GitHub - kgoldman/ibmtss: This is a user space TSS for TPM 2.0. It implements the functionality equivalent to (but not API compatible with) the TCG TSS working group's ESAPI, SAPI, and TCTI API's (and perhaps more) but with a hopefully simpler interface.

kgoldman / ibmtss Public

Notifications You must be signed in to change notification settings
Fork 13
Star 26

This is a user space TSS for TPM 2.0. It implements the functionality equivalent to (but not API compatible with) the TCG TSS working group's ESAPI, SAPI, and TCTI API's (and perhaps more) but with a hopefully simpler interface.

View license

26 stars 13 forks Branches Tags Activity

Star

Notifications

Branches Tags

Name		Name	Last commit message	Last commit date
Latest commit History 751 Commits
.github/workflows		.github/workflows
ci		ci
demo		demo
m4		m4
tpmutils		tpmutils
utils		utils
utils12		utils12
.gitignore		.gitignore
.travis.yml		.travis.yml
AUTHORS		AUTHORS
COPYING		COPYING
ChangeLog		ChangeLog
INSTALL		INSTALL
LICENSE		LICENSE
Makefile.am		Makefile.am
NEWS		NEWS
README		README
autogen.sh		autogen.sh
build.sh		build.sh
configure.ac		configure.ac
ibmtss.docx		ibmtss.docx
ibmtss.html		ibmtss.html
tss2.spec		tss2.spec

Repository files navigation

Linux Specific build notes
--------------------------
Written by Ken Goldman
IBM Thomas J. Watson Research Center


Prior to the autotools support, most users began by untarring the
tarball or cloning the git repo, and then executing 'make' or 'make -f
<makefile>' in the utils and utils12 directories.  For autotools and the
existing makefiles to co-exist, the existing "makefile" was renamed to
"makefiletpmc".

$ cd utils
$ make -f makefiletpmc
$ cd utils12
$ make -f makefiletpmc

This builds a TSS
- with TPM 2.0 and TPM 1.2 support,
- connecting to a TPM 2.0 SW TPM,
- with TSS state files in cwd,
- with tracing support,
- and with elliptic curve support.

Refer to the "Advanced options", below, for additional compiler options.


Autotools - Linux
---------

On Linux (and probably other Unix systems), open source projects expect that
the normal shell command 'autoreconf -i && ./configure && make && make install'
should configure and build the package.

If --prefix is omitted, the default /usr/local is used.  

The LD_LIBRARY_PATH environment variable must be set to the path
(either the default or a user specified path).  E.g.,

export LD_LIBRARY_PATH=/usr/local/lib

Example 1: To configure the TSS library to use the software TPM, build and
install the package in ${HOME}/local/bin and ${HOME}/local/lib directories
execute the following shell commands:

$ autoreconf -i
$ ./configure --prefix=${HOME}/local --disable-hwtpm
$ make clean
$ make
$ make install

An initial set of the most common TSS "./configure" options are defined
to enable/disable different features.

--disable-tpm-2.0         - include only TPM 1.2 support
--disable-tpm-1.2         - include only TPM 2.0 support
--disable-hwtpm           - don't use the hardware TPM, use a software one instead
--disable-rmtpm        	  - when using a hardware TPM, don't use the resource manager
--enable-noprint          - build a TSS library without tracing or prints
--enable-nofile           - build a TSS library that does not use files to preserve state
			    (dependency on --disable-tpm-1.2)
		            The utilities (not the TSS library) require file support.
--enable-nocrypto      	  - build a TSS library that does not require a crypto library
			    (dependency on "--enable-nofile")
--enable-noecc            - build a TSS library that does not require OpenSSL elliptic curve support
--enable-debug            - build a TSS library used for debugging.
--enable-nodeprecatedalgs - build a TSS library without SHA-1 support

Example 2: To configure the TSS library to use the hardware TPM, build and
install the package in the default /usr/local directories requires root
privileges.  Executing the following shell commands will make and install the
package in the default directories.

$ autoreconf -i
$ ./configure
$ make clean
$ make
$ sudo make install

Other TSS features can be modified by specifying them directly as CFLAGS
"./configure" options.

