-
Notifications
You must be signed in to change notification settings - Fork 144
Using the Intel TSS with swtpm
Stefan Berger edited this page Mar 17, 2021
·
2 revisions
To use the Intel TSS for TPM 2 directly with swtpm over sockets, you need a recent tpm2-tss that support the swtpm tcti. You can then use the following commands:
Start swtpm in one terminal:
mkdir /tmp/myvtpm
swtpm socket --tpmstate dir=/tmp/myvtpm --tpm2 --ctrl type=tcp,port=2322 \
--server type=tcp,port=2321 --flags not-need-init
Do some operations with the TSS stack in another terminal:
export TPM2TOOLS_TCTI="swtpm:port=2321"
tpm2_startup -c
tpm2_pcrread sha1:10
sha1:
10: 0x0000000000000000000000000000000000000000
To reset swtpm run the following command:
swtpm_ioctl -i --tcp :2322
To use the Intel TSS for TPM 2 directly with swtpm over character interface, you can use the following commands. Your distro should have the tpm_vtpm_proxy module packaged.
Start swtpm in one terminal:
> mkdir /tmp/myvtpm
> sudo modprobe tpm_vtpm_proxy
> sudo swtpm chardev --vtpm-proxy --tpmstate dir=/tmp/myvtpm --tpm2 --ctrl type=tcp,port=2322
New TPM device: /dev/tpm2 (major/minor = 253/2)
Do some operations with the TSS stack in another terminal. Use the device as shown in the output above, in this case /dev/tpm2.
export TPM2TOOLS_TCTI="device:/dev/tpm2"
sudo chmod 666 /dev/tpm2
tpm2_startup -c
tpm2_pcrread sha1:10
sha1:
10: 0x0000000000000000000000000000000000000000
To reset swtpm run the following command:
swtpm_ioctl -i --tcp :2322
After the reset you must run tpm2_startup -c to be able to use swtpm again.