded objects disappear" doesn't happen as much. Yes, "loaded objects disappear" could still happen when using a TPM directly while racing with other users of the same TPM because one has to keep flushing transient objects to make it all work, but racing like that should be rare.
Can you provide examples to use duplicate and rewrite, TCG's documentation is difficult to understand, or can you provide some website addresses where there are examples
While implementing a Trusted Computing protocol with the TPM(SW TPM ibmtpm1661) , we 've encountered an error upon creating a KEYEDHASH key(reserved bits shall be set to zero),when using your template found in the file ObjectTemplates.c .The issue was resolved by adding to the attributes of the public key template TPA_OBJECT_RESERVED.
Kind regards ,
Stefanos Vasileiadis,
Alexandros Sampanis,
Ubitech Athens DST GROUP
Suppose you're talking to multiple TPMs -- remote ones, probably. Then reentrance and thread-safety seem useful.
The use-case I've in mind is doing something like password validation using remote TPMs -- remote because they could be a software TPM running on fast general-purpose hardware on a system built like an HSM.
# Set Env Varexport TPM_INTERFACE_TYPE=socsim
export TPM_COMMAND_PORT=2321
# Clear Previous Buildcd"${ibmtss_path}/utils/"
make -f makefiletpmc clean
cd"${ibmtss_path}/utils12/"
make -f makefiletpmc clean
# Buildcd"${ibmtss_path}/utils/"
make -f makefiletpmc
cd"${ibmtss_path}/utils12/"
make -f makefiletpmc
The following issue appears when using 2023-05-03-raspios-bullseye-arm64.img.xz, but not in Ubuntu 18.04.6 VM.
/usr/bin/ld: ../utils/cryptoutils.o:/opt/ibmtss2.1.1/utils/cryptoutils.c:118: multiple definition of `tssUtilsVerbose'; nvreadvalueauth.o:/opt/ibmtss2.1.1/utils12/nvreadvalueauth.c:56: first defined herecollect2: error: ld returned 1 exit statusmake: *** [makefiletpmc:175: nvreadvalueauth] Error 1
Currently, trying to downgrade to version 1.6.0 which this problem doesn't exist according to my research colleague's test on the same platform. Hope this issue can help solving this issue.
I am conducting an experiment based on "AttestProv.doc" from your other repository "acs".
I have read the EK certificate(sm2_ek_cert.pem) using "nvread" and generate an attestation public attestation key(sm2_ak.pub) on the client and sent them to the server.
I would like to know how to complete the "The server extracts the EK public key from the EK certificate" in section 3.2 "Server Challenge", and how to load the public attestation key using "loadexternal" correctly. I have tried many times, but all have failed.