Scribd Logo
Upload

Welcome to Scribd!

  • FTPM Installation 20 04-Updated-Last

    Uploaded by

    Gani Anumandla
    12 views7 pages

    Original Title

    FTPM Installation 20 04-Updated-last

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    12 views7 pages

    FTPM Installation 20 04-Updated-Last

    Uploaded by

    Gani Anumandla

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 7

    [AMD Official Use Only]

    INSTRUCTIONS TO ENABLE fTPM IN KERNEL

    1. Kernel Build Flags to be enabled in the .config

    Prior to building the kernel below options should be enabled in .config


    CONFIG_TCG_TPM=y
    CONFIG_TCG_CRB=y

    2. To Verify whether TPM is enabled in Kernel?

    After booting to the kernel, check for the following sysfs entry
    ls sys/class/tpm
    tpm0 will be created.

    3. Steps to test tpm driver


    3.1 To build and install the tpm2 user space software the following dependencies are
    required

    sudo apt-get install autoconf-archive libcmocka0 libcmocka-dev procps iproute2 build-


    essential git automake uthash-dev doxygen libjson-c-dev libini-config-dev libgcrypt-
    dev python libcurl4-openssl-dev autoconf automake libtool pkg-config gcc libssl-dev
    libcurl4-gnutls-dev uuid-dev python-yaml lcov pandoc liburiparser-dev libdbus-1-dev
    libglib2.0-dev dbus-x11 valgrind libtss2-*

    3.2 Steps to install software simulator:


    3.2.1 ibmswtpm
     mkdir ibmtpm && cd ibmtpm
     wget
    https://downloads.sourceforge.net/project/ibmswtpm2/ibmtpm1332.tar.gz
     tar xvf ibmtpm1332.tar.gz
     make check or (make -j5)
     cd src
     sudo make install
     sudo cp tpm_server /usr/bin
    [AMD Official Use Only]

    The link is taken from


    https://github.com/tpm2-software/tpm2-tools/blob/master/doc/INSTALL.md . See
    the last steps

    3.3 Steps to install User space stack:


    3.3.1 TSS 2.0 – (tpm2-tss) install tpm2-tss2.4.2 because its new version
     branch : master , tag : master
    The source code for the TSS 2.0 stack is available at 
    https://github.com/tpm2-software/tpm2-tss.git

     git clone https://github.com/tpm2-software/tpm2-tss.git


     cd tpm2-tss
     git checkout 29c46f0d27942146a909f7f12c0f8f65c45bec93
     sudo ./bootstrap
     ./configure --with-udevrulesdir=/etc/udev/rules.d --with-
    devicetests="mandatory,optional" --with-device=/dev/tpm0 --enable-
    integration --enable-unit
     make -j$(nproc) check
    or

     ./configure --with-udevrulesdir=/etc/udev/rules.d --with-


    devicetests="mandatory,optional" --enable-integration --enable-unit --
    enable-valgrind
     make check-valgrind-memcheck /make check-valgrind-drd

    Note: Above steps are taken from the Link mentioned below (install.md)
    Note: If error : TPM device provided does not exist or is not writable
    observed then run cmd : sudo chmod go+rw /dev/tpm0

    For more detailed Build and installation ,please follow link


    https://github.com/tpm2-software/tpm2-tss/blob/master/INSTALL.md

    3.3.2 Tpm2-abrmd
     git clone https://github.com/tpm2-software/tpm2-abrmd.git
     cd tpm2-abrmd
     git checkout 01a3f6297261085b8ff5b6deb3fbacf14b5e50d6
     sudo ./bootstrap
     sudo ./configure --with-dbuspolicydir=/etc/dbus-1/system.d --with-
    systemdsystemunitdir=/lib/systemd/system
    [AMD Official Use Only]

