TPM零知识学习六 —— tpm2-tools源码安装
创始人
2024-03-27 10:14:33
0次
1. 源码下载
$ git clone https://github.com/tpm2-software/tpm2-tools2. 安装依赖
编译并安装tpm2-tools需要以下软件依赖:
- GNU Autoconf (version >= 2019.01.06)
- GNU Automake
- GNU Libtool
- pkg-config
- C compiler
- C Library Development Libraries and Header Files (for pthreads headers)
- ESAPI - TPM2.0 TSS ESAPI library (tss2-esys) and header files
- OpenSSL libcrypto library and header files (version >= 1.1.0)
- Curl library and header files
可选依赖:
- pandoc用以编译man pages
- FAPI - TPM2.0 TSS FAPI 库 (tss2-fapi) 和头文件
- tpm2-tabrmd用以使能新的userspace resource manager(推荐)
- 当执行./configure时带有"--enable-unit"或者"--enable-unit=abrmd"参数,the tests are run towards a resource manager, tpm2-abrmd, which must be on $PATH
- 当执行./configure时带有"--enable-unit=mssim",the tests are run directly towards tpm_server, without resource manager
- 对于测试来说,无论是否带有resource manager,tpm_server都必须被安装
- Some tests pass only if xxd, expect, bash and python with PyYAML are available
- 一些测试可选择地使用(但不是需要)curl
满足tpm2-tools的安装依赖分为两个一般步骤:可以通过包管理器获得的和不能通过包管理器获得的。
以Ubuntu(Ubuntu 22.04)为例,安装步骤如下:
$ sudo apt-get install autoconf automake libtool pkg-config gcc libssl-dev libcurl4-gnutls-dev python-yaml其中,python-yaml没有找到,如下所示:
$ sudo apt install python-yaml
正在读取软件包列表... 完成
正在分析软件包的依赖关系树... 完成
正在读取状态信息... 完成
没有可用的软件包 python-yaml,但是它被其它的软件包引用了。
这可能意味着这个缺失的软件包可能已被废弃,
或者只能在其他发布源中找到E: 软件包 python-yaml 没有可安装候选
3. 源码构建
- 引导构建
ph@ph-ThinkBook-14-G2-ITL:~/dingdao/TPM/tools/tpm2-tools$ ./bootstrap
Generating file lists: src_vars.mk
aclocal: installing 'm4/ax_ac_append_to_file.m4' from '/usr/share/aclocal/ax_ac_append_to_file.m4'
aclocal: installing 'm4/ax_ac_print_to_file.m4' from '/usr/share/aclocal/ax_ac_print_to_file.m4'
aclocal: installing 'm4/ax_add_am_macro_static.m4' from '/usr/share/aclocal/ax_add_am_macro_static.m4'
aclocal: installing 'm4/ax_add_fortify_source.m4' from '/usr/share/aclocal/ax_add_fortify_source.m4'
aclocal: installing 'm4/ax_am_macros_static.m4' from '/usr/share/aclocal/ax_am_macros_static.m4'
aclocal: installing 'm4/ax_check_compile_flag.m4' from '/usr/share/aclocal/ax_check_compile_flag.m4'
aclocal: installing 'm4/ax_check_enable_debug.m4' from '/usr/share/aclocal/ax_check_enable_debug.m4'
aclocal: installing 'm4/ax_check_gnu_make.m4' from '/usr/share/aclocal/ax_check_gnu_make.m4'
aclocal: installing 'm4/ax_check_link_flag.m4' from '/usr/share/aclocal/ax_check_link_flag.m4'
aclocal: installing 'm4/ax_code_coverage.m4' from '/usr/share/aclocal/ax_code_coverage.m4'
aclocal: installing 'm4/ax_file_escapes.m4' from '/usr/share/aclocal/ax_file_escapes.m4'
aclocal: installing 'm4/ax_is_release.m4' from '/usr/share/aclocal/ax_is_release.m4'
aclocal: installing 'm4/libtool.m4' from '/usr/share/aclocal/libtool.m4'
aclocal: installing 'm4/ltoptions.m4' from '/usr/share/aclocal/ltoptions.m4'
aclocal: installing 'm4/ltsugar.m4' from '/usr/share/aclocal/ltsugar.m4'
aclocal: installing 'm4/ltversion.m4' from '/usr/share/aclocal/ltversion.m4'
aclocal: installing 'm4/lt~obsolete.m4' from '/usr/share/aclocal/lt~obsolete.m4'
aclocal: installing 'm4/pkg.m4' from '/usr/share/aclocal/pkg.m4'
libtoolize: putting auxiliary files in '.'.
libtoolize: linking file './ltmain.sh'
configure.ac:8: installing './compile'
configure.ac:10: installing './config.guess'
configure.ac:10: installing './config.sub'
configure.ac:11: installing './install-sh'
configure.ac:11: installing './missing'
Makefile.am:30: warning: AM_DISTCHECK_CONFIGURE_FLAGS was already defined in condition AUTOCONF_CODE_COVERAGE_2019_01_06 and CODE_COVERAGE_ENABLED, which is included in condition TRUE ...
