Skip to main content

collection of tools for playing with TPM v2 modules natively e.g. through SPI

Project description

tpm2-native

This is a collection of tools for playing with TPM v2 modules natively e.g. through SPI. The main purpose is to learn how TPM v2 works by interacting with a TPM.

I do all my testing on a Raspberry Pi 4 with an Infineon OPTIGA TPM SLM 9670 Iridium TPM2.0 Evaluation Board. All the examples below are also from this platform.

Install

Simply install with pip install tpm2-native. This will install all utilities that can be called natively. All utilities have names starting with tpm2_, utilities are simply the command names e.g. tpm2_Startup.

Supported Commands

The section names are the same as in Trusted Platform Module Library Part 3: Commands Family 2.0 Level 00 Revision 01.38.

Start-up

All commands in this section in the spec. are implemented.

  • Startup
  • Shutdown

Testing

All commands in this section in the spec. are implemented.

  • SelfTest
  • IncrementalSelfTest
  • GetTestResult

Random Number Generator

All commands in this section in the spec. are implemented.

  • GetRandom
  • StirRandom

References

Examples

Startup:

$ tpm2_Startup clear
                tag: 0x8001 [TPM_ST_NO_SESSIONS]
        requestSize: 0xc [12]
        commandCode: 0x144 [TPM_CC_Startup]
req: 80 01 00 00 00 0c 00 00 01 44 00 00
res: 80 01 00 00 00 0a 00 00 00 00
                tag: 0x8001 [TPM_ST_NO_SESSIONS]
       responseSize: 0xa [10]
       responseCode: 0x0 [TPM_RC_SUCCESS]

Shutdown:

 $ tpm2_Shutdown clear
                tag: 0x8001 [TPM_ST_NO_SESSIONS]
        requestSize: 0xc [12]
        commandCode: 0x145 [TPM_CC_Shutdown]
req: 80 01 00 00 00 0c 00 00 01 45 00 00
res: 80 01 00 00 00 0a 00 00 00 00
                tag: 0x8001 [TPM_ST_NO_SESSIONS]
       responseSize: 0xa [10]
       responseCode: 0x0 [TPM_RC_SUCCESS]

IncrementalSelfTest:

 $ tpm2_IncrementalSelfTest no_sessions AES
                tag: 0x8001 [TPM_ST_NO_SESSIONS]
        requestSize: 0x10 [16]
        commandCode: 0x142 [TPM_CC_IncrementalSelfTest]
req: 80 01 00 00 00 10 00 00 01 42 00 00 00 01 00 06
res: 80 01 00 00 00 22 00 00 00 00 00 00 00 0a 00 01 00 14 00 15 00 16 00 18 00 19 00 1a 00 20 00 22 00 23
                tag: 0x8001 [TPM_ST_NO_SESSIONS]
       responseSize: 0x22 [34]
       responseCode: 0x0 [TPM_RC_SUCCESS]
           toDoList:
                     TPM_ALG_RSA
                     TPM_ALG_RSASSA
                     TPM_ALG_RSAES
                     TPM_ALG_RSAPSS
                     TPM_ALG_ECDSA
                     TPM_ALG_ECDH
                     TPM_ALG_ECDAA
                     TPM_ALG_KDF1_SP800_56A
                     TPM_ALG_KDF1_SP800_108
                     TPM_ALG_ECC

Note: toDoList is not the algorithms to be tested. The algorithms sent are to be tested. toDoList is the algorithms that has not been tested yet. For example, if I run above with RSA, then toDoList will not contain RSA.

