Testing
8816
Comment: only list sha256 in pcrs (less spammy, and we should definitely never care about sha1)
|
7334
|
Deletions are marked like this. | Additions are marked like this. |
Line 47: | Line 47: |
= Set up the client environment = There are some environment variables that it's useful to set to avoid repeating arguments to the tpm2-tools commands. These environment variables also differ by release and whether you are using the resource manager or not. == Ubuntu 19.04 and later with resource manager == {{{ $ export TPM2TOOLS_TCTI_NAME=socket $ export TPM2TOOLS_SOCKET_PORT=2325 }}} == Ubuntu 19.04 and later without resource manager == {{{ $ export TPM2TOOLS_TCTI_NAME=socket }}} == Ubuntu 18.10 and earlier with resource manager == {{{ $ export TPM2TOOLS_SOCKET_PORT=2325 }}} == Ubuntu 18.10 and earlier with no resource manager == No environment settings are needed. By default `tpm2-tools` will talk to the virtual tpm on the default socket. |
|
Line 56: | Line 78: |
$ TPM2TOOLS_TCTI_NAME=socket tpm2_startup -c | $ tpm2_startup -c |
Line 69: | Line 91: |
If you're using the simulator with a resource manager (abrmd) |
|
Line 72: | Line 92: |
$ TPM2TOOLS_TCTI_NAME=socket TPM2TOOLS_TCTI_SOCKET_PORT=2325 tpm2_pcrlist -g sha256 | $ tpm2_pcrlist -g sha256 |
Line 100: | Line 120: |
Without the resource manager, pointing to the simulator directly: |
== Ubuntu 18.10 and earlier == |
Line 104: | Line 123: |
$ TPM2TOOLS_TCTI_NAME=socket tpm2_pcrlist -g sha256 sha256: 0 : 0x0000000000000000000000000000000000000000000000000000000000000003 1 : 0x0000000000000000000000000000000000000000000000000000000000000000 2 : 0x0000000000000000000000000000000000000000000000000000000000000000 3 : 0x0000000000000000000000000000000000000000000000000000000000000000 4 : 0x0000000000000000000000000000000000000000000000000000000000000000 5 : 0x0000000000000000000000000000000000000000000000000000000000000000 6 : 0x0000000000000000000000000000000000000000000000000000000000000000 7 : 0x0000000000000000000000000000000000000000000000000000000000000000 8 : 0x0000000000000000000000000000000000000000000000000000000000000000 9 : 0x0000000000000000000000000000000000000000000000000000000000000000 10: 0x0000000000000000000000000000000000000000000000000000000000000000 11: 0x0000000000000000000000000000000000000000000000000000000000000000 12: 0x0000000000000000000000000000000000000000000000000000000000000000 13: 0x0000000000000000000000000000000000000000000000000000000000000000 14: 0x0000000000000000000000000000000000000000000000000000000000000000 15: 0x0000000000000000000000000000000000000000000000000000000000000000 16: 0x0000000000000000000000000000000000000000000000000000000000000000 17: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF 18: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF 19: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF 20: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF 21: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF 22: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF 23: 0x0000000000000000000000000000000000000000000000000000000000000000 }}} == Ubuntu 18.10 and earlier == Point to the simulator or resource manager connected to the simulator by using the listening port they use ('''2321''' for the simulator, '''2325''' for resourcemgr) {{{ $ tpm2_listpcrs --socket-port=2321 -g 0xB |
$ tpm2_listpcrs -g 0xB |
Line 164: | Line 150: |
$ |
Start the vTPM simulator
One can use a virtual TPM (vTPM) to run testing without affecting a physical device and risking to brick a system with an invalid manipulation of the TPM2 device.
Get the simulator from git:
$ sudo apt install git snapcraft $ git clone git@github.com:liuqun/tpm2-ibmswtpm.git $ snapcraft $ sudo snap install --dangerous tpm20softwaresimulator_*.snap
Then run tpm20softwaresimulator from the snap.
