本文介绍如何通过 TSS 软件栈使用 TPM (可信平台模块) 进行 PCR (平台配置寄存器) 的读取与扩展操作。演示包括开启 TPM 模拟器、TSS 工具及使用 C 语言编写的程序实现 PCR 的扩展。
通过调用TSPI接口函数来访问TPM emulator
目录
实验环境:
- Ubuntu14.04 LTS
- TPM emulator0.7
- trousers
- *TPM tools
- tpmmanager
参考学习
实验步骤:
- 打开 TPM模拟器:
root@shm-Junyi-M580:/home/shm# tpmd -df
tpmd.c:523: Info: starting TPM Emulator daemon (1.2.0.7-475)
tpmd.c:102: Info: parsing options
tpmd.c:109: Debug: debug mode enabled
tpmd.c:104: Debug: handling option '-f'
tpmd.c:112: Debug: application is forced to run in foreground
tpmd.c:228: Info: installing signal handlers
tpmd.c:387: Info: staring main loop
tpmd.c:302: Info: initializing socket /var/run/tpm/tpmd_socket:0
tpmd.c:401: Debug: initializing TPM emulator
tpm_emulator_extern.c:101: Info: _tpm_extern_init()
tpm_emulator_extern.c:104: Debug: openening random device /dev/urandom
tpm_cmd_handler.c:4113: Debug: tpm_emulator_init(2, 0x00000000)
tpm_startup.c:29: Info: TPM_Init()
tpm_testing.c:243: Info: TPM_SelfTestFull()
tpm_testing.c:39: Debug: tpm_test_prng()
tpm_testing.c:69: Debug: Monobit: 10119
tpm_testing.c:70: Debug: Poker: 10.9
tpm_testing.c:71: Debug: run_1: 2529, 2504
tpm_testing.c:72: Debug: run_2: 1249, 1235
tpm_testing.c:73: Debug: run_3: 626, 644
tpm_testing.c:74: Debug: run_4: 314, 280
tpm_testing.c:75: Debug: run_5: 145, 165
tpm_testing.c:76: Debug: run_6+: 146, 180
tpm_testing.c:77: Debug: run_34: 0
tpm_testing.c:111: Debug: tpm_test_sha1()
tpm_testing.c:157: Debug: tpm_test_hmac()
tpm_testing.c:184: Debug: tpm_test_rsa_EK()
tpm_testing.c:186: Debug: tpm_rsa_generate_key()
tpm_testing.c:191: Debug: testing endorsement key
tpm_testing.c:197: Debug: tpm_rsa_sign(RSA_SSA_PKCS1_SHA1)
tpm_testing.c:200: Debug: tpm_rsa_verify(RSA_SSA_PKCS1_SHA1)
tpm_testing.c:203: Debug: tpm_rsa_sign(RSA_SSA_PKCS1_DER)
tpm_testing.c:206: Debug: tpm_rsa_verify(RSA_SSA_PKCS1_DER)
tpm_testing.c:210: Debug: tpm_rsa_encrypt(RSA_ES_PKCSV15)
tpm_testing.c:214: Debug: tpm_rsa_decrypt(RSA_ES_PKCSV15)
tpm_testing.c:218: Debug: verify plain text
tpm_testing.c:221: Debug: tpm_rsa_encrypt(RSA_ES_OAEP_SHA1)
tpm_testing.c:225: Debug: tpm_rsa_decrypt(RSA_ES_OAEP_SHA1)
tpm_testing.c:229: Debug: verify plain text
tpm_testing.c:261: Info: Self-Test succeeded
tpm_startup.c:43: Info: TPM_Startup(2)
tpmd.c:412: Debug: waiting for connections...
- 打开TSS——trousers
root@shm-Junyi-M580:/home/shm# tcsd -ef
TCSD trousers 0.3.14: TCSD up and running.