aminclude_static.am:100: ... 'AM_DISTCHECK_CONFIGURE_FLAGS' previously defined here
Makefile.am:5: 'aminclude_static.am' included from here
Makefile.am: installing './depcomp'
parallel-tests: installing './test-driver'
- 配置构建
先运行带--help选项的configure脚本来查看所有支持的选项。如下所示:
ph@ph-ThinkBook-14-G2-ITL:~/dingdao/TPM/tools/tpm2-tools$ ./configure --help
`configure' configures tpm2-tools 5.4-rc0 to adapt to many kinds of systems.Usage: ./configure [OPTION]... [VAR=VALUE]...To assign environment variables (e.g., CC, CFLAGS...), specify them as
VAR=VALUE. See below for descriptions of some of the useful variables.Defaults for the options are specified in brackets.Configuration:-h, --help display this help and exit--help=short display options specific to this package--help=recursive display the short help of all the included packages-V, --version display version information and exit-q, --quiet, --silent do not print `checking ...' messages--cache-file=FILE cache test results in FILE [disabled]-C, --config-cache alias for `--cache-file=config.cache'-n, --no-create do not create output files--srcdir=DIR find the sources in DIR [configure dir or `..']Installation directories:--prefix=PREFIX install architecture-independent files in PREFIX[/usr/local]--exec-prefix=EPREFIX install architecture-dependent files in EPREFIX[PREFIX]By default, `make install' will install all the files in
`/usr/local/bin', `/usr/local/lib' etc. You can specify
an installation prefix other than `/usr/local' using `--prefix',
for instance `--prefix=$HOME'.For better control, use the options below.Fine tuning of the installation directories:--bindir=DIR user executables [EPREFIX/bin]--sbindir=DIR system admin executables [EPREFIX/sbin]--libexecdir=DIR program executables [EPREFIX/libexec]--sysconfdir=DIR read-only single-machine data [PREFIX/etc]--sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com]--localstatedir=DIR modifiable single-machine data [PREFIX/var]--runstatedir=DIR modifiable per-process data [LOCALSTATEDIR/run]--libdir=DIR object code libraries [EPREFIX/lib]--includedir=DIR C header files [PREFIX/include]--oldincludedir=DIR C header files for non-gcc [/usr/include]--datarootdir=DIR read-only arch.-independent data root [PREFIX/share]--datadir=DIR read-only architecture-independent data [DATAROOTDIR]--infodir=DIR info documentation [DATAROOTDIR/info]--localedir=DIR locale-dependent data [DATAROOTDIR/locale]--mandir=DIR man documentation [DATAROOTDIR/man]--docdir=DIR documentation root [DATAROOTDIR/doc/tpm2-tools]--htmldir=DIR html documentation [DOCDIR]--dvidir=DIR dvi documentation [DOCDIR]--pdfdir=DIR pdf documentation [DOCDIR]--psdir=DIR ps documentation [DOCDIR]Program names:--program-prefix=PREFIX prepend PREFIX to installed program names--program-suffix=SUFFIX append SUFFIX to installed program names--program-transform-name=PROGRAM run sed PROGRAM on installed program namesSystem types:--build=BUILD configure for building on BUILD [guessed]--host=HOST cross-compile to build programs to run on HOST [BUILD]Optional Features:--disable-option-checking ignore unrecognized --enable/--with options--disable-FEATURE do not include FEATURE (same as --enable-FEATURE=no)--enable-FEATURE[=ARG] include FEATURE [ARG=yes]--enable-debug=[yes/info/profile/no]compile with debugging--enable-shared[=PKGS] build shared libraries [default=yes]--enable-static[=PKGS] build static libraries [default=yes]--enable-fast-install[=PKGS]optimize for fast installation [default=yes]--disable-libtool-lock avoid locking (might break parallel builds)--enable-dependency-trackingdo not reject slow dependency extractors--disable-dependency-trackingspeeds up one-time build--enable-silent-rules less verbose build output (undo: "make V=1")--disable-silent-rules verbose build output (undo: "make V=0")--enable-code-coverage Whether to enable code coverage support--disable-fapi disable FAPI tools (default: auto)--enable-unit build cmocka unit tests--disable-persistent disable tests that require resetting the TPM--disable-dlclose Some versions of libc cause a sigsegv on exit, thisdisables the dlclose and works around that bug--disable-hardening Disable compiler and linker options to frustratememory corruption exploitsOptional Packages:--with-PACKAGE[=ARG] use PACKAGE [ARG=yes]--without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no)--with-pic[=PKGS] try to use only PIC/non-PIC objects [default=useboth]--with-aix-soname=aix|svr4|bothshared library versioning (aka "SONAME") variant toprovide on AIX, [default=aix].