Testing
Differences between revisions 1 and 17 (spanning 16 versions)
|
Size: 6427
Comment:
|
Size: 7334
Comment:
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 1: | Line 1: |
| = vTPM testing = | <<Include(TPM/WikiHeader)>> |
| Line 3: | Line 3: |
| One can use a virtual TPM (vTPM) to run testing without affecting a physical device and risking to brick a system with an invalid manipulation of the TPM device. | ||<tablebgcolor="#f1f1ed" tablewidth="20%" tablestyle="margin: 0pt 0pt 1em 1em; clear: right; float: right; font-size: 0.9em;"style="padding: 0.5em;"><<TableOfContents>>|| |
| Line 5: | Line 5: |
| == Start the vTPM simulator == | = Start the vTPM simulator = One can use a virtual TPM (vTPM) to run testing without affecting a physical device and risking to brick a system with an invalid manipulation of the TPM2 device. |
| Line 13: | Line 14: |
| $ sudo snap install --dangerous tpm20softwaresimulator_*.snap | |
| Line 15: | Line 17: |
| Run '''prime/tpm_server''' or install the generator snap and run '''tpm20softwaresimulator''' from the snap. | Then run '''tpm20softwaresimulator''' from the snap. |
| Line 18: | Line 20: |
| $ ./tpm_server | $ tpm20softwaresimulator |
| Line 23: | Line 25: |
| == Start a resource manager using the simulator == | = Start a resource manager using the simulator = == Ubuntu 18.10 and later == |
| Line 26: | Line 29: |
| $ sudo /usr/sbin/tpm2-abrmd --allow-root --tcti=mssim --logger=stdout | $ sudo apt install tpm2-abrmd $ sudo tpm2-abrmd --allow-root --tcti=mssim --logger=stdout |
| Line 32: | Line 36: |
| == Run commands == | == Ubuntu 18.04 and earlier == |
| Line 35: | Line 39: |
| $ tpm2_pcrlist sha1: 0 : 0x0000000000000000000000000000000000000003 1 : 0x0000000000000000000000000000000000000000 2 : 0x0000000000000000000000000000000000000000 3 : 0x0000000000000000000000000000000000000000 4 : 0x0000000000000000000000000000000000000000 5 : 0x0000000000000000000000000000000000000000 6 : 0x0000000000000000000000000000000000000000 7 : 0x0000000000000000000000000000000000000000 8 : 0x0000000000000000000000000000000000000000 9 : 0x0000000000000000000000000000000000000000 10: 0x0000000000000000000000000000000000000000 11: 0x0000000000000000000000000000000000000000 12: 0x0000000000000000000000000000000000000000 13: 0x0000000000000000000000000000000000000000 14: 0x0000000000000000000000000000000000000000 15: 0x0000000000000000000000000000000000000000 16: 0x0000000000000000000000000000000000000000 17: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF 18: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF 19: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF 20: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF 21: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF 22: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF 23: 0x0000000000000000000000000000000000000000 |
$ sudo apt install tpm2-tools $ sudo resourcemgr -sim [...] }}} And you'll see {{{Client accepted}}} in the output for the tpm2 simulator, or some similar message. The resource manager itself will display various messages, including its own port for connection ('''2323''' by default). = Set up the client environment = There are some environment variables that it's useful to set to avoid repeating arguments to the tpm2-tools commands. These environment variables also differ by release and whether you are using the resource manager or not. == Ubuntu 19.04 and later with resource manager == {{{ $ export TPM2TOOLS_TCTI_NAME=socket $ export TPM2TOOLS_SOCKET_PORT=2325 }}} == Ubuntu 19.04 and later without resource manager == {{{ $ export TPM2TOOLS_TCTI_NAME=socket }}} == Ubuntu 18.10 and earlier with resource manager == {{{ $ export TPM2TOOLS_SOCKET_PORT=2325 }}} == Ubuntu 18.10 and earlier with no resource manager == No environment settings are needed. By default `tpm2-tools` will talk to the virtual tpm on the default socket. = Use the simulator without a resource manager = A resource manager is required for arbitrating access to the TPM from multiple clients. However, for single-thread usage, a resource manager is not required and it may be simpler to do testing without one. This requires manually initializing the TPM state rather than relying on the resource manager to do it. This step is not required when using a hardware tpm because the kernel's tpm driver implements its own resource manager. == Ubuntu 19.04 and later == {{{ $ tpm2_startup -c }}} == Ubuntu 18.10 and earlier == {{{ $ tpm2_startup --clear }}} = Running commands for testing = == 19.04 or later == {{{ $ tpm2_pcrlist -g sha256 |
| Line 86: | Line 118: |
| sha384: 0 : 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003 1 : 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 2 : 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 3 : 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 4 : 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 5 : 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 6 : 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 7 : 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 8 : 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 9 : 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 10: 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 11: 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 12: 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 13: 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 14: 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 15: 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 16: 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 17: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF 18: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF 19: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF 20: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF 21: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF 22: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF 23: 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 |
|
| Line 112: | Line 119: |
== Ubuntu 18.10 and earlier == {{{ $ tpm2_listpcrs -g 0xB Bank/Algorithm: TPM_ALG_SHA256(0x000b) PCR_00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 PCR_01: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 PCR_02: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 PCR_03: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 PCR_04: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 PCR_05: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 PCR_06: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 PCR_07: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 PCR_08: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 PCR_09: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 PCR_10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 PCR_11: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 PCR_12: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 PCR_13: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 PCR_14: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 PCR_15: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 PCR_16: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 PCR_17: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff PCR_18: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff PCR_19: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff PCR_20: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff PCR_21: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff PCR_22: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff PCR_23: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }}} |
Start the vTPM simulator
One can use a virtual TPM (vTPM) to run testing without affecting a physical device and risking to brick a system with an invalid manipulation of the TPM2 device.
