I am pleased to announce the release of the tpm2-pytss (python bindings and utilities) version 1.0.0 RC 1 with the following CHANGELOG over RC0:
## [1.0.0-rc1] - 2022-01-10
- Misspellings in Code on things like RuntimeError.
- Fix documentation of ESAPI methods and exceptions.
- Double ESAPI.Close call resulting in "Esys_Finalize() Finalizing NULL context."
- type hint for verify_signature was an int, should be a str.
- Parent cdata memory being freed when no parent reference. This causes sub-field references to parent cdata to
- in util method unwrap, fix variable `encdupsens` does not exist, it is `decsens` instead.
- Renamed ESAPI.set_auth to ESAPI.tr_set_auth for consistenency.
- Use None over 0 for default auth_handle.
- Check for bad type enum type in ESAPI.load_blob.
- Support for deprecation of `TPM2_RH_PW` in tpm2-tss with proper TPM2_RS_PW attribute.
The release can be found here:
Sorry for the long delay on this RC period, we wanted to make sure we got as much bugs and broken things before the
1.0 release to help minimize breaking changes in the future.
I was wondering if someone has ideas about integrating the TPM with
Recently I started looking into supporting Secure Device Connection
Protocol (SDCP, ) in libfprint. The general idea is to verify that
the Fingerprint reader can be trusted, but I initially also imagined
that further use-cases like unsealing data in a TPM may be possible
(e.g. to retrieve disk encryption keys).
However, looking into it more, my current conclusion is that there is
little to no advantage to use the TPM. At least not unless one also has
a trusted (userspace) program which is capable of signing TPM
authorizations. One could easily offload the required parts into a
small helper, but that may require ensuring it runs in a trusted
Microsoft seems to run relevant parts as trustlets that are walled off
from the rest of the system. That seems sensible to me, but it also
means requiring all the infrastructure for execution and signing and I
doubt that is feasible currently.
Right now I'll probably go the way of not using the TPM at all. But I
am really not an expert for this. So should someone see scenarios where
a TPM is actually helpful in this context, then I would like to hear
PS: A quick summary of how SDCP works:
* Device has a private ECC key that signs the firmware and ephemeral
keys during boot (and is inaccessible afterwards)
* A certificate proofs that this key was provisioned in factory
* Device builds a shared secret with the host (s)
* Device sends id, HMAC_SHA256(s, "identify" || nonce || id)
when the finger "id" was presented.
* The HMAC proofs knowledge of the shared secret and authorizes the
I would like to know if it is possible to calculate name of AK generated by host on a remote server? I have read about remote attestation. To ensure the AK matches EK we have to make credential using name of the AK. To achieve this we have to either:
a) calculate name of the AK on server
b) receive name of the AK from host and believe it's a name for a proper AK
Am I missing something?
I have searched for explanation in docs posted on TCG's site, but I just can't find anything useful for nameAlg.
I would be thankful for any help or advice :D
Ubuntu focal with WSL, abrmd compiled from source
After about 5 minutes of sending commands, abrmd crashes. I originally
found it with keylime, but I can reproduce it with a simple bash loop on
abrmd exits, the tool output is:
** (process:21067): CRITICAL **: 17:25:10.862: failed to allocate dbus
proxy object: Could not connect: Connection refused
WARNING:tcti:src/tss2-tcti/tctildr.c:79:tcti_from_init() TCTI init for
function 0x7ff5f6dbbe10 failed with a0008
WARNING:tcti:src/tss2-tcti/tctildr.c:109:tcti_from_info() Could not
initialize TCTI named: tcti-abrmd
ERROR:tcti:src/tss2-tcti/tctildr-dl.c:154:tcti_from_file() Could not
initialize TCTI file: tabrmd
to instantiate TCTI
ERROR: Could not load tcti, got: "tabrmd:bus_name=com.intel.tss2.Tabrmd"
How would I debug?