--with-gnu-ld assume the C compiler uses GNU ld [default=no]--with-sysroot[=DIR] Search for dependent libraries within DIR (or thecompiler's sysroot if not specified).--with-gcov=GCOV use given GCOV for coverage (GCOV=gcov).--with-efivar Build with lib efivar for pretty print of devicepath. Default auto detect--with-bashcompdir=DIR directory for bash completions--with-tpmsim=BIN simulator used for testing--with-python-sys-prefixuse Python's sys.prefix and sys.exec_prefix values--with-python_prefix override the default PYTHON_PREFIX--with-python_exec_prefixoverride the default PYTHON_EXEC_PREFIXSome influential environment variables:CC C compiler commandCFLAGS C compiler flagsLDFLAGS linker flags, e.g. -L if you have libraries in anonstandard directory LIBS libraries to pass to the linker, e.g. -lCPPFLAGS (Objective) C/C++ preprocessor flags, e.g. -I ifyou have headers in a nonstandard directory LT_SYS_LIBRARY_PATHUser-defined run-time library search path.PKG_CONFIG path to pkg-config utilityPKG_CONFIG_PATHdirectories to add to pkg-config's search pathPKG_CONFIG_LIBDIRpath overriding pkg-config's built-in search pathTSS2_FAPI_CFLAGSC compiler flags for TSS2_FAPI, overriding pkg-configTSS2_FAPI_LIBSlinker flags for TSS2_FAPI, overriding pkg-configTSS2_FAPI_3_0_CFLAGSC compiler flags for TSS2_FAPI_3_0, overriding pkg-configTSS2_FAPI_3_0_LIBSlinker flags for TSS2_FAPI_3_0, overriding pkg-configTSS2_ESYS_4_0_CFLAGSC compiler flags for TSS2_ESYS_4_0, overriding pkg-configTSS2_ESYS_4_0_LIBSlinker flags for TSS2_ESYS_4_0, overriding pkg-configTSS2_ESYS_3_0_CFLAGSC compiler flags for TSS2_ESYS_3_0, overriding pkg-configTSS2_ESYS_3_0_LIBSlinker flags for TSS2_ESYS_3_0, overriding pkg-configTSS2_ESYS_2_3_CFLAGSC compiler flags for TSS2_ESYS_2_3, overriding pkg-configTSS2_ESYS_2_3_LIBSlinker flags for TSS2_ESYS_2_3, overriding pkg-configTSS2_TCTILDR_CFLAGSC compiler flags for TSS2_TCTILDR, overriding pkg-configTSS2_TCTILDR_LIBSlinker flags for TSS2_TCTILDR, overriding pkg-configTSS2_MU_CFLAGSC compiler flags for TSS2_MU, overriding pkg-configTSS2_MU_LIBSlinker flags for TSS2_MU, overriding pkg-configTSS2_RC_CFLAGSC compiler flags for TSS2_RC, overriding pkg-configTSS2_RC_LIBSlinker flags for TSS2_RC, overriding pkg-configTSS2_SYS_CFLAGSC compiler flags for TSS2_SYS, overriding pkg-configTSS2_SYS_LIBSlinker flags for TSS2_SYS, overriding pkg-configCRYPTO_CFLAGSC compiler flags for CRYPTO, overriding pkg-configCRYPTO_LIBS linker flags for CRYPTO, overriding pkg-configCURL_CFLAGS C compiler flags for CURL, overriding pkg-configCURL_LIBS linker flags for CURL, overriding pkg-configEFIVAR_CFLAGSC compiler flags for EFIVAR, overriding pkg-configEFIVAR_LIBS linker flags for EFIVAR, overriding pkg-configwith_bashcompdirvalue of completionsdir for bash-completion, overridingpkg-configCMOCKA_CFLAGSC compiler flags for CMOCKA, overriding pkg-configCMOCKA_LIBS linker flags for CMOCKA, overriding pkg-configPYTHON the Python interpreterUse these variables to override the choices made by `configure' or to help
it to find libraries and programs with nonstandard names/locations.Report bugs to the package provider.
在构建tpm2-tools之前,必须进行配置。最为简单的情况是不带任何选项运行configure脚本,如下所示:
ph@ph-ThinkBook-14-G2-ITL:~/dingdao/TPM/tools/tpm2-tools$ ./configure
checking whether to enable debugging... info
checking for gcc... gcc
checking whether the C compiler works... yes
checking for C compiler default output file name... a.out
checking for suffix of executables...