Get the simulator from git:
$ sudo apt install git snapcraft $ git clone git@github.com:liuqun/tpm2-ibmswtpm.git $ snapcraft $ sudo snap install --dangerous tpm20softwaresimulator_*.snap
Then run tpm20softwaresimulator from the snap.
$ tpm20softwaresimulator TPM command server listening on port 2321 Platform server listening on port 2322
Start a resource manager using the simulator
Ubuntu 18.10 and later
$ sudo apt install tpm2-abrmd $ sudo tpm2-abrmd --allow-root --tcti=mssim --logger=stdout [...]
And you'll see Client accepted in the output for the tpm2 simulator, or some similar message.
Ubuntu 18.04 and earlier
$ sudo apt install tpm2-tools $ sudo resourcemgr -sim [...]
And you'll see Client accepted in the output for the tpm2 simulator, or some similar message. The resource manager itself will display various messages, including its own port for connection (2323 by default).
Set up the client environment
There are some environment variables that it's useful to set to avoid repeating arguments to the tpm2-tools commands. These environment variables also differ by release and whether you are using the resource manager or not.
Ubuntu 19.04 and later with resource manager
$ export TPM2TOOLS_TCTI_NAME=socket $ export TPM2TOOLS_SOCKET_PORT=2325
Ubuntu 19.04 and later without resource manager
$ export TPM2TOOLS_TCTI_NAME=socket
Ubuntu 18.10 and earlier with resource manager
$ export TPM2TOOLS_SOCKET_PORT=2325
Ubuntu 18.10 and earlier with no resource manager
No environment settings are needed. By default tpm2-tools will talk to the virtual tpm on the default socket.
Use the simulator without a resource manager
A resource manager is required for arbitrating access to the TPM from multiple clients. However, for single-thread usage, a resource manager is not required and it may be simpler to do testing without one. This requires manually initializing the TPM state rather than relying on the resource manager to do it.
This step is not required when using a hardware tpm because the kernel's tpm driver implements its own resource manager.
Ubuntu 19.04 and later
$ tpm2_startup -c
Ubuntu 18.10 and earlier
$ tpm2_startup --clear
Running commands for testing
19.04 or later
$ tpm2_pcrlist -g sha256 sha256: 0 : 0x0000000000000000000000000000000000000000000000000000000000000003 1 : 0x0000000000000000000000000000000000000000000000000000000000000000 2 : 0x0000000000000000000000000000000000000000000000000000000000000000 3 : 0x0000000000000000000000000000000000000000000000000000000000000000 4 : 0x0000000000000000000000000000000000000000000000000000000000000000 5 : 0x0000000000000000000000000000000000000000000000000000000000000000 6 : 0x0000000000000000000000000000000000000000000000000000000000000000 7 : 0x0000000000000000000000000000000000000000000000000000000000000000 8 : 0x0000000000000000000000000000000000000000000000000000000000000000 9 : 0x0000000000000000000000000000000000000000000000000000000000000000 10: 0x0000000000000000000000000000000000000000000000000000000000000000 11: 0x0000000000000000000000000000000000000000000000000000000000000000 12: 0x0000000000000000000000000000000000000000000000000000000000000000 13: 0x0000000000000000000000000000000000000000000000000000000000000000 14: 0x0000000000000000000000000000000000000000000000000000000000000000 15: 0x0000000000000000000000000000000000000000000000000000000000000000 16: 0x0000000000000000000000000000000000000000000000000000000000000000 17: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF 18: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF 19: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF 20: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF 21: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF 22: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF 23: 0x0000000000000000000000000000000000000000000000000000000000000000
Ubuntu 18.10 and earlier
$ tpm2_listpcrs -g 0xB Bank/Algorithm: TPM_ALG_SHA256(0x000b) PCR_00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 PCR_01: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 PCR_02: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 PCR_03: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 PCR_04: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 PCR_05: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 PCR_06: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 PCR_07: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 PCR_08: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 PCR_09: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 PCR_10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 PCR_11: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 PCR_12: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 PCR_13: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 PCR_14: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 PCR_15: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 PCR_16: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 PCR_17: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff PCR_18: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff PCR_19: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff PCR_20: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff PCR_21: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff PCR_22: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff PCR_23: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
TPM/Testing (last edited 2021-08-12 11:19:11 by krzk)