-
Notifications
You must be signed in to change notification settings - Fork 96
Home
Welcome to the libtpms wiki!
Libtpms provides TPM emulation for TPM 1.2 and TPM 2.0 without tying it to a specific storage backend or an interface for receiving TPM commands. One user of libtpms is swtpm.
One of the challenges of the TPM 2 support is the support of the state file and its format. The TPM 2 state file must be readable by libtpms of the same or a more recent version. In other words, the state must be usable after upgrades of the TPM 2 code. Since this is a non-trivial thing, libtpms will only support those TPM 2 configurations, which ultimately are reflected in the state libtpms writes out, maintained as part of this project. Backporting of patches that influence the state format (enablement of algorithms, enablement of commands) is therefore also not supported. This is also implies that you should not use libtpms's TPM 2 support and have it create the NVChip file from the original TPM 2 code. The NVChip file's format may change and compatibility of that state file will not be looked at at all (see the TPMLIB_RegisterCallbacks man page).
For announcements of libtpms releases and security issues, please subscribe to the libtpms-announce mailing list here.
Bug fixes are always welcome but talk to me before trying to contribute something major. This library is limited in scope in so far as it will only provide TPM 1.2 and TPM 2.0 functionality and therefore will primarily follow the developments of the TPM 2.0 code these days.
If you found a bug and you don't want to open an issue on github, please drop me an email (stefanb at linux.ibm.com)
Every patch must have a Signed-off-by
.
If you have found a vulnerability in libtpms, you may send me an email to stefanb at linux.ibm.com. We can then negotiate PGP encryption keys and the further steps on how to fix and go about reporting the vulnerability.
# Install dependencies
sudo dnf builddep dist/libtpms.spec
./autogen.sh --with-openssl --prefix=/usr --with-tpm2
make -j4
make check
sudo make install
CFLAGS="-m32" ./autogen.sh --with-openssl --prefix=/usr --with-tpm2 --libdir=/lib
make clean
make -j4
make check
sudo make install
./autogen.sh --with-openssl --prefix=/usr --with-tpm2
make -j4
make check
make install
./autogen.sh --with-openssl --prefix=/usr --with-tpm2
gmake -j 4
gmake check
sudo gmake install
LDFLAGS="-L/usr/local/opt/openssl/lib" CFLAGS="-I/usr/local/opt/openssl/include" CC=gcc ./autogen.sh --with-openssl --prefix=/Users/adminuser/ --with-tpm2
make -j4
make check
sudo make install
sudo apt-get -y install automake autoconf libtool gcc build-essential libssl-dev dh-exec pkg-config dh-autoreconf
./autogen.sh --with-openssl
make dist
dpkg-buildpackage -us -uc -j4
# Install the library and development packages
cd ..
sudo dpkg -i libtpms_0.x.y-z..._amd64.deb libtpms-dev_0.x.y-z..._amd64.deb
sudo apt-get -y install automake autoconf libtool gcc build-essential libssl-dev dh-exec pkg-config gawk
./autogen.sh --with-openssl
sudo make dist
mv debian/source debian/source.old
dpkg-buildpackage -us -uc -j4
cd ..
sudo dpkg -i libtpms0_0*_amd64.deb libtpms-dev_0*_amd64.deb
sudo zypper install -y automake autoconf libtool gcc gcc-c++ make openssl-devel pkg-config
./autogen.sh --prefix=/usr --libdir=/usr/lib64 --with-openssl --with-tpm2
make -j4
make -j4 check
sudo make install
sudo apk add openssl-dev automake autoconf build-base libtool make
./autogen.sh --prefix=/usr --libdir=/usr/lib --with-tpm2 --with-openssl
make -j4
make -j4 check
sudo make install