checking whether we are cross compiling... no
checking for suffix of object files... o
checking whether the compiler supports GNU C... yes
checking whether gcc accepts -g... yes
checking for gcc option to enable C11 features... none needed
checking whether gcc understands -c and -o together... yes
checking whether ln -s works... yes
checking build system type... x86_64-pc-linux-gnu
checking host system type... x86_64-pc-linux-gnu
checking how to print strings... printf
checking for a sed that does not truncate output... /usr/bin/sed
checking for grep that handles long lines and -e... /usr/bin/grep
checking for egrep... /usr/bin/grep -E
checking for fgrep... /usr/bin/grep -F
checking for ld used by gcc... /usr/bin/ld
checking if the linker (/usr/bin/ld) is GNU ld... yes
checking for BSD- or MS-compatible name lister (nm)... /usr/bin/nm -B
checking the name lister (/usr/bin/nm -B) interface... BSD nm
checking the maximum length of command line arguments... 1572864
checking how to convert x86_64-pc-linux-gnu file names to x86_64-pc-linux-gnu format... func_convert_file_noop
checking how to convert x86_64-pc-linux-gnu file names to toolchain format... func_convert_file_noop
checking for /usr/bin/ld option to reload object files... -r
checking for objdump... objdump
checking how to recognize dependent libraries... pass_all
checking for dlltool... no
checking how to associate runtime and link libraries... printf %s\n
checking for ar... ar
checking for archiver @FILE support... @
checking for strip... strip
checking for ranlib... ranlib
checking for gawk... no
checking for mawk... mawk
checking command to parse /usr/bin/nm -B output from gcc object... ok
checking for sysroot... no
checking for a working dd... /usr/bin/dd
checking how to truncate binary pipes... /usr/bin/dd bs=4096 count=1
checking for mt... mt
checking if mt is a manifest tool... no
checking for stdio.h... yes
checking for stdlib.h... yes
checking for string.h... yes
checking for inttypes.h... yes
checking for stdint.h... yes
checking for strings.h... yes
checking for sys/stat.h... yes
checking for sys/types.h... yes
checking for unistd.h... yes
checking for dlfcn.h... yes
checking for objdir... .libs
checking if gcc supports -fno-rtti -fno-exceptions... no
checking for gcc option to produce PIC... -fPIC -DPIC
checking if gcc PIC flag -fPIC -DPIC works... yes
checking if gcc static flag -static works... yes
checking if gcc supports -c -o file.o... yes
checking if gcc supports -c -o file.o... (cached) yes
checking whether the gcc linker (/usr/bin/ld -m elf_x86_64) supports shared libraries... yes
checking whether -lc should be explicitly linked in... no
checking dynamic linker characteristics... GNU/Linux ld.so
checking how to hardcode library paths into programs... immediate
checking whether stripping libraries is possible... yes
checking if libtool supports shared libraries... yes
checking whether to build shared libraries... yes
checking whether to build static libraries... yes
checking for a BSD-compatible install... /usr/bin/install -c
checking whether build environment is sane... yes
checking for a race-free mkdir -p... /usr/bin/mkdir -p
checking whether make sets $(MAKE)... yes
checking whether make supports the include directive... yes (GNU style)
checking whether make supports nested variables... yes
checking dependency style of gcc... gcc3
checking whether make supports nested variables... (cached) yes
checking whether to build with code coverage support... no
checking for pandoc... yes
checking for pkg-config... /usr/bin/pkg-config
checking pkg-config is at least version 0.9.0... yes
checking for tss2-fapi... yes
checking for tss2-fapi >= 3.0... yes
checking for tss2-esys >= 4.0.0... yes
checking for tss2-tctildr... yes
checking for tss2-mu... yes
checking for tss2-rc... yes
checking for tss2-sys... yes
checking for libcrypto >= 1.1.0... yes
checking for EVP_sm3 in -lcrypto... yes
checking for EVP_sm4_cfb128 in -lcrypto... yes
checking for libcurl... yes
checking for efivar... no