I would expect that nothing that a single application does should crash
Ken Goldman kgoldman(a)us.ibm.com
I'm using tpm2-tools 5.0 in Debian 11 Bullseye based Raspberry Pi OS. I'm
trying to run tpm2_flushcontext but the command got stuck and it's not
showing anything. Is the data in TPM corrupted? How can I check?
$ sudo tpm2_flushcontext 0x80000000
< no output at all and stuck here >
(note: the handle 0x80000000 was obtained from previous command output when
I was running previous version tpm2-tools 3.1.3 on Debian 10 Buster based
$ sudo tpm2_createprimary -H o -g sha256 -G ecc -C context.out
CreatePrimary Succeed ! Handle: 0x80000000)
just to inform you that I just released 3.2.0, 3.1.1 and 3.0.5.
You can find them here:
Please note that 3.1.x and 3.0.x (and all previous ones) are EOL'd now.
Consider using 3.2.x for the future.
Also I'd like to know if people still need signed tar.gz files or if we could switch to a
git tag only release process.
Thanks a lot for all the contributions !
the use case is related to idevid onboarding identity, an immutable identity created by the platform manufacturer and stored as follows:
-key under the Endorsement Hierarchy
-certificate under the Platform Hierarchy
I managed to create the key under the EK hierarchy and store it in the NV, but how to store the certificate under the PH?
I have a idevid.der with a size=898.
If I do:
tpm2_nvdefine 0x01C90000 -C p -s 898 -a "ownerread|ownerwrite"
this is what i get:
WARNING:esys:src/tss2-esys/api/Esys_NV_DefineSpace.c:344:Esys_NV_DefineSpace_Finish() Received TPM Error
ERROR:esys:src/tss2-esys/api/Esys_NV_DefineSpace.c:122:Esys_NV_DefineSpace() Esys Finish ErrorCode (0x000009a2)
ERROR: Failed to define NV area at index 0x1C90000
ERROR: Esys_NV_DefineSpace(0x9A2) - tpm:session(1):authorization failure without DA implications
ERROR: Failed to create NV index 0x1c90000.
ERROR: Unable to run tpm2_nvdefine
I understood that the PH comes with an empty password and a policy that cannot be satisfied.
I read somewhere that I should:
-obtain a random number via tpm2_getrandom
-install the random number as platformAuth via tpm2_hierarchychangeauth authorized using "empty buffer" as platformAuth
...but how to do that and how to eventually store the cert in the NV?
I'm using tpm2 tss / tools on a linux box with a simulated TPM.
I know that all what I stated above could be wrong or inaccurate... but i'm moving my first steps with TPM and I hope you can help.
I am learning about the TSS and TPM techonologies.
I have provisioned the TPM with the default settings, which means I am now using the ECC profile (P_ECCP256SHA256).
However, encryption was a requirement I needed to fulfill. I just didn't know that ECC encryption is currently not supported and now I realize RSA would be a better fit for me.
So here is my question:
* I see there is another profile in /usr/local/etc/tpm2-tss/fapi-profiles, namely P_RSA2048SHA256.json. Is there a way I can encrypt using the RSA profile instead of the ECC one? I tried to re-run tss2_provision, after setting it in fapi-config.json, but it seems this is not the way to proceed. I get the message that the TPM has been already provisioned. What is the correct way of "changing" profile? Is it even possible or do I need to reset the TPM?
Thank you for your help.
I wanted to announce that I've just tagged versions 3.2.0-rc1 3.1.1-rc1 and 3.0.5-rc1 of the tpm2-tss project.
You can find the tags in git and here: https://github.com/tpm2-software/tpm2-tss/tags
For your convenience, here are the changelog-changes for this rc:
## [3.2.0-rc1] - 2022-02-14
- Fix buffer upcast leading to misalignment
- Fix check whether SM3 is available
- Update git.mk to support R/O src-dir
- Add additional IFX root CAs
Since we had only few feedback on -rc0 I want to release final in the next few days.