In this article, can see that communication with the TPM is vulnerable
to sniffing if not careful.
Is the disk encryption described in tpm2-software's blog safe against
tpm2_createprimary -Q -C o -c prim.ctx
dd if=/dev/urandom bs=1 count=32 status=none | tpm2_create -Q -g sha256
-u seal.pub -r seal.priv -i- -C prim.ctx
tpm2_load -Q -C prim.ctx -u seal.pub -r seal.priv -n seal.name -c
tpm2_evictcontrol -C o -c seal.ctx 0x81010001
My question is:
1. Is there a tool in linux that can sniff communication with the
current system's TPM?
2. How to encrypt communications if the methods described above are
It seems that encryption is possible through
tpm2_startauthsession , but I do not know how to apply it to tpm2_create
(The -S option simply did not work.)