checking whether C compiler accepts -Wall... yes
checking whether C compiler accepts -Wextra... yes
checking whether C compiler accepts -Werror... yes
checking whether C compiler accepts -Wformat... yes
checking whether C compiler accepts -Wformat-security... yes
checking whether C compiler accepts -Wstack-protector... yes
checking whether C compiler accepts -fstack-protector-all... yes
checking whether C compiler accepts -Wstrict-overflow=5... yes
checking whether C compiler accepts -O2... yes
checking whether C compiler accepts -Werror... (cached) yes
checking whether to add -D_FORTIFY_SOURCE=2 to CPPFLAGS... yes
checking whether C compiler accepts -fPIC... yes
checking whether the linker accepts -shared... yes
checking whether C compiler accepts -fPIE... yes
checking whether the linker accepts -pie... yes
checking whether the linker accepts -Wl,-z,relro... yes
checking whether the linker accepts -Wl,-z,now... yes
checking whether C compiler accepts -D_GNU_SOURCE... yes
checking whether C compiler accepts -std=gnu99... yes
checking whether C compiler accepts -Wstringop-overflow=4... yes
checking whether C compiler accepts -Wstringop-truncation... yes
checking whether C compiler accepts -Wduplicated-branches... yes
checking whether C compiler accepts -Wduplicated-cond... yes
checking whether C compiler accepts -Wbool-compare... yes
checking whether C compiler accepts -fdata-sections... yes
checking whether C compiler accepts -ffunction-sections... yes
checking whether the linker accepts -Wl,--gc-sections... yes
checking that generated files are newer than configure... done
configure: creating ./config.status
config.status: creating Makefile
config.status: creating lib/config.h
config.status: executing libtool commands
config.status: executing depfiles commands- tpm2-tools: 5.4-rc0- Man pages: yes- Unit tests: no- 编译
运行make进行编译,如下所示:
ph@ph-ThinkBook-14-G2-ITL:~/dingdao/TPM/tools/tpm2-tools$ makeCC tools/fapi/tss2-tss2_template.oCC tools/fapi/tss2-tss2_decrypt.oCC tools/fapi/tss2-tss2_encrypt.oCC tools/fapi/tss2-tss2_list.oCC tools/fapi/tss2-tss2_changeauth.oCC tools/fapi/tss2-tss2_delete.oCC tools/fapi/tss2-tss2_import.oCC tools/fapi/tss2-tss2_getinfo.oCC tools/fapi/tss2-tss2_createkey.oCC tools/fapi/tss2-tss2_createseal.oCC tools/fapi/tss2-tss2_exportkey.oCC tools/fapi/tss2-tss2_getcertificate.oCC tools/fapi/tss2-tss2_getplatformcertificates.oCC tools/fapi/tss2-tss2_gettpmblobs.oCC tools/fapi/tss2-tss2_getappdata.oCC tools/fapi/tss2-tss2_gettpm2object.oCC tools/fapi/tss2-tss2_setappdata.oCC tools/fapi/tss2-tss2_setcertificate.oCC tools/fapi/tss2-tss2_sign.oCC tools/fapi/tss2-tss2_verifysignature.oCC tools/fapi/tss2-tss2_verifyquote.oCC tools/fapi/tss2-tss2_createnv.oCC tools/fapi/tss2-tss2_nvextend.oCC tools/fapi/tss2-tss2_nvincrement.oCC tools/fapi/tss2-tss2_nvread.oCC tools/fapi/tss2-tss2_nvsetbits.oCC tools/fapi/tss2-tss2_nvwrite.oCC tools/fapi/tss2-tss2_getdescription.oCC tools/fapi/tss2-tss2_setdescription.oCC tools/fapi/tss2-tss2_pcrextend.oCC tools/fapi/tss2-tss2_quote.oCC tools/fapi/tss2-tss2_pcrread.oCC tools/fapi/tss2-tss2_authorizepolicy.oCC tools/fapi/tss2-tss2_exportpolicy.oCC tools/fapi/tss2-tss2_provision.oCC tools/fapi/tss2-tss2_getrandom.oCC tools/fapi/tss2-tss2_unseal.oCC tools/fapi/tss2-tss2_writeauthorizenv.oCC lib/libcommon_a-files.oCC lib/libcommon_a-log.oCC lib/libcommon_a-object.oCC lib/libcommon_a-pcr.oCC lib/libcommon_a-tool_rc.oCC lib/libcommon_a-tpm2.oCC lib/libcommon_a-tpm2_alg_util.oCC lib/libcommon_a-tpm2_attr_util.oCC lib/libcommon_a-tpm2_auth_util.oCC lib/libcommon_a-tpm2_capability.oCC lib/libcommon_a-tpm2_cc_util.oCC lib/libcommon_a-tpm2_convert.oCC lib/libcommon_a-tpm2_ctx_mgmt.oCC lib/libcommon_a-tpm2_errata.oCC lib/libcommon_a-tpm2_eventlog.oCC lib/libcommon_a-tpm2_eventlog_yaml.oCC lib/libcommon_a-tpm2_hash.oCC lib/libcommon_a-tpm2_hierarchy.oCC lib/libcommon_a-tpm2_identity_util.oCC lib/libcommon_a-tpm2_kdfa.oCC lib/libcommon_a-tpm2_kdfe.oCC lib/libcommon_a-tpm2_openssl.oCC lib/libcommon_a-tpm2_options.oCC lib/libcommon_a-tpm2_policy.oCC lib/libcommon_a-tpm2_session.oCC lib/libcommon_a-tpm2_tool_output.oCC lib/libcommon_a-tpm2_util.oAR lib/libcommon.a