CFLAGS='<options>'
options:
-O0					- change compiler optimization (default: 02)
-DTPM_DEVICE_DEFAULT="\"/dev/tpmrm0\""	- change hardware TPM (default: /dev/tpm0)
-DTPM_DATA_DIR_DEFAULT="\"<pathname>\""	- specify directory for TSS state files
-DTPM_TRACE_LEVEL_DEFAULT="\"<level>\""	- change level of tracing (default: 0)
	0 - no tracing
	1 - trace errors
	2 - trace errors and execution flow

Example 3: To install the package in ${HOME}/local/bin and ${HOME}/local/lib
directories, compile for the gdb debugger, and connect by default to a socket
simulator TPM at command port 3333, execute the following shell commands:

$ autoreconf -i
$ ./configure --prefix=${HOME}/local --enable-debug --disable-hwtpm \
CFLAGS='-DTPM_INTERFACE_TYPE_DEFAULT="\"socsim\"" -DTPM_COMMAND_PORT_DEFAULT="\"3333\""'
$ make clean
$ make
$ make install

The TPM utility binaries are stored in utils/.lib and utils12/.lib directories
of the source directory.[1]  To debug using these binaries in the source tree,
use either the binary stored in .lib or the libtool command.

$ libtool --mode=execute gdb <.lib/utility>

[1] For an explanation, refer to the GNU documentation
https://www.gnu.org/software/libtool/manual/libtool.html#Debugging-executables.

Mac Build - Mac
---------

These are two sets of contributed instructions for a Mac autotools
build.  There is also a contributed utils/makefile.mac.

brew install openssl
brew install gawk
brew install automake
brew install autconf
brew install libtool
brew link libtool
brew install pkg-config

1) 

PATH=/usr/local/Cellar/openssl\@1.1/1.1.1h/bin/:$PATH
PATH=/usr/local/Cellar/gawk/5.1.0/bin/:$PATH
LD_LIBRARY_PATH=/usr/local/Cellar/openssl\@1.1/1.1.1h

autoreconf -i
./configure \
	CPPFLAGS="-I/usr/local/Cellar/openssl@1.1/1.1.1h/include -DTPM_POSIX" \
	LDFLAGS=-L/usr/local/Cellar/openssl@1.1/1.1.1h/lib \
	PKG_CONFIG_PATH=/usr/local/Cellar/openssl@1.1/1.1.1h/lib/pkgconfig
make clean
make
sudo make install


2)

autoreconf -i
./configure \
	    CPPFLAGS="-I/usr/local/opt/openssl/include -DTPM_POSIX" \
	    LDFLAGS=-L/usr/local/opt/openssl/lib \
	    PKG_CONFIG_PATH=/usr/local/opt/openssl/lib/pkgconfig
make clean
make
sudo make install

Advanced options
----------------

For all options and details, see the documentation in ibmtss.docx or
ibmtss.html.

Some of the more common options are below.

1-3 can also be specified in an environment variable or at run time.

4-8, which are used to reduce the size of the library, must be
specified at compile time.

1) To default to a hardware TPM (rather than the SW TPM)

Add to CCLFLAGS:

	-DTPM_INTERFACE_TYPE_DEFAULT="\"dev\""

2) To default to /dev/tpmrm0 (rather than /dev/tpm0)

Add to CCLFLAGS:

	-DTPM_DEVICE_DEFAULT="\"/dev/tpm0\""

3) To default to a different directory for TSS state files (rather
than cwd)

Add to CCLFLAGS:

	-DTPM_DATA_DIR_DEFAULT="\"directory\""

4) To remove TPM 1.2 support

Delete from CCLFLAGS and CCAFLAGS

	-DTPM_TPM12

5) To remove the requirement for a filesystem (see documentation for
limitations)

Add to CCFLAGS

	-DTPM_TSS_NOFILE

6) To remove the requirement for crypto (see documentation for
limitations)

Add to CCFLAGS

	-DTPM_TSS_NOCRYPTO

7) To remove print tracing support

Add to CCFLAGS

	-DTPM_TSS_NO_PRINT

8) To remove elliptic curve dependencies

Add to CCFLAGS

	-DTPM_TSS_NOECC