-
Notifications
You must be signed in to change notification settings - Fork 144
Using the IBM TSS with swtpm
Stefan Berger edited this page Aug 8, 2022
·
12 revisions
To use the IBM TSS for TPM 2 directly with swtpm over sockets, you can use the following commands:
Start swtpm in one terminal:
mkdir /tmp/myvtpm
swtpm socket --tpmstate dir=/tmp/myvtpm --tpm2 --ctrl type=tcp,port=2322 \
--server type=tcp,port=2321 --flags not-need-init
Do some operations with the TSS stack in another terminal:
export TPM_COMMAND_PORT=2321 TPM_PLATFORM_PORT=2322 \
TPM_SERVER_NAME=localhost TPM_INTERFACE_TYPE=socsim \
TPM_SERVER_TYPE=raw
tssstartup
tsspcrread -ha 10
count 1 pcrUpdateCounter 21
digest length 32
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
To reset swtpm run the following command:
swtpm_ioctl -i --tcp :2322
To use the IBM TSS for TPM 2 directly with swtpm over character interface, you can use the following commands. Your distro should have the tpm_vtpm_proxy module packaged.
Start swtpm in one terminal:
> mkdir /tmp/myvtpm
> sudo modprobe tpm_vtpm_proxy
> sudo swtpm chardev --vtpm-proxy --tpmstate dir=/tmp/myvtpm --tpm2 --ctrl type=tcp,port=2322
New TPM device: /dev/tpm2 (major/minor = 253/2)
Do some operations with the TSS stack in another terminal. Use the device as shown in the output above, in this case /dev/tpm2.
export TPM_DEVICE=/dev/tpm2 TPM_INTERFACE_TYPE=dev
sudo chmod 666 /dev/tpm2
tsspcrread -ha 10
count 1 pcrUpdateCounter 21
digest length 32
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
To reset swtpm run the following command:
swtpm_ioctl -i --tcp :2322
After the reset you must run tssstartup to be able to use swtpm again.