ar: `u' 修饰符被忽略,因为 `D' 为默认(参见 `U')CCLD tools/fapi/tss2CC tools/tpm2-tpm2_tool.oCC tools/misc/tpm2-tpm2_certifyX509certutil.oCC tools/misc/tpm2-tpm2_checkquote.oCC tools/misc/tpm2-tpm2_encodeobject.oCC tools/misc/tpm2-tpm2_eventlog.oCC tools/misc/tpm2-tpm2_print.oCC tools/misc/tpm2-tpm2_rc_decode.oCC tools/tpm2-tpm2_activatecredential.oCC tools/tpm2-tpm2_certify.oCC tools/tpm2-tpm2_changeauth.oCC tools/tpm2-tpm2_changeeps.oCC tools/tpm2-tpm2_changepps.oCC tools/tpm2-tpm2_clear.oCC tools/tpm2-tpm2_clearcontrol.oCC tools/tpm2-tpm2_clockrateadjust.oCC tools/tpm2-tpm2_create.oCC tools/tpm2-tpm2_createak.oCC tools/tpm2-tpm2_createek.oCC tools/tpm2-tpm2_createpolicy.oCC tools/tpm2-tpm2_setprimarypolicy.oCC tools/tpm2-tpm2_createprimary.oCC tools/tpm2-tpm2_dictionarylockout.oCC tools/tpm2-tpm2_duplicate.oCC tools/tpm2-tpm2_getcap.oCC tools/tpm2-tpm2_gettestresult.oCC tools/tpm2-tpm2_encryptdecrypt.oCC tools/tpm2-tpm2_evictcontrol.oCC tools/tpm2-tpm2_flushcontext.oCC tools/tpm2-tpm2_getekcertificate.oCC tools/tpm2-tpm2_getrandom.oCC tools/tpm2-tpm2_gettime.oCC tools/tpm2-tpm2_hash.oCC tools/tpm2-tpm2_hierarchycontrol.oCC tools/tpm2-tpm2_hmac.oCC tools/tpm2-tpm2_import.oCC tools/tpm2-tpm2_incrementalselftest.oCC tools/tpm2-tpm2_load.oCC tools/tpm2-tpm2_loadexternal.oCC tools/tpm2-tpm2_makecredential.oCC tools/tpm2-tpm2_nvdefine.oCC tools/tpm2-tpm2_nvextend.oCC tools/tpm2-tpm2_nvincrement.oCC tools/tpm2-tpm2_nvreadpublic.oCC tools/tpm2-tpm2_nvread.oCC tools/tpm2-tpm2_nvreadlock.oCC tools/tpm2-tpm2_nvundefine.oCC tools/tpm2-tpm2_nvwrite.oCC tools/tpm2-tpm2_nvwritelock.oCC tools/tpm2-tpm2_nvsetbits.oCC tools/tpm2-tpm2_pcrallocate.oCC tools/tpm2-tpm2_pcrevent.oCC tools/tpm2-tpm2_pcrextend.oCC tools/tpm2-tpm2_pcrread.oCC tools/tpm2-tpm2_pcrreset.oCC tools/tpm2-tpm2_policypcr.oCC tools/tpm2-tpm2_policyauthorize.oCC tools/tpm2-tpm2_policyauthorizenv.oCC tools/tpm2-tpm2_policynv.oCC tools/tpm2-tpm2_policycountertimer.oCC tools/tpm2-tpm2_policyor.oCC tools/tpm2-tpm2_policynamehash.oCC tools/tpm2-tpm2_policytemplate.oCC tools/tpm2-tpm2_policycphash.oCC tools/tpm2-tpm2_policypassword.oCC tools/tpm2-tpm2_policysigned.oCC tools/tpm2-tpm2_policyticket.oCC tools/tpm2-tpm2_policyauthvalue.oCC tools/tpm2-tpm2_policysecret.oCC tools/tpm2-tpm2_policyrestart.oCC tools/tpm2-tpm2_policycommandcode.oCC tools/tpm2-tpm2_policynvwritten.oCC tools/tpm2-tpm2_policyduplicationselect.oCC tools/tpm2-tpm2_policylocality.oCC tools/tpm2-tpm2_quote.oCC tools/tpm2-tpm2_readclock.oCC tools/tpm2-tpm2_readpublic.oCC tools/tpm2-tpm2_rsadecrypt.oCC tools/tpm2-tpm2_rsaencrypt.oCC tools/tpm2-tpm2_send.oCC tools/tpm2-tpm2_selftest.oCC tools/tpm2-tpm2_setclock.oCC tools/tpm2-tpm2_shutdown.oCC tools/tpm2-tpm2_sign.oCC tools/tpm2-tpm2_certifycreation.oCC tools/tpm2-tpm2_nvcertify.oCC tools/tpm2-tpm2_startauthsession.oCC tools/tpm2-tpm2_startup.oCC tools/tpm2-tpm2_stirrandom.oCC tools/tpm2-tpm2_testparms.oCC tools/tpm2-tpm2_unseal.oCC tools/tpm2-tpm2_verifysignature.oCC tools/tpm2-tpm2_setcommandauditstatus.oCC tools/tpm2-tpm2_getcommandauditdigest.oCC tools/tpm2-tpm2_getsessionauditdigest.oCC tools/tpm2-tpm2_geteccparameters.oCC tools/tpm2-tpm2_ecephemeral.oCC tools/tpm2-tpm2_commit.oCC tools/tpm2-tpm2_ecdhkeygen.oCC tools/tpm2-tpm2_ecdhzgen.oCC tools/tpm2-tpm2_zgen2phase.oCC tools/tpm2-tpm2_sessionconfig.oCC tools/tpm2-tpm2_getpolicydigest.oCCLD tools/tpm2GEN man/man1/tpm2_activatecredential.1GEN man/man1/tpm2_certify.1GEN man/man1/tpm2_certifyX509certutil.1GEN man/man1/tpm2_changeauth.1GEN man/man1/tpm2_changeeps.1GEN man/man1/tpm2_changepps.1GEN man/man1/tpm2_checkquote.1GEN man/man1/tpm2_clear.1GEN man/man1/tpm2_clearcontrol.1GEN man/man1/tpm2_clockrateadjust.1GEN man/man1/tpm2_create.1GEN man/man1/tpm2_createak.1GEN man/man1/tpm2_createek.1GEN man/man1/tpm2_createpolicy.1GEN man/man1/tpm2_setprimarypolicy.1GEN man/man1/tpm2_createprimary.1GEN