3.. 查看TPM基本信息
root@shm-Junyi-M580:/home/shm# tpm_version
ط��� TPM 1.2 Version Info:
Chip Version: 1.2.0.7
Spec Level: 2
Errata Revision: 1
TPM Vendor ID: ETHZ
TPM Version: 01010000
Manufacturer Info: 4554485a
root@shm-Junyi-M580:/home/shm#
4.打开TPMManager
root@shm-Junyi-M580:/home/shm# tpmmanager
代码块
pcr_test.c 文件测试代码如下:
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <sys/stat.h>
#include <sys/types.h>
#include <tss/tss_error.h>
#include <tss/platform.h>
#include <tss/tss_defines.h>
#include <tss/tss_typedef.h>
#include <tss/tss_structs.h>
#include <tss/tspi.h>
#include <trousers/trousers.h>
#define Debug(message, tResult) printf("%s : %s\n", message, (char *)Trspi_Error_String(result))
void printMenu(); //打印菜单函数
int main(int argc, char **argv)
{
TSS_HCONTEXT hContext; //上下文
TSS_HTPM hTPM;
TSS_HPCRS hPcrs;
TSS_HENCDATA hEncdata;
TSS_HENCDATA hRetrieveData;
TSS_RESULT result;
TSS_HKEY hSRK = 0;
TSS_HPOLICY hSRKPolicy = 0;
TSS_UUID SRK_UUID = TSS_UUID_SRK;
BYTE wks[20];
BYTE *pubkey;
UINT32 pubkeySize;
BYTE *rgbPcrValue;
UINT32 ulPcrLen;
BYTE *encData;
UINT32 encDataSize;
BYTE *outstring;
UINT32 outlength;
FILE *fout, *fin;
int i;
UINT32 j;
BYTE valueToExtend[250];
int count = 0;
int pcrToExtend = 0;
memset(wks, 0, 20);
memset(valueToExtend, 0 ,250);
printf("|***********PCR_TEST START:***************|\n");
//选择你正在与之通信的TPM,默认情况下是系统TPM(用NULL表示)
result = Tspi_Context_Create(&hContext);
Debug(" 1-Create Context",result);
result = Tspi_Context_Connect(hContext,NULL);
Debug(" 2-Context Connect", result);
//获得TPM句柄
result = Tspi_Context_GetTpmObject(hContext, &hTPM);
Debug(" 3-Get TPM Handle", result);
//取得 SRK 句柄
result = Tspi_Context_LoadKeyByUUID(hContext, TSS_PS_TYPE_SYSTEM, SRK_UUID, &hSRK);
Debug(" 4-Get the SRK handle", result);
//获取 SRK 策略
result = Tspi_GetPolicyObject(hSRK, TSS_POLICY_USAGE, &hSRKPolicy);
Debug(" 5-Get the SRK Policy", result);
//然后将SRK策略设置为众所周知的秘密
result = Tspi_Policy_SetSecret(hSRKPolicy, TSS_SECRET_MODE_SHA1, 20, wks);
//输出所有PCR寄存器内的值
printf("+++++++++输出所有PCR寄存器内的值:+++++++++\n");
for(j=0; j<24; j++)
{
result = Tspi_TPM_PcrRead(hTPM, j, &ulPcrLen, &rgbPcrValue);
printf("PCR %02d ",j);
for(i=0; i<20; i++)
printf("%02x", *(rgbPcrValue + i));
printf("\n");
}
//显示每个命令行参数
printf("\n ========Command line arguments:========\n");
for(count = 0; count < argc; count++)
printf("argv[%d]: %s\n",count, argv[count]);
//检查命令行参数
if (argc >= 3)
{
if (strcmp(argv[1],"-p") == 0)
{
pcrToExtend = atoi(argv[2]);
if (pcrToExtend < 0 || pcrToExtend > 23)
{
printMenu();
return 0;
}
}
if(argc == 5)
{
if(strcmp(argv[3], "-v") == 0)
memcpy(valueToExtend,argv[4],strlen(argv[4]));
}
else //使用默认值
memcpy(valueToExtend, "ABCDEFGHIJKLMNOPQRST",20);
}
else
{
printMenu();
return 0;
}
//扩展值
result = Tspi_TPM_PcrExtend(hTPM, pcrToExtend,20,(BYTE *)valueToExtend, NULL, &ulPcrLen, &rgbPcrValue);
