近來一直在整理資料，剛好看到有比較詳細的介紹，就發揚一下“拿來主義”吧：)順便鄙視一下某安全網站轉載我的博客很亂：(

1、安裝環境準備

1.1內核

Linux內核2.6.12版本及以上，提供了對tpm芯片的支持，下載地址：。

1.2算法庫支持

Gmplib庫，提供一些密碼學算法的支持，下載地址：。

1.3 Tpm_emulator軟件

Tpm_emulator模擬tpm芯片，相當于一個虛擬的芯片，目前最高版本0.5.1，下載地址：https://developer.berlios.de/project/showfiles.php?group_id=2491

1.4 Tss軟件棧

Tss軟件棧包括Trousers、grub-ima、openssl tpm engine、tpm keyring、tpm-tools，trousers軟件包提供一些tpm的API函數，這里只安裝trousers軟件包，下載地址：

Trousers安裝所需環境：

軟件要求： 版本查看命令：

automake > 1.4?? automake --version

autoconf > 1.4 autoconf --version

Pkgconfig pkg-config --version

Libtool rpm -qa | grep libtool

gtk2-devel pkg-config --list-all |grep gtk (查看是否安裝了gtk)

openssl-devel >= 0.9.8 openssl version -a//redhat as4.7 的openssl版本 為0.9.7a

安裝openssl-0.9.8以及它所依賴的glibc2.4軟件下載地址： ?

安裝、卸載命令：rpm -ivh/-e --enforce --nodeps XXXX

2、軟件安裝

2.1內核安裝

#make menuconfig

在內核配置文件中選中如下參數即可將TPM驅動編入內核。

Device Driver->

Character Device->

[*] TPM Hardware Support->

[*] TPM Interface Specification 1.2 Interface

#make bzImage; make modules; make modules_install; make install

2.2 Gmplib安裝

# ./configure

# make

# make check

# make install

2.3 Tpm_emulator安裝

# cd /usr/src/linux 當前內核的源碼目錄

# zcat /proc/config.gz > .Config 保持內核配置文件與原來的相同，若沒有config.Gz文件，直接用make menuconfig生成.Config文件。

# make oldconfig

# make modules_prepare

# tar -xvzf tpm_emulator-X.Y.tar.gz

# cd tpm_emulator-X.Y

# make

# make install

若Make install出現錯誤：

make[1]: Entering directory `/home/akshay/tmp/tpm_emulator-0.5.1/tpmd'

install -m 755 -o tss -g tss -d /var/lib/tpm

install: invalid user `tss'

解決辦法：將make install改為：sudo make TPMD_USER=root TPMD_GROUP=root install

初始化

#tpmd deactivated

#killall tpmd

#tpmd clear

#rm /var/run/tpm/tpmd_socket:0 (出現failed：address already in use 時執行它)

啟動軟TPM

#modprobe tpmd_dev (如果出現FATAL: Module tpmd_dev not found，則先運行depmod -a)

#tpmd -f -d??????????? (tpmd -h查看啟動參數)

2.3 TSS安裝2.3.1解壓Trousers軟件包

2.3.2重定向tddl

由于使用TPM模擬器，在編譯trousers前需要將其以來的tddl庫改為TPM模擬器提供的tddl。

l 修改 ./src/tcsd/Makefile.am 第4行：

tcsd_LDADD=../tcs/libtcs.a ../tddl/libtddl.a –lpthread

為：tcsd_LDADD=../tcs/libtcs.a /usr/lib/libtddl.so –lpthread

l 修改 ./src/tcsd/Makefile.in 第59行：

tcsd_DEPENDENCIES = ../tcs/libtcs.a ../tddl/libtddl.a

為：tcsd_DEPENDENCIES = ../tcs/libtcs.a /usr/lib/libtddl.so

2.3.3修改Trousers Bug

l 修改 ./src/include/obj_context.h 第79行：struct tcs_api_table *obj_context_get_tcs_api();

為：struct tcs_api_table *obj_context_get_tcs_api(UINT32);

2.3.4編譯，安裝

#sh bootstrap.sh

#./configure –prefix=/usr

#make

#make install

2.3.5安裝tpm-tools軟件包

#sh bootstrap.sh

#./configure

#make

#make install

2.3.6啟動Trousers

Tcsd

/tpm_emulator-0.5/tddl# make test_tddl?? (測試)

/tpm_emulator-0.5/tddl# ./test_tddl(此測試程序用到了tpm-tools的相關內容)

