Testing

Differences between revisions 15 and 17 (spanning 2 versions)
Revision 15 as of 2019-02-20 09:17:58
Size: 8816
Editor: vorlon
Comment: only list sha256 in pcrs (less spammy, and we should definitely never care about sha1)
Revision 17 as of 2019-02-20 09:38:41
Size: 7334
Editor: vorlon
Comment:
Deletions are marked like this. Additions are marked like this.
Line 47: Line 47:
= Set up the client environment =
There are some environment variables that it's useful to set to avoid repeating arguments to the tpm2-tools commands. These environment variables also differ by release and whether you are using the resource manager or not.

== Ubuntu 19.04 and later with resource manager ==
{{{
$ export TPM2TOOLS_TCTI_NAME=socket
$ export TPM2TOOLS_SOCKET_PORT=2325
}}}

== Ubuntu 19.04 and later without resource manager ==
{{{
$ export TPM2TOOLS_TCTI_NAME=socket
}}}

== Ubuntu 18.10 and earlier with resource manager ==
{{{
$ export TPM2TOOLS_SOCKET_PORT=2325
}}}

== Ubuntu 18.10 and earlier with no resource manager ==
No environment settings are needed. By default `tpm2-tools` will talk to the virtual tpm on the default socket.
Line 56: Line 78:
$ TPM2TOOLS_TCTI_NAME=socket tpm2_startup -c $ tpm2_startup -c
Line 69: Line 91:
If you're using the simulator with a resource manager (abrmd)
Line 72: Line 92:
$ TPM2TOOLS_TCTI_NAME=socket TPM2TOOLS_TCTI_SOCKET_PORT=2325 tpm2_pcrlist -g sha256 $ tpm2_pcrlist -g sha256
Line 100: Line 120:

Without the resource manager, pointing to the simulator directly:		 == Ubuntu 18.10 and earlier ==
Line 104: Line 123:
$ TPM2TOOLS_TCTI_NAME=socket tpm2_pcrlist -g sha256
sha256:
  0 : 0x0000000000000000000000000000000000000000000000000000000000000003
  1 : 0x0000000000000000000000000000000000000000000000000000000000000000
  2 : 0x0000000000000000000000000000000000000000000000000000000000000000
  3 : 0x0000000000000000000000000000000000000000000000000000000000000000
  4 : 0x0000000000000000000000000000000000000000000000000000000000000000
  5 : 0x0000000000000000000000000000000000000000000000000000000000000000
  6 : 0x0000000000000000000000000000000000000000000000000000000000000000
  7 : 0x0000000000000000000000000000000000000000000000000000000000000000
  8 : 0x0000000000000000000000000000000000000000000000000000000000000000
  9 : 0x0000000000000000000000000000000000000000000000000000000000000000
  10: 0x0000000000000000000000000000000000000000000000000000000000000000
  11: 0x0000000000000000000000000000000000000000000000000000000000000000
  12: 0x0000000000000000000000000000000000000000000000000000000000000000
  13: 0x0000000000000000000000000000000000000000000000000000000000000000
  14: 0x0000000000000000000000000000000000000000000000000000000000000000
  15: 0x0000000000000000000000000000000000000000000000000000000000000000
  16: 0x0000000000000000000000000000000000000000000000000000000000000000
  17: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
  18: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
  19: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
  20: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
  21: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
  22: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
  23: 0x0000000000000000000000000000000000000000000000000000000000000000
}}}


== Ubuntu 18.10 and earlier ==

Point to the simulator or resource manager connected to the simulator by using the listening port they use ('''2321''' for the simulator, '''2325''' for resourcemgr)
{{{
$ tpm2_listpcrs --socket-port=2321 -g 0xB		 $ tpm2_listpcrs -g 0xB
Line 164: Line 150:
$

Start the vTPM simulator

One can use a virtual TPM (vTPM) to run testing without affecting a physical device and risking to brick a system with an invalid manipulation of the TPM2 device.

Get the simulator from git: 

$ sudo apt install git snapcraft
$ git clone git@github.com:liuqun/tpm2-ibmswtpm.git
$ snapcraft
$ sudo snap install --dangerous tpm20softwaresimulator_*.snap

Then run tpm20softwaresimulator from the snap. 