    --with-systemdpresetdir=/lib/systemd/system-preset --enable-
    integration --enable-unit
     sudo make -j$(nproc) check
     sudo make install
    Note: Above steps are taken from the Link mentioned below (install.md)
    For more detailed Build and installation ,please follow link
    https://github.com/tpm2-software/tpm2-abrmd/blob/master/IN STALL.md

    3.3.3 TPM2.0-Tools

     git clone https://github.com/tpm2-software/tpm2-tools.git


     cd tpm2-tools
     git checkout 8540e7f0edcfcccf6097f0e453fd6c08657a0577
     sudo apt-get install expect
     ./bootstrap
     ./configure --enable-unit
    PATH=$PATH:/usr/local/sbin/tpm2-abrmd:/path_to/ibmtpm/src
     sudo make check
    Note: Above steps are taken from the Link mentioned below (install.md)
    Note : sudo cp /home/amd/tpm2-tss/lib/tss2-*.pc /usr/local/lib/pkgconfig

    For more detailed Build and installation ,please follow link


    https://github.com/tpm2-software/tpm2-tools/blob/master/INSTALL.md

    For configure, steps are taken from https://github.com/tpm2-software/tpm2-


    tools/tree/master/test/integration

    Note : Make sure the TSS stack and the resource manager is installed before running the
    tools test

    3.4 Steps to execute tpm-tool tests

    BIOS settings required before execution of tests


    In the BIOS menu TPM Clear flag must be set which is present in menu at following
    location System Utility-->Security-→TPM Clear.
    [AMD Official Use Only]

    [WHY TPM clear is needed in the BIOS]: This option simply resets the Trusted Platform
    Module (TPM) to its default state.
    Run Hello World program with below steps :
    Run software TPM server

    cd ibmtpm/src/
    ./tpm_server &

    tpm2-abrmd  daemon must run as user  tss  or  root (with option –allow-root) as
    below:

    sudo /usr/local/sbin/tpm2-abrmd --allow-root --tcti=mssim

    The above command should be run in a separate terminal (or in the background)
    Simple and basic test to make sure that the fTPM is alive and running:
    $ cd tpm2-tools/tool/
    $ ./tpm2_getrandom --hex 20
    Note: This should give a 4-byte response. This response should be different every time
    you run this command.
    Running the hello world :
    Navigate to : cd tpm2-tools/tool/
    ./tpm2_pcrread result should be as below with

    sha1 :
    0 : 0000000000000000000000000000000000000003
    1 : 0000000000000000000000000000000000000000
    2 : 0000000000000000000000000000000000000000
    3 : 0000000000000000000000000000000000000000
    4 : 0000000000000000000000000000000000000000
    5 : 0000000000000000000000000000000000000000
    <snip>

    Running Unit tests :

    Navigate to : cd /tpm2-tools/test/unit/
    An run executables eg1 : ./test_pcr
    [AMD Official Use Only]

    Hello world program should result as below if tpm2-tools intialised properly. Link : https://github.com/tpm2-
    software/tpm2-tools/wiki/Getting-Started
    [AMD Official Use Only]

    Tpm2-tools initialization is not correct, then Hello world result as below

    Total tests need to run:


    1) As a part of Sanity
    Ex : 1). $ cd tpm2-tools/tool/ (Get random num generator)

    $ ./tpm2_getrandom --hex 20

    2). cd tpm2-tools/tool/ (Hello world test)

    ./tpm2_pcrread result should be as below with

    2). tpm2-tss:
    Got to tpm2-tss directory
    sudo make check (make sure it is running unit & integration tests)
    (While configuring tpm2-tss we have already enabled with unit& integration steps).
    [AMD Official Use Only]

    3). tpm2-abrmd:
    sudo make check (make sure it is running unit & integration tests)
    While configuring tpm2-tss we have already enabled with unit& integration steps

    4). tpm2-tools:
    sudo make check (make sure it is running unit & integration tests)
    While configuring tpm2-tss we have already enabled with unit& integration steps

    You might also like