2. TPM系列——tpm-emulator說明(轉)

2009-12-25 14:57

TPM-Emulator說明：

1.?????? tpmd –用戶空間的deamon實現TPM模擬，通過Socket實現訪問

2.?????? tpmd_dev –內核模塊提供模擬硬件/dev/tmp，用于后臺的兼容性和前臺命令接收到tpmd

3.?????? tddl—tpm驅動庫，用與提供模塊接口。

注意，模擬器只兼容內核在2.5.x以上的版本。

使用方法：

//install

#tar -zvxf tpm_emulator-X.Y .tar.gz

#cd tpm_emulator-X-Y

#make

#make install

//

//setup tpm

#modprobe tpmd_dev?? //將該模塊加入內核

#tpmd save

注：

#tpmd [-d] [-f][-h] [start mode]

其中[-d]: enable debug mode

[-f]:force the application to run in the forground 會顯示你發送給tpmd的命令

[-h]:print this help message 打印幫助消息

Start mode：’clear’清除之前的狀態, ’save’默認情況下打開之前的狀態, ‘deactivate’無效

//

//過程中可能遇到的問題是：

1.?????? 使用save模式出錯，由于之前保存的模式存在問題導致不能載入因此最好先使用clear模式，清除一下

2.?????? 無法清除時，最好的方法是使用‘deactivate’模式暫停工作后再清除

3.?????? 可能會遇見socket忙碌問題，導致命令不可用，此時需要去早var目錄下的tpm文件夾內，把當前的socket文件刪除，然后重新執行命令，會重新初始化socket

4.?????? 另外使用tddl函數接口編程，建議在模式選用時用參數f，這樣你就可以看到對應的函數執行時具體會使用哪個tpm命令，便于理解。

5.?????? 另外如果您可能沒有GMP授權文件，可以到GNU官方下載安裝，確保開放源碼的權益保障，這也是安裝開放模擬器的一個比較條件。

最后您就可以使用tpm-emulator來模擬任何tmp所能做到的事情了。

3. TPM系列——tpm emulator測試程序(轉)

2009-12-25 14:58

一個簡單的tpm emulator的測試程序，程序實現了通過軟tpm產生隨機數和求哈希值的功能。注意，此程序是基于tpm驅動層的，與trousers軟件沒有任何關系。可以通過這個程序驗證你的tpm emulator是否安裝成功。

代碼：tpmrandomsha1.c

#include

#include

#include

#include

#include

#define TPM_TAG_RQU_COMMAND 193

#define TPM_TAG_RQU_AUTH1_COMMAND 194

#define TPM_ORD_SHA1Start 160

#define TPM_ORD_SHA1Complete 162

#define TPM_ORD_GetRandom 70

/*********************first run "modprobe tpmd_dev""tpmd -f -d" and if there is a tcsd ,you cannot run it **********/

int main(int argc, char **argv)

{

unsigned int i,j,fd;

int res,ret;

unsigned char buf[256];

int buf_size = sizeof(buf);

unsigned char random_cmd[] = {0, TPM_TAG_RQU_COMMAND,

0, 0, 0, 14,

0, 0, 0, TPM_ORD_GetRandom,

0, 0, 0, 8};//70 means TPM_ORD_GetRandom

unsigned char tpm_sha1start[]={0,TPM_TAG_RQU_COMMAND,

0,0,0,10,

0,0,0,TPM_ORD_SHA1Start};

unsigned char tpm_sha1complete[]={0,TPM_TAG_RQU_COMMAND,

0,0,0,78,0,0,0,TPM_ORD_SHA1Complete,

0,0,0,64,

1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,

33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64};

fd = open("/dev/tpm0",O_RDWR);

if(fd < 0){

printf("Error: Open() failed: (%04x)\n ", fd);

return -1;

}

printf("sizeof(random_cmd): %d\n", sizeof(random_cmd));

printf("data in random_cmd: ");

for(i = 0; i < sizeof(random_cmd); i++)

printf("%02x", random_cmd[i]);

printf("\n");

res = write(fd, random_cmd, sizeof(random_cmd));

if(res != sizeof(random_cmd)){

printf("Error: write random command failed: (%04x)\n ", res);

close(fd);

return -1;

}

buf_size = 256;

ret = read(fd, buf, buf_size);

printf("ret of read random tpm0: %d\n",ret);

printf("read tpm0 random data: ");

for(i = 0; i < ret; i++){

printf("%02x ",buf[i] );

}

printf("\n");

buf_size = 256;//buf_size > 10

printf("sizeof(tpm_sha1start): %d\n", sizeof(tpm_sha1start));

printf("data in tpm_sha1start: ");

for(i = 0; i < sizeof(tpm_sha1start); i++)

printf("%02x", tpm_sha1start[i]);

printf("\n");

res =write(fd, tpm_sha1start, sizeof(tpm_sha1start));

if(res != sizeof(tpm_sha1start)){

printf("Error: write tpm_sha1start failed: (%04x)\n ", res);

close(fd);

return -1;