$ tpm20softwaresimulator
TPM command server listening on port 2321
Platform server listening on port 2322

Start a resource manager using the simulator

Ubuntu 18.10 and later

$ sudo apt install tpm2-abrmd
$ sudo tpm2-abrmd --allow-root --tcti=mssim --logger=stdout
[...]

And you'll see Client accepted in the output for the tpm2 simulator, or some similar message.

Ubuntu 18.04 and earlier

$ sudo apt install tpm2-tools
$ sudo resourcemgr -sim
[...]

And you'll see Client accepted in the output for the tpm2 simulator, or some similar message. The resource manager itself will display various messages, including its own port for connection (2323 by default).

Set up the client environment

There are some environment variables that it's useful to set to avoid repeating arguments to the tpm2-tools commands. These environment variables also differ by release and whether you are using the resource manager or not.

Ubuntu 19.04 and later with resource manager

$ export TPM2TOOLS_TCTI_NAME=socket
$ export TPM2TOOLS_SOCKET_PORT=2325

Ubuntu 19.04 and later without resource manager

$ export TPM2TOOLS_TCTI_NAME=socket

Ubuntu 18.10 and earlier with resource manager

$ export TPM2TOOLS_SOCKET_PORT=2325

Ubuntu 18.10 and earlier with no resource manager

No environment settings are needed. By default tpm2-tools will talk to the virtual tpm on the default socket.

Use the simulator without a resource manager

A resource manager is required for arbitrating access to the TPM from multiple clients. However, for single-thread usage, a resource manager is not required and it may be simpler to do testing without one. This requires manually initializing the TPM state rather than relying on the resource manager to do it.

This step is not required when using a hardware tpm because the kernel's tpm driver implements its own resource manager.

Ubuntu 19.04 and later

$ tpm2_startup -c

Ubuntu 18.10 and earlier

$ tpm2_startup --clear

Running commands for testing

19.04 or later

$ tpm2_pcrlist -g sha256
sha256:
  0 : 0x0000000000000000000000000000000000000000000000000000000000000003
  1 : 0x0000000000000000000000000000000000000000000000000000000000000000
  2 : 0x0000000000000000000000000000000000000000000000000000000000000000
  3 : 0x0000000000000000000000000000000000000000000000000000000000000000
  4 : 0x0000000000000000000000000000000000000000000000000000000000000000
  5 : 0x0000000000000000000000000000000000000000000000000000000000000000
  6 : 0x0000000000000000000000000000000000000000000000000000000000000000
  7 : 0x0000000000000000000000000000000000000000000000000000000000000000
  8 : 0x0000000000000000000000000000000000000000000000000000000000000000
  9 : 0x0000000000000000000000000000000000000000000000000000000000000000
  10: 0x0000000000000000000000000000000000000000000000000000000000000000
  11: 0x0000000000000000000000000000000000000000000000000000000000000000
  12: 0x0000000000000000000000000000000000000000000000000000000000000000
  13: 0x0000000000000000000000000000000000000000000000000000000000000000
  14: 0x0000000000000000000000000000000000000000000000000000000000000000
  15: 0x0000000000000000000000000000000000000000000000000000000000000000
  16: 0x0000000000000000000000000000000000000000000000000000000000000000
  17: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
  18: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
  19: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
  20: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
  21: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
  22: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
  23: 0x0000000000000000000000000000000000000000000000000000000000000000

Ubuntu 18.10 and earlier

$ tpm2_listpcrs -g 0xB

Bank/Algorithm: TPM_ALG_SHA256(0x000b)
PCR_00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03
PCR_01: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR_02: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR_03: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR_04: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR_05: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR_06: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR_07: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR_08: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR_09: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR_10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR_11: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR_12: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR_13: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR_14: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR_15: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR_16: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR_17: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
PCR_18: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
PCR_19: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
PCR_20: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
PCR_21: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
PCR_22: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
PCR_23: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

TPM/Testing (last edited 2021-08-12 11:19:11 by krzk)