180104TPM2.0的查看与使用
系统环境:16.04 LTS ,内核版本:4.14.0-041400-generic
硬件环境:
含有TPM2.0的联想YOGA系列电脑
shm@Lenovo:~$ sudo su root@Lenovo:/home/shm# apt-get install tpm2-tools 正在读取软件包列表... 完成 正在分析软件包的依赖关系树 正在读取状态信息... 完成 将会同时安装下列软件: libtss2-0 libtss2-utils 下列【新】软件包将被安装: libtss2-0 libtss2-utils tpm2-tools 升级了 0 个软件包,新安装了 3 个软件包,要卸载 0 个软件包,有 208 个软件包未被升级。 需要下载 150 kB 的归档。 解压缩后会消耗 1,230 kB 的额外空间。 您希望继续执行吗? [Y/n] y 获取:1 http://mirrors.aliyun.com/ubuntu xenial/universe amd64 libtss2-0 amd64 0.98+20160226.d4f23cc-0ubuntu2 [40.1 kB] 获取:2 http://mirrors.aliyun.com/ubuntu xenial/universe amd64 libtss2-utils amd64 0.98+20160226.d4f23cc-0ubuntu2 [19.6 kB] 获取:3 http://mirrors.aliyun.com/ubuntu xenial/universe amd64 tpm2-tools amd64 1.0.0+20160226.64b3334-0ubuntu2 [90.0 kB] 已下载 150 kB,耗时 1秒 (120 kB/s) 正在选中未选择的软件包 libtss2-0。 (正在读取数据库 ... 系统当前共安装有 348972 个文件和目录。) 正准备解包 .../libtss2-0_0.98+20160226.d4f23cc-0ubuntu2_amd64.deb ... 正在解包 libtss2-0 (0.98+20160226.d4f23cc-0ubuntu2) ... 正在选中未选择的软件包 libtss2-utils。 正准备解包 .../libtss2-utils_0.98+20160226.d4f23cc-0ubuntu2_amd64.deb ... 正在解包 libtss2-utils (0.98+20160226.d4f23cc-0ubuntu2) ... 正在选中未选择的软件包 tpm2-tools。 正准备解包 .../tpm2-tools_1.0.0+20160226.64b3334-0ubuntu2_amd64.deb ... 正在解包 tpm2-tools (1.0.0+20160226.64b3334-0ubuntu2) ... 正在处理用于 libc-bin (2.23-0ubuntu9) 的触发器 ... 正在设置 libtss2-0 (0.98+20160226.d4f23cc-0ubuntu2) ... 正在设置 libtss2-utils (0.98+20160226.d4f23cc-0ubuntu2) ... tpm2-resourcemgr.service is a disabled or a static unit, not starting it. 正在设置 tpm2-tools (1.0.0+20160226.64b3334-0ubuntu2) ... 正在处理用于 libc-bin (2.23-0ubuntu9) 的触发器 ... root@Lenovo:/home/shm# systemctl start tpm2-resourcemgr root@Lenovo:/home/shm# tpm2_listpcrs Show all PCR banks: Bank/Algorithm: TPM_ALG_SHA1(0x0004) PCR_00: 1a ae 4f 1c b5 4d 59 f2 dc 9b a2 09 e6 0a 49 72 bf 4e 8a 90 PCR_01: e1 50 53 4c fd 7f 1f 93 be ee 37 e7 b0 05 ea ba e5 f2 d6 99 PCR_02: b2 a8 3b 0e bf 2f 83 74 29 9a 5b 2b df c3 1e a9 55 ad 72 36 PCR_03: b2 a8 3b 0e bf 2f 83 74 29 9a 5b 2b df c3 1e a9 55 ad 72 36 PCR_04: 52 78 bd 4b 22 54 4e df 47 0f 07 4e ac b3 d3 60 30 19 da 22 PCR_05: 46 4d 88 ce 4f 10 b8 4b fd cd 25 d6 3c da 9c 7f c9 53 28 2d PCR_06: b2 a8 3b 0e bf 2f 83 74 29 9a 5b 2b df c3 1e a9 55 ad 72 36 PCR_07: 58 47 eb 8d 2f b8 01 17 c4 80 e3 df 5a d0 3d c2 3d 2c 61 3a PCR_08: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 PCR_09: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 PCR_10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 PCR_11: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 PCR_12: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 PCR_13: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 PCR_14: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 PCR_15: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 PCR_16: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 PCR_17: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff PCR_18: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff PCR_19: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff PCR_20: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff PCR_21: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff PCR_22: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff PCR_23: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Bank/Algorithm: TPM_ALG_SHA256(0x000b) PCR_00: PCR_01: PCR_02: PCR_03: PCR_04: PCR_05: PCR_06: PCR_07: PCR_08: PCR_09: PCR_10: PCR_11: PCR_12: PCR_13: PCR_14: PCR_15: PCR_16: PCR_17: PCR_18: PCR_19: PCR_20: PCR_21: PCR_22: PCR_23: Bank/Algorithm: TPM_ALG_SHA384(0x000c) This bank can not be read, tpm error 0x1c3 Bank/Algorithm: TPM_ALG_SHA512(0x000d) This bank can not be read, tpm error 0x1c3 Bank/Algorithm: TPM_ALG_SM3_256(0x0012) This bank can not be read, tpm error 0x1c3 root@Lenovo:/home/shm#
需要了解和学习 tpm1.2和TPM2.0的区别,包括命令的使用
root@Lenovo:/home/shm# tpm2_getpubek
tpm2_getpubek, version 1.0.0 Usage: tpm2_getpubek [-h/--help] or: tpm2_getpubek [-v/--version] or: tpm2_getpubek [-e/--endorsePasswd <password>] [-o/--ownerPasswd <password>] [-P/--ekPasswd <password>] [-H/--handle <hexHandle>] [-g/--alg <hexAlg>] [-f/--file <outputFile>] or: tpm2_getpubek [-e/--endorsePasswd <password>] [-o/--ownerPasswd <password>] [-P/--ekPasswd <password>] [-H/--handle <hexHandle>] [-g/--alg <hexAlg>] [-f/--file <outputFile>] [-i/--ip <ipAddress>] [-p/--port <port>] [-d/--dbg <dbgLevel>] where: -h/--help display this help and exit. -v/--version display version information and exit. -e/--endorsePasswd <password> specifies current endorse password (string,optional,default:NULL). -o/--ownerPasswd <password> specifies current owner password (string,optional,default:NULL). -P/--ekPasswd <password> specifies the EK password when created (string,optional,default:NULL). -H/--handle <hexHandle> specifies the handle used to make EK persistent (hex). -g/--alg <hexAlg> specifies the algorithm type of EK (default:0x01/TPM_ALG_RSA). -f/--file <outputFile> specifies the file used to save the public portion of EK. -p/--port <port> specifies the port number (optional,default:2323). -d/--dbg <dbgLevel> specifies level of debug messages(optional,default:0): 0 (high level test results) 1 (test app send/receive byte streams) 2 (resource manager send/receive byte streams) 3 (resource manager tables) example: tpm2_getpubek -e abc123 -o abc123 -P passwd -H 0x81010001 -g 0x01 -f ek.pub root@Lenovo:/home/shm#
未完待续........
明天的成功,都是今天的用心付出和努力的收获。