$ tpm20softwaresimulator TPM command server listening on port 2321 Platform server listening on port 2322
Start a resource manager using the simulator
Ubuntu 18.10 and later
$ sudo apt install tpm2-abrmd $ sudo tpm2-abrmd --allow-root --tcti=mssim --logger=stdout [...]
And you'll see Client accepted in the output for the tpm2 simulator, or some similar message.
Ubuntu 18.04 and earlier
$ sudo apt install tpm2-tools $ sudo resourcemgr -sim [...]
And you'll see Client accepted in the output for the tpm2 simulator, or some similar message. The resource manager itself will display various messages, including its own port for connection (2323 by default).
Set up the client environment
There are some environment variables that it's useful to set to avoid repeating arguments to the tpm2-tools commands. These environment variables also differ by release and whether you are using the resource manager or not.
Ubuntu 19.04 and later with resource manager
$ export TPM2TOOLS_TCTI_NAME=socket $ export TPM2TOOLS_SOCKET_PORT=2325
Ubuntu 19.04 and later without resource manager
$ export TPM2TOOLS_TCTI_NAME=socket
Ubuntu 18.10 and earlier with resource manager
$ export TPM2TOOLS_SOCKET_PORT=2325
Ubuntu 18.10 and earlier with no resource manager
No environment settings are needed. By default tpm2-tools will talk to the virtual tpm on the default socket.
Use the simulator without a resource manager
A resource manager is required for arbitrating access to the TPM from multiple clients. However, for single-thread usage, a resource manager is not required and it may be simpler to do testing without one. This requires manually initializing the TPM state rather than relying on the resource manager to do it.
This step is not required when using a hardware tpm because the kernel's tpm driver implements its own resource manager.
Ubuntu 19.04 and later
$ tpm2_startup -c
Ubuntu 18.10 and earlier
$ tpm2_startup --clear
Running commands for testing
19.04 or later
$ tpm2_pcrlist -g sha256 sha256: 0 : 0x0000000000000000000000000000000000000000000000000000000000000003 1 : 0x0000000000000000000000000000000000000000000000000000000000000000 2 : 0x0000000000000000000000000000000000000000000000000000000000000000 3 : 0x0000000000000000000000000000000000000000000000000000000000000000 4 : 0x0000000000000000000000000000000000000000000000000000000000000000 5 : 0x0000000000000000000000000000000000000000000000000000000000000000 6 : 0x0000000000000000000000000000000000000000000000000000000000000000 7 : 0x0000000000000000000000000000000000000000000000000000000000000000 8 : 0x0000000000000000000000000000000000000000000000000000000000000000 9 : 0x0000000000000000000000000000000000000000000000000000000000000000 10: 0x0000000000000000000000000000000000000000000000000000000000000000 11: 0x0000000000000000000000000000000000000000000000000000000000000000 12: 0x0000000000000000000000000000000000000000000000000000000000000000 13: 0x0000000000000000000000000000000000000000000000000000000000000000 14: 0x0000000000000000000000000000000000000000000000000000000000000000 15: 0x0000000000000000000000000000000000000000000000000000000000000000 16: 0x0000000000000000000000000000000000000000000000000000000000000000 17: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF 18: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF 19: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF 20: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF 21: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF 22: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF 23: 0x0000000000000000000000000000000000000000000000000000000000000000
Ubuntu 18.10 and earlier
$ tpm2_listpcrs -g 0xB Bank/Algorithm: TPM_ALG_SHA256(0x000b) PCR_00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 PCR_01: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 PCR_02: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 PCR_03: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 PCR_04: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 PCR_05: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 PCR_06: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 PCR_07: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 PCR_08: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 PCR_09: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 PCR_10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 PCR_11: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 PCR_12: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 PCR_13: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 PCR_14: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 PCR_15: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 PCR_16: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 PCR_17: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff PCR_18: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff PCR_19: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff PCR_20: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff PCR_21: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff PCR_22: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff PCR_23: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
TPM/Testing (last edited 2021-08-12 11:19:11 by krzk)