man/man1/tpm2_dictionarylockout.1GEN man/man1/tpm2_duplicate.1GEN man/man1/tpm2_encodeobject.1GEN man/man1/tpm2_getcap.1GEN man/man1/tpm2_encryptdecrypt.1GEN man/man1/tpm2_eventlog.1GEN man/man1/tpm2_evictcontrol.1GEN man/man1/tpm2_flushcontext.1GEN man/man1/tpm2_getekcertificate.1GEN man/man1/tpm2_getrandom.1GEN man/man1/tpm2_gettestresult.1GEN man/man1/tpm2_gettime.1GEN man/man1/tpm2_hierarchycontrol.1GEN man/man1/tpm2_hash.1GEN man/man1/tpm2_hmac.1GEN man/man1/tpm2_import.1GEN man/man1/tpm2_incrementalselftest.1GEN man/man1/tpm2_load.1GEN man/man1/tpm2_loadexternal.1GEN man/man1/tpm2_makecredential.1GEN man/man1/tpm2_nvdefine.1GEN man/man1/tpm2_nvextend.1GEN man/man1/tpm2_nvincrement.1GEN man/man1/tpm2_nvreadpublic.1GEN man/man1/tpm2_nvread.1GEN man/man1/tpm2_nvreadlock.1GEN man/man1/tpm2_nvundefine.1GEN man/man1/tpm2_nvwrite.1GEN man/man1/tpm2_nvwritelock.1GEN man/man1/tpm2_nvsetbits.1GEN man/man1/tpm2_pcrallocate.1GEN man/man1/tpm2_pcrevent.1GEN man/man1/tpm2_pcrextend.1GEN man/man1/tpm2_pcrread.1GEN man/man1/tpm2_pcrreset.1GEN man/man1/tpm2_policypcr.1GEN man/man1/tpm2_policyrestart.1GEN man/man1/tpm2_policycommandcode.1GEN man/man1/tpm2_policynvwritten.1GEN man/man1/tpm2_policyduplicationselect.1GEN man/man1/tpm2_policylocality.1GEN man/man1/tpm2_policyauthorize.1GEN man/man1/tpm2_policyauthorizenv.1GEN man/man1/tpm2_policynv.1GEN man/man1/tpm2_policycountertimer.1GEN man/man1/tpm2_policyor.1GEN man/man1/tpm2_policynamehash.1GEN man/man1/tpm2_policytemplate.1GEN man/man1/tpm2_policycphash.1GEN man/man1/tpm2_policypassword.1GEN man/man1/tpm2_policysigned.1GEN man/man1/tpm2_policyticket.1GEN man/man1/tpm2_policyauthvalue.1GEN man/man1/tpm2_policysecret.1GEN man/man1/tpm2_print.1GEN man/man1/tpm2_quote.1GEN man/man1/tpm2_rc_decode.1GEN man/man1/tpm2_readclock.1GEN man/man1/tpm2_readpublic.1GEN man/man1/tpm2_rsadecrypt.1GEN man/man1/tpm2_rsaencrypt.1GEN man/man1/tpm2_send.1GEN man/man1/tpm2_selftest.1GEN man/man1/tpm2_setclock.1GEN man/man1/tpm2_shutdown.1GEN man/man1/tpm2_sign.1GEN man/man1/tpm2_certifycreation.1GEN man/man1/tpm2_nvcertify.1GEN man/man1/tpm2_startauthsession.1GEN man/man1/tpm2_startup.1GEN man/man1/tpm2_stirrandom.1GEN man/man1/tpm2_testparms.1GEN man/man1/tpm2_unseal.1GEN man/man1/tpm2_verifysignature.1GEN man/man1/tpm2_setcommandauditstatus.1GEN man/man1/tpm2_getcommandauditdigest.1GEN man/man1/tpm2_getsessionauditdigest.1GEN man/man1/tpm2_geteccparameters.1GEN man/man1/tpm2_ecephemeral.1GEN man/man1/tpm2_commit.1GEN man/man1/tpm2_ecdhkeygen.1GEN man/man1/tpm2_ecdhzgen.1GEN man/man1/tpm2_zgen2phase.1GEN man/man1/tpm2_sessionconfig.1GEN man/man1/tpm2_getpolicydigest.1GEN man/man1/tpm2.1GEN man/man1/tss2_list.1GEN man/man1/tss2_changeauth.1GEN man/man1/tss2_delete.1GEN man/man1/tss2_import.1GEN man/man1/tss2_decrypt.1GEN man/man1/tss2_encrypt.1GEN man/man1/tss2_getinfo.1GEN man/man1/tss2_createnv.1GEN man/man1/tss2_nvread.1GEN man/man1/tss2_nvextend.1GEN man/man1/tss2_nvincrement.1GEN man/man1/tss2_nvsetbits.1GEN man/man1/tss2_nvwrite.1GEN man/man1/tss2_createkey.1GEN man/man1/tss2_createseal.1GEN man/man1/tss2_getcertificate.1GEN man/man1/tss2_getplatformcertificates.1GEN man/man1/tss2_gettpmblobs.1GEN man/man1/tss2_getappdata.1GEN man/man1/tss2_gettpm2object.1GEN man/man1/tss2_setappdata.1GEN man/man1/tss2_setcertificate.1GEN man/man1/tss2_exportkey.1GEN man/man1/tss2_sign.1GEN man/man1/tss2_verifysignature.1GEN man/man1/tss2_verifyquote.1GEN man/man1/tss2_getdescription.1GEN man/man1/tss2_setdescription.1GEN man/man1/tss2_pcrextend.1GEN man/man1/tss2_quote.1GEN man/man1/tss2_pcrread.1GEN man/man1/tss2_provision.1GEN man/man1/tss2_authorizepolicy.1GEN man/man1/tss2_exportpolicy.1GEN man/man1/tss2_unseal.1GEN man/man1/tss2_getrandom.1GEN man/man1/tss2_writeauthorizenv.1
4. 测试
测试tpm2-tools工具连接abrmd服务是否正常(前提是tpm2-abrmd已经启动运行,详见本系列5),命令及结果如下所示:
