Discrete TPM 2.0 chips

http://www.trustedcomputinggroup.org/membership/certification/tpm-certified-products/

Infineon OPTIGA

- SPI,VQFN-32: SLB 9670 XQ2.0 FW7.40
- LPC,VQFN-32: SLB 9665 VQ2.0 FW5.51
- LPC,TSSOP-28:SLB 9665 TT2.0 FW5.51
- http://www.infineon.com/cms/jp/product/security-and-smart-card-solutions/optiga-embedded-security-solutions/optiga-tpm/channel.html?channel=5546d462503812bb015066de24291768#goto_producttable
  - SPI and LPC
- price: $2.5
  - https://www.arrow.com/en/products/slb9670vq2.0fw7.40/infineon-technologies-ag
  - https://www.verical.com/pd/infineon-technologies-ag-interface---misc-SLB-9670VQ2-0-FW7-40-2076084
- board
  - http://www.gigabyte.jp/products/product-page.aspx?pid=5772#ov
    - https://www.amazon.com/Gigabyte-GC-TPM-Trusted-Platform-Module/dp/B00U07T0UE
  - Asus TPM-M R2.0
    - https://www.amazon.com/Asus-TPM-M-R2-0-14-1-Module/dp/B01DQQLH74/

Novoton SafeKeeper

ST micro

- ST33TPxF2E
- ST33TPxF20
- SPI: ST33TPHF20SPI
  - http://www.st.com/content/st_com/en/products/secure-mcus/authentication-secure-iot/st33tphf20spi.html
  - DS http://www.st.com/content/ccc/resource/technical/document/data_brief/group0/54/b5/c9/a5/e7/c3/4b/8e/DM00275005/files/DM00275005.pdf/jcr:content/translations/en.DM00275005.pdf

Nationz
- I2C: Z32H320TC

2016-10-19

Thinkpad X1 tablet + Ubuntu + TPM2

install Ubuntu 16.04

install TSS2

sudo apt-get tpm2-tools libtss2-0 libtss2-utils

sudo systemctl start tpm2-resourcemgr

tpm2_listpcrs

Show all PCR banks:

Bank/Algorithm: TPM_ALG_SHA1(0x0004)
PCR_00: 77 0e fa d7 a2 fd 17 6a 6f a4 6d a5 8c 97 a5 47 5a 5d ba 42
PCR_01: 75 61 f9 2e 8d ad dc 4f 77 48 91 81 fa af 73 ca f3 3c 78 07
PCR_02: b2 a8 3b 0e bf 2f 83 74 29 9a 5b 2b df c3 1e a9 55 ad 72 36
PCR_03: b2 a8 3b 0e bf 2f 83 74 29 9a 5b 2b df c3 1e a9 55 ad 72 36
PCR_04: 63 cf 1e 89 63 2e 14 d4 a4 93 50 e2 25 e3 1d 49 db 47 b2 76
PCR_05: a0 85 ce 6b 63 cd 38 34 52 7f 32 dd 30 0f cb c0 02 93 44 36
PCR_06: b2 a8 3b 0e bf 2f 83 74 29 9a 5b 2b df c3 1e a9 55 ad 72 36
PCR_07: b0 97 4e 64 c6 a8 83 70 91 9e c7 93 ce 97 79 b2 5d 4f 87 78
PCR_08: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR_09: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR_10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR_11: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR_12: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR_13: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR_14: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR_15: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR_16: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR_17: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
PCR_18: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
PCR_19: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
PCR_20: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
PCR_21: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
PCR_22: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
PCR_23: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

install IBM TSS2.0

Download the latest tar archive from https://sourceforge.net/projects/ibmtpm20tss/

sudo apt-get install libssl-dev

cd tpm2/utils

OPTION) EDIT makefile for TPM device to change the default tpm (default is SWTPM)

