TPM|TPM test guides TPMtestguides

Hardware Requirement

TPM hardware device support

Preparation Environment

BIOS turn on tpm

【TPM|TPM test guides】security -> TPM2 enabled

Check software and hardware support for TPM

hardware: dmesg | grep tpm
software: cat /proc/devices | grep tpm

localhost:~$ dmesg | grep tpm [1.173042] tpm_tis IFX0785:00: 2.0 TPM (device-id 0x1B, rev-id 22)

localhost:~$ cat /proc/devices | grep tpm 241 tpm

Service startup

sudo systemctl starttpm2-abrmd

localhost:~$ systemctl status tpm2-abrmd.service ● tpm2-abrmd.service - TPM2 Access Broker and Resource Management Daemon Loaded: loaded (/usr/lib/systemd/system/tpm2-abrmd.service; disabled; vendor preset: disabled) Active: active (running) since 五 2020-03-20 03:33:57 UTC; 2h 2min ago Main PID: 2973 (tpm2-abrmd) Tasks: 6 Memory: 1.7M CGroup: /system.slice/tpm2-abrmd.service └─2973 /usr/sbin/tpm2-abrmd

Testing Procedure

Set TPM related password

$ tpm2_takeownership -o ownerpass -e endorsepass -l lockpass

Create a Primary Object

Create a Primary Object in endorsement hierarchy, with objectpass as the object password, with RSA keys & SHA256 name hash algorithm, with object context saved in file po.ctx.

$ tpm2_createprimary -H e -K objectpass -g 0x000b -G 0x0001 -C po.ctx -P endorsepass

Create a RSA key under the previous primary key

Create a RSA key under the previous primary key, with subobjectpass as the object password, with SHA256 name hash algorithm, with public portion saved in key.pub and private portion saved in key.priv.