ph@ph-ThinkBook-14-G2-ITL:~/dingdao/TPM/tools/tpm2-tools$ ./tools/tpm2 getrandom 4** (process:12845): WARNING **: 16:00:46.650: Failed to create connection with service: GDBus.Error:org.freedesktop.DBus.Error.AccessDenied: Rejected send message, 1 matched rules; type="method_call", sender=":1.160" (uid=1000 pid=12845 comm="./tools/tpm2 getrandom 4 " label="unconfined") interface="com.intel.tss2.TctiTabrmd" member="CreateConnection" error name="(unset)" requested_reply="0" destination=":1.158" (uid=0 pid=6839 comm="/usr/local/sbin/tpm2-abrmd --allow-root " label="unconfined")
ERROR:tcti:src/tss2-tcti/tctildr-dl.c:169:tcti_from_file() Could not initialize TCTI file: libtss2-tcti-tabrmd.so.0
ERROR:tcti:src/tss2-tcti/tcti-device.c:451:Tss2_Tcti_Device_Init() Failed to open specified TCTI device file /dev/tpmrm0: Permission denied
ERROR:tcti:src/tss2-tcti/tctildr-dl.c:169:tcti_from_file() Could not initialize TCTI file: libtss2-tcti-device.so.0
ERROR:tcti:src/tss2-tcti/tcti-device.c:451:Tss2_Tcti_Device_Init() Failed to open specified TCTI device file /dev/tpm0: Permission denied
ERROR:tcti:src/tss2-tcti/tctildr-dl.c:169:tcti_from_file() Could not initialize TCTI file: libtss2-tcti-device.so.0
WARNING:tcti:src/util/io.c:262:socket_connect() Failed to connect to host 127.0.0.1, port 2321: errno 111: Connection refused
ERROR:tcti:src/tss2-tcti/tcti-swtpm.c:613:Tss2_Tcti_Swtpm_Init() Cannot connect to swtpm TPM socket
ERROR:tcti:src/tss2-tcti/tctildr-dl.c:169:tcti_from_file() Could not initialize TCTI file: libtss2-tcti-swtpm.so.0
WARNING:tcti:src/util/io.c:262:socket_connect() Failed to connect to host 127.0.0.1, port 2321: errno 111: Connection refused
ERROR:tcti:src/tss2-tcti/tctildr-dl.c:169:tcti_from_file() Could not initialize TCTI file: libtss2-tcti-mssim.so.0
ERROR:tcti:src/tss2-tcti/tctildr-dl.c:269:tctildr_get_default() No standard TCTI could be loaded
ERROR:tcti:src/tss2-tcti/tctildr.c:430:Tss2_TctiLdr_Initialize_Ex() Failed to instantiate TCTI
ERROR: Could not load tcti, got: "(null)"
使用sudo再次运行命令:
ph@ph-ThinkBook-14-G2-ITL:~/dingdao/TPM/tools/tpm2-tools$ sudo ./tools/tpm2 getrandom 4
�i�4ph@ph-ThinkBook-14-G2-ITL:~/dingdao/TPM/tools/tpm2-tools$ 如果tpm2-abrmd没有先启动,运行上述命令的结果为:
ph@ph-ThinkBook-14-G2-ITL:~/dingdao/TPM/tools/tpm2-tools$ sudo ./tools/tpm2 getrandom 4** (process:12942): CRITICAL **: 16:08:35.294: failed to allocate dbus proxy object: Error calling StartServiceByName for com.intel.tss2.Tabrmd: Unit tpm2-abrmd.service not found.
ERROR:tcti:src/tss2-tcti/tctildr-dl.c:169:tcti_from_file() Could not initialize TCTI file: libtss2-tcti-tabrmd.so.0
�,�@ph@ph-ThinkBook-14-G2-ITL:~/dingdao/TPM/tools/tpm2-tools$
以上测试物理真机上,在模拟器环境下测试步骤及结果如下:
(1)启动tpm模拟器
ph@ph-ThinkBook-14-G2-ITL:~/dingdao/TPM/ibmtpm/ibmtpm/src$ ./tpm_server
LIBRARY_COMPATIBILITY_CHECK is ON
Starting ACT thread...
TPM command server listening on port 2321
Platform server listening on port 2322
(2)启动tpm-abrmd
ph@ph-ThinkBook-14-G2-ITL:~/dingdao/TPM/abrmd/tpm2-abrmd$ sudo /usr/local/sbin/tpm2-abrmd --allow-root --tcti=mssim此时运行tpm_server的终端出现如下信息:
ph@ph-ThinkBook-14-G2-ITL:~/dingdao/TPM/ibmtpm/ibmtpm/src$ ./tpm_server
LIBRARY_COMPATIBILITY_CHECK is ON
Starting ACT thread...
TPM command server listening on port 2321
Platform server listening on port 2322
Platform IPv4 client accepted
Command IPv4 client accepted
(3)再次测试tpm2-tools
ph@ph-ThinkBook-14-G2-ITL:~/dingdao/TPM/tools/tpm2-tools$ sudo ./tools/tpm2 getrandom 4
Q��xph@ph-ThinkBook-14-G2-ITL:~/dingdao/TPM/tools/tpm2-tools$
上一篇:Unity Cg着色器开发教程
相关内容
热门资讯
【NI Multisim 14...
目录 序言 一、工具栏 🍊1.“标准”工具栏 🍊 2.视图工具...
AWSECS:访问外部网络时出...
如果您在AWS ECS中部署了应用程序,并且该应用程序需要访问外部网络,但是无法正常访问,可能是因为...
银河麒麟V10SP1高级服务器...
银河麒麟高级服务器操作系统简介: 银河麒麟高级服务器操作系统V10是针对企业级关键业务...
不能访问光猫的的管理页面
光猫是现代家庭宽带网络的重要组成部分,它可以提供高速稳定的网络连接。但是,有时候我们会遇到不能访问光...
AWSElasticBeans...
在Dockerfile中手动配置nginx反向代理。例如,在Dockerfile中添加以下代码:FR...
Android|无法访问或保存...
这个问题可能是由于权限设置不正确导致的。您需要在应用程序清单文件中添加以下代码来请求适当的权限:此外...
月入8000+的steam搬砖...
大家好,我是阿阳 今天要给大家介绍的是 steam 游戏搬砖项目,目前...
ToDesk 远程工具安装及...
目录 前言 ToDesk 优势 ToDesk 下载安装 ToDesk 功能展示 文件传输 设备链接 ...
北信源内网安全管理卸载
北信源内网安全管理是一款网络安全管理软件,主要用于保护内网安全。在日常使用过程中,卸载该软件是一种常...
AWS管理控制台菜单和权限
要在AWS管理控制台中创建菜单和权限,您可以使用AWS Identity and Access Ma...