SelfTest:

$ tpm2_SelfTest no_sessions yes
                tag: 0x8001 [TPM_ST_NO_SESSIONS]
        requestSize: 0xb [11]
        commandCode: 0x143 [TPM_CC_SelfTest]
req: 80 01 00 00 00 0b 00 00 01 43 01
res: 80 01 00 00 00 0a 00 00 00 00
                tag: 0x8001 [TPM_ST_NO_SESSIONS]
       responseSize: 0xa [10]
       responseCode: 0x0 [TPM_RC_SUCCESS]

GetTestResult:

$ tpm2_GetTestResult
                tag: 0x8001 [TPM_ST_NO_SESSIONS]
        requestSize: 0xa [10]
        commandCode: 0x17c [TPM_CC_GetTestResult]
req: 80 01 00 00 00 0a 00 00 01 7c
res: 80 01 00 00 00 1a 00 00 00 00 00 0a 00 06 01 0b 00 00 00 00 0e b8 00 00 01 53
                tag: 0x8001 [TPM_ST_NO_SESSIONS]
       responseSize: 0x1a [26]
       responseCode: 0x0 [TPM_RC_SUCCESS]
        outDataSize: 0xa [10]
            outData: 00 06 01 0b 00 00 00 00 0e b8
         testResult: 0x0 [TPM_RC_SUCCESS]

GetRandom:

$ tpm2_GetRandom 16
                tag: 0x8001 [TPM_ST_NO_SESSIONS]
        requestSize: 0xc [12]
        commandCode: 0x17b [TPM_CC_GetRandom]
req: 80 01 00 00 00 0c 00 00 01 7b 00 10
res: 80 01 00 00 00 1c 00 00 00 00 00 10 7d 17 16 5a e5 16 1a c4 9a 56 f6 5c 9f 4d bd be
                tag: 0x8001 [TPM_ST_NO_SESSIONS]
       responseSize: 0x1c [28]
       responseCode: 0x0 [TPM_RC_SUCCESS]
    randomBytesSize: 0x10 [16]
        randomBytes: 7d 17 16 5a e5 16 1a c4 9a 56 f6 5c 9f 4d bd be

StirRandom:

$ dd if=/dev/random of=indata count=128 bs=1
$ tpm2_StirRandom no_sessions indata
        len(inData): 0x80 [128]
                tag: 0x8001 [TPM_ST_NO_SESSIONS]
        requestSize: 0x8c [140]
        commandCode: 0x146 [TPM_CC_StirRandom]
req: 80 01 00 00 00 8c 00 00 01 46 00 80 3b a9 73 cb c5 ac bc 89 ac 2a 5c b2 c1 b5 cd 32 c7 1e d1 de 12 ea f5 54 ea 43 b4 82 6f 19 ba 99 65 07 c6 20 c4 2e 30 cc d7 d3 0d 02 63 e3 56 77 73 0d b9 f2 c2 5b 9c 0e 46 77 18 d7 c8 d8 4f 27 a4 5e 2b 64 31 b0 b7 62 d2 26 6d db 97 8b 50 27 36 0f 79 8d 4f 95 04 c5 00 65 af 35 ab 40 2d c6 36 c7 04 94 1b fd 92 48 dc d3 9e 19 fa 31 48 ea 21 da 08 73 0d c6 82 77 b9 32 27 2e 35 7a 2a 07
res: 80 01 00 00 00 0a 00 00 00 00
                tag: 0x8001 [TPM_ST_NO_SESSIONS]
       responseSize: 0xa [10]
       responseCode: 0x0 [TPM_RC_SUCCESS]

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

tpm2-native-3.tar.gz (6.6 kB view details)

Uploaded Source

File details

Details for the file tpm2-native-3.tar.gz.

File metadata

  • Download URL: tpm2-native-3.tar.gz
  • Upload date:
  • Size: 6.6 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.1.1 pkginfo/1.5.0.1 requests/2.23.0 setuptools/45.2.0 requests-toolbelt/0.9.1 tqdm/4.43.0 CPython/3.7.3

File hashes

Hashes for tpm2-native-3.tar.gz
Algorithm Hash digest
SHA256 ed93ad217d055cb4c2e069398a9949b8cfa739aaa2c6dc511f2e5b482498d685
MD5 7107dfee7dee120efcf34f83d4db8a3c
BLAKE2b-256 d756f400ddb2900a68ba9f66e7d316aafb93da3f0c467337c5a1769dcf00cc30

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page