Debug("*********Extend the PCR**********", result);
//输出扩展操作后 PCR寄存器的值
printf("+++++++++输出扩展操作后PCR寄存器的值:+++++++++\n");
for (j = 0; j < 24; j++)
{
result = Tspi_TPM_PcrRead(hTPM, j, &ulPcrLen, &rgbPcrValue);
printf("PCR %02d ", j);
for (i = 0; i < 20; i++)
printf("%02x", *(rgbPcrValue + i));
printf("\n");
}
//清理上下文对象
printf("####清理上下文对象####\n");
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
return 0;
}
void printMenu()
{
printf("\n*改变PCRn值的帮助菜单:*\n");
printf("| -p PCR regiter to extend(0-23)\n");
printf("| -v Value to be extended into PCR(abc...)\n");
printf("| Note: -v argument is optional and a default value will be used if no value is provided\n");
printf("| Example: ChangePCRn -p 10 -v abcdef\n");
printf("-***********PCR_TEST END:***************-\n");
}
编译并运行
编译时,注意后面的参数 -ltspi:
/test-pcr# gcc pcr_test.c -o pcr_test -ltspi
运行效果:
(注:因为之前就已经通过传入参数,更改了PCR [0]和PCR[10]的值,所以显示结果就非0了。
可以通过在执行时,后面跟参数进行修改对应PCR的值,例如:
/test-pcr# ./pcr_test -p 16 -v 123 //修改PCR16的值,向其中扩展操作,值为123)
root@shm-Junyi-M580:/home/shm/TPM/test-tpm/test-pcr# ./pcr_test
|***********PCR_TEST START:***************|
1-Create Context : Success
2-Context Connect : Success
3-Get TPM Handle : Success
4-Get the SRK handle : Success
5-Get the SRK Policy : Success
+++++++++输出所有PCR寄存器内的值:+++++++++
PCR 00 f86ce8ad33b4f0a9cab79849bf9c1d2bcaa3d8b3
PCR 01 0000000000000000000000000000000000000000
PCR 02 0000000000000000000000000000000000000000
PCR 03 0000000000000000000000000000000000000000
PCR 04 0000000000000000000000000000000000000000
PCR 05 0000000000000000000000000000000000000000
PCR 06 0000000000000000000000000000000000000000
PCR 07 0000000000000000000000000000000000000000
PCR 08 0000000000000000000000000000000000000000
PCR 09 0000000000000000000000000000000000000000
PCR 10 d8c9e7c6e026fe6259f3cd4445949561d5692668
PCR 11 0000000000000000000000000000000000000000
PCR 12 0000000000000000000000000000000000000000
PCR 13 0000000000000000000000000000000000000000
PCR 14 0000000000000000000000000000000000000000
PCR 15 0000000000000000000000000000000000000000
PCR 16 ffffffffffffffffffffffffffffffffffffffff
PCR 17 ffffffffffffffffffffffffffffffffffffffff
PCR 18 ffffffffffffffffffffffffffffffffffffffff
PCR 19 ffffffffffffffffffffffffffffffffffffffff
PCR 20 ffffffffffffffffffffffffffffffffffffffff
PCR 21 ffffffffffffffffffffffffffffffffffffffff
PCR 22 ffffffffffffffffffffffffffffffffffffffff
PCR 23 ffffffffffffffffffffffffffffffffffffffff
========Command line arguments:========
argv[0]: ./pcr_test
*改变PCRn值的帮助菜单:*
| -p PCR regiter to extend(0-23)
| -v Value to be extended into PCR(abc...)
| Note: -v argument is optional and a default value will be used if no value is provided
| Example: ChangePCRn -p 10 -v abcdef
-***********PCR_TEST END:***************-
root@shm-Junyi-M580:/home/shm/TPM/test-tpm/test-pcr#
扫一扫
1583
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