}

buf_size = 256;

ret = read(fd, buf, buf_size);

printf("ret of read tpm0 after tpm_sha1start : %d\n",ret);

printf("read tpm0 tpm_sha1start data: ");

for(i = 0; i < ret; i++){

printf("%02x ",buf[i] );

}

printf("\n");

buf_size = 256;//buf_size > 10

printf("sizeof(tpm_sha1complete): %d\n", sizeof(tpm_sha1complete));

printf("data in tpm_sha1complete: ");

for(i = 0; i < sizeof(tpm_sha1complete); i++)

printf("%02x", tpm_sha1complete[i]);

printf("\n");

res =write(fd, tpm_sha1complete, sizeof(tpm_sha1complete));

if(res != sizeof(tpm_sha1complete)){

printf("Error: write tpm_sha1complete failed: (%04x)\n ", res);

close(fd);

return -1;

}

buf_size = 256;

ret = read(fd, buf, buf_size);

printf("ret of read tpm0 after tpm_sha1complete : %d\n",ret);

printf("read tpm0 data after tpm_sha1complete : ");

for(i = 0; i < ret; i++){

printf("%02x ",buf[i] );

}

printf("\n");

close(fd);

return 0;

}

Makefile：

CC????:= gcc

all:???? tpmrandomsha1

tpm_getrandom:???? tpmrandomsha1.c

$(CC) tpmrandomsha1.c -o tpmrandomsha1

clean:

rm -f tpmrandomsha1

測試參考結果：

sizeof(random_cmd): 14

data in random_cmd: 00c10000000e0000004600000008

ret of read random tpm0: 22

read tpm0 random data: 00 c4 00 00 00 16 00 00 00 00 00 00 00 08 20 c2 10 97 bf cb c3 ec

sizeof(tpm_sha1start): 10

data in tpm_sha1start: 00c10000000a000000a0

ret of read tpm0 after tpm_sha1start : 14

read tpm0 tpm_sha1start data: 00 c4 00 00 00 0e 00 00 00 00 00 00 08 00

sizeof(tpm_sha1complete): 78

data in tpm_sha1complete:00c10000004e000000a2000000400102030405060708090a0b0c0d0e0f10111213141516171819

1a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f40

ret of read tpm0 after tpm_sha1complete : 30

read tpm0 data after tpm_sha1complete : 00 c4 00 00 00 1e 00 00 00 00 92 cb 89 df 62 d9 00 b3 50 d9 3e 42 25 ca 6f 08 1d 54 7a 28原文：http://blog.chinaunix.net/u3/96833/showart_1993602.html

4. TPM系列——A TPM for Everyone

2009-12-25 15:18

既然轉了，就發揚一下連續作戰的風格，一轉到底，哈哈~

Introduction

In the past, I've talked about the Trusted Platform Module (TPM) and Trusted Computing in the context of Mac OS X.

October 2006—

October 2006—

December 2006—, 23rd Chaos Communications Congress, Berlin

December 2007—

"Trusted" Computing is usually a contentious topic and the actual utility of a TPM is often overshadowed by a never-ending litany of "what-if" scenarios that have been brought up over time. The Mac OS X specific gist of this is that although the early x86-based Macintosh computers had onboard TPMs, Apple stopped including TPMs in Macintoshes roughly around the time the Mac Pro was introduced. In contrast, it is quite common to find TPMs in modern day non-Apple computers. There are several interesting and useful things one can do with a TPM on any operating system. It is rather disappointing that a modern Macintosh is devoid of this device.

The Next Best Thing to a TPM

Suppose you have a Macintosh without a TPM and you really do want to experiment with Trusted Computing or features of the TPM in general. Your needs could be development-related or they could be purely academic. Well, you could do the next best thing to having a real TPM: you can use a software TPM emulator. has been around for some time and it is straightforward to make it run on Mac OS X.

The TPM emulator is implemented as a daemon that encapsulates most of the functionality of a physical TPM. Out of the box, the TPM emulator will need to be accessed on Mac OS X through an intermediate library—the equivalent of the TPM Device Driver Library (TDDL). It would be nice if all existing TPM-related software used the TDDL interface, but often that's not the case. Instead, software that uses the TPM might want to directly access the TPM device. The Mac OS X TPM device driver I wrote in 2006 for the Infineon TPM chip provides a /dev/tpm device node, which is then used by all the other TPM tools and libraries I ported to Mac OS X. Therefore, it would be really useful if, in addition to the TPM emulator daemon, we had something that provides a /dev/tpm that behaves like the "real thing".

