-
Notifications
You must be signed in to change notification settings - Fork 0
Setup Virtual TPM
The current wiki page describes how to setup the IBM's TPM 2.0 TSS virtual TPM together with the TPM2 Software Stack (TSS), and the TPM tools associated with it. Besides the required dependencies, the commands presented here, that configure and build repositories, were obtain from the installation guide present in the respective repository. In addition to this, service configurations are also offered.
The following guide was tested on a Raspberry Pi 3, running Raspbian OS, with kernel 5.10.17.
Because of a compilation for tpm-tools we opted for a specific release, not the latest master one. Below are mentioned the versions and branches of the used repositories:
- tpm2-tss : master branch with version 3.1.0
- tpm2-tools: release tag with version 4.3.2
- tpm2-abrmd: master branch with version 2.4.0
- ibmtss: version 1.6.0
The following commands, that configure and build the tpm2-tss library originate from here.
Install the dependencies:
sudo apt -y install autoconf-archive libcmocka0 libcmocka-dev procps iproute2 build-essential git pkg-config gcc libtool automake libssl-dev uthash-dev autoconf doxygen libjson-c-dev libini-config-dev libcurl4-openssl-dev
Clone the repository:
git clone https://github.com/tpm2-software/tpm2-tss.git
cd tpm2-tss.git
If a different configuration is wanted for the library, please consult the official installation guide for additional parameters than the default ones.
./bootstrap
./configure
Compile:
make -j4
sudo make install
Post install, as recommended in the install guide:
It may be necessary to run ldconfig (as root) to update the run-time bindings before executing a program that links against libsapi or a TCTI library:
sudo ldconfig
Dependencies:
sudo apt-get install autoconf automake libtool pkg-config gcc libssl-dev libcurl4-gnutls-dev python-yaml
Get the release used in this guide:
wget https://github.com/tpm2-software/tpm2-tools/releases/download/4.3.2/tpm2-tools-4.3.2.tar.gz
unarchive:
tar -cvzf tpm2-tools-4.3.2.tar.gz
or clone the master branch:
git clone https://github.com/tpm2-software/tpm2-tools.git
and cd to the working directory depending on your downloaded repository.
Similar to the previous step, configure and build the repository:
./bootstrap
./configure
make
sudo make install
After the installation is completer, in the directory ./tools you will find a series of programs allowing you to interact with the tpm from command line.
The original installation guide recommends that tpm2-abrmd should be run under user/group tss , or a unprivileged user/group. If tpm2_tss is already install, the tss user should already exist, if not, it must be created:
sudo useradd --system --user-group tss
After, the sources can be obtained via git and then compiled with make similarly with the previous projects.
git clone https://github.com/tpm2-software/tpm2-abrmd.git
cd tpm2-abrmd
Configure:
./bootstrap
./configure
For additional configuration parameters before compilation, the installation guide should be consulted here.
Build:
make
sudo make install
Post installation as mentioned in the guide:
It may be necessary to run ldconfig (as root) to update the run-time bindings before executing a program that links against the tabrmd library
sudo ldconfig
and
The dbus-daemon will also need to be instructed to read this configuration file (assuming it's installed in a location consulted by dbus-daemon) before the policy will be in effect. This is typically accomplished by sending the dbus-daemon the HUP signal like so:
sudo pkill -HUP dbus-daemon