That something would be a Mac OS X kernel extension. It would publish a /dev/tpm device node just like the "real" TPM device driver. However, instead of communicating with the TPM hardware (which does not exist), this kernel extension would communicate with the TPM emulator daemon running in user space. I'm releasing the source code for such a kernel extension—let us call it the TPM Emulator Device Bridge Kernel Extension. Let us see how to set everything up so that we have a /dev/tpm that's functional enough to work seamlessly with TPM-based software.

Setting Up a Software TPM

First, we check out the source code for the TPM emulator from its subversion tree. We will assume that our working directory is /work/tpm/.

$ cd /work/tpm/ $ svn checkout svn://svn.berlios.de/tpm-emulator/trunk tpm-emulator ... $ cd tpm-emulator

Next, download the TPM emulator patch from the Download section of this page. You can apply the patch and compile the emulator as follows.

$ pwd /work/tpm/tpm-emulator $ patch -p0 < /path/to/tpm-emulator-0.5-macosx.patch patching file tpm/tpm_deprecated.c patching file tpmd/tpm_emulator_config.h patching file tpmd/tpmd.c patching file tddl/tddl.c patching file tddl/Makefile patching file Makefile $ make ...

Now download and compile the TPM Device Bridge kernel extension.

$ cd /work/tpm/ $ tar -xzvf /path/to/tpm_bridge.tar.gz $ cd tpm_bridge $ xcodebuild -target tpm_bridge -configuration Release ... ** BUILD SUCCEEDED ** $

We can now load the newly compiled kernel extension. Mac OS X has specific requirements on the ownership and permissions of kernel extension bundles.

$ pwd /work/tpm/tpm_bridge $ cp -pR build/Release/tpm_bridge.kext /tmp/ $ sudo chown -R root:wheel /tmp/tpm_bridge.kext $ sudo kextload -v /tmp/tpm_bridge.kext kextload: extension /tmp/tpm_bridge.kext appears to be loadable kextload: loading extension /tmp/tpm_bridge.kext kextload: sending 1 personality to the kernel kextload: /tmp/tpm_bridge.kext loaded successfully kextload: extension /tmp/tpm_bridge.kext has no personalities $ ls -las /dev/tpm 0 crw-rw-rw- 1 root wheel 19, 0 Feb 23 02:06 /dev/tpm

Once the kernel extension is loaded, we see that a /dev/tpm node becomes available. By default, the kernel extension allows read/write access to everybody for experimental convenience—depending on your needs, you might want to change this in the source. At this point, the device will not behave like a "real" TPM device because we still need to run the TPM emulator daemon, which the device would communicate with.

The kernel extension uses a Unix domain socket to communicate with the emulator daemon. By default, the path to this socket is /tmp/tpm/tpmd_socket:0. Moreover, the daemon needs a location to store the TPM's persistent state. By default, the daemon would store it in the /tmp/tpm/ directory in a file whose name begins with tpm_emulator-1.2. Let us create a /tmp/tpm/ directory and start the daemon. Please refer to the TPM emulator documentation to understand which command-line arguments to use. Initially, we will run the daemon in its "clear" startup mode.

The /tmp location for both TPM persistent data and the Unix domain socket is makeshift. In particular, remember that /tmp will not be persistent across a reboot. In a production setup, you would use more appropriate locations. For example, you could use the per user Documents folder for storing TPM persistent data and the per user temporary folder (the DARWIN_USER_TEMP_DIR configuration parameter) for the socket.

The socket path must be changed both in the kernel extension source and in the emulator source.

$ mkdir /tmp/tpm/ $ cd /work/tpm/tpm-emulator/tpmd $ ./tpmd -d -f clear ... ../tpm/tpm_startup.c:44: Info: TPM_Startup(1) tpmd.c:376: Debug: waiting for connections... ...

At this point, TPM-based software should be able to talk to /dev/tpm just as if the machine had a physical TPM. Please refer to for more information on TPM-related software you can experiment with. The following is an example of what you should see if you run the tpm_demo program from the osxbook-libtpm package.

$ cd /path/to/osxbook-libtpm-2.0c $ ./tpm_demo TPM version 1.1.0.0 24 PCR registers are available PCR-00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ... PCR-23: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 10 Key slots are available slots = 10, num = 0 No keys are loaded $

Note that this setup should also work on a PowerPC Macintosh.

Download

TPM Emulator Patch for Mac OS X:

TPM Emulator Device Bridge Kernel Extension for Mac OS X:

原文：

總結

以上是生活随笔為你收集整理的tpm php,TPM系列的全部內容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網站內容還不錯，歡迎將生活随笔推薦給好友。