make

sudo systemctl stop tpm2-resourcemgr
sudo chmod 777 /dev/tpm0

export TPM_INTERFACE_TYPE=dev

$ ./getcapability -cap 6
moreData: 1
64 properties
TPM_PT 00000100 value 322e3000 TPM_PT_FAMILY_INDICATOR - a 4-octet character string containing the TPM Family value (TPM_SPEC_FAMILY)
TPM_PT 00000101 value 00000000 TPM_PT_LEVEL - the level of the specification
TPM_PT 00000102 value 00000074 TPM_PT_REVISION - the specification Revision times 100
TPM_PT 00000103 value 0000012f TPM_PT_DAY_OF_YEAR - the specification day of year using TCG calendar
TPM_PT 00000104 value 000007de TPM_PT_YEAR - the specification year using the CE
TPM_PT 00000105 value 494e5443 TPM_PT_MANUFACTURER - the vendor ID unique to each TPM manufacturer 
TPM_PT 00000106 value 496e7465 TPM_PT_VENDOR_STRING_1 - the first four characters of the vendor ID string
TPM_PT 00000107 value 6c000000 TPM_PT_VENDOR_STRING_2 - the second four characters of the vendor ID string 
TPM_PT 00000108 value 00000000 TPM_PT_VENDOR_STRING_3 - the third four characters of the vendor ID string 
TPM_PT 00000109 value 00000000 TPM_PT_VENDOR_STRING_4 - the fourth four characters of the vendor ID sting 
TPM_PT 0000010a value 00000000 TPM_PT_VENDOR_TPM_TYPE - vendor-defined value indicating the TPM model 
TPM_PT 0000010b value 000b0000 TPM_PT_FIRMWARE_VERSION_1 - the most-significant 32 bits of a TPM vendor-specific value indicating the version number of the firmware
TPM_PT 0000010c value 001003e8 TPM_PT_FIRMWARE_VERSION_2 - the least-significant 32 bits of a TPM vendor-specific value indicating the version number of the firmware
TPM_PT 0000010d value 00000400 TPM_PT_INPUT_BUFFER - the maximum size of a parameter (typically, a TPM2B_MAX_BUFFER)
TPM_PT 0000010e value 00000003 TPM_PT_HR_TRANSIENT_MIN - the minimum number of transient objects that can be held in TPM RAM
TPM_PT 0000010f value 00000007 TPM_PT_HR_PERSISTENT_MIN - the minimum number of persistent objects that can be held in TPM NV memory
TPM_PT 00000110 value 00000003 TPM_PT_HR_LOADED_MIN - the minimum number of authorization sessions that can be held in TPM RAM
TPM_PT 00000111 value 00000040 TPM_PT_ACTIVE_SESSIONS_MAX - the number of authorization sessions that may be active at a time
TPM_PT 00000112 value 00000018 TPM_PT_PCR_COUNT - the number of PCR implemented
TPM_PT 00000113 value 00000003 TPM_PT_PCR_SELECT_MIN - the minimum number of octets in a TPMS_PCR_SELECT.sizeOfSelect
TPM_PT 00000114 value 0000ffff TPM_PT_CONTEXT_GAP_MAX - the maximum allowed difference (unsigned) between the contextID values of two saved session contexts
TPM_PT 00000116 value 00000010 TPM_PT_NV_COUNTERS_MAX - the maximum number of NV Indexes that are allowed to have the TPMA_NV_COUNTER attribute SET
TPM_PT 00000117 value 00000800 TPM_PT_NV_INDEX_MAX - the maximum size of an NV Index data area
TPM_PT 00000118 value 00000006 TPM_PT_MEMORY - a TPMA_MEMORY indicating the memory management method for the TPM
TPM_PT 00000119 value 00001000 TPM_PT_CLOCK_UPDATE - interval, in milliseconds, between updates to the copy of TPMS_CLOCK_INFO.clock in NV
TPM_PT 0000011a value 0000000b TPM_PT_CONTEXT_HASH - the algorithm used for the integrity HMAC on saved contexts and for hashing the fuData of TPM2_FirmwareRead()
TPM_PT 0000011b value 00000006 TPM_PT_CONTEXT_SYM - TPM_ALG_ID, the algorithm used for encryption of saved contexts
TPM_PT 0000011c value 00000080 TPM_PT_CONTEXT_SYM_SIZE - TPM_KEY_BITS, the size of the key used for encryption of saved contexts
TPM_PT 0000011d value 000000ff TPM_PT_ORDERLY_COUNT - the modulus - 1 of the count for NV update of an orderly counter
TPM_PT 0000011e value 00000f80 TPM_PT_MAX_COMMAND_SIZE - the maximum value for commandSize in a command
TPM_PT 0000011f value 00000f80 TPM_PT_MAX_RESPONSE_SIZE - the maximum value for responseSize in a response
TPM_PT 00000120 value 00000020 TPM_PT_MAX_DIGEST - the maximum size of a digest that can be produced by the TPM
TPM_PT 00000121 value 000003a0 TPM_PT_MAX_OBJECT_CONTEXT - the maximum size of an object context that will be returned by TPM2_ContextSave
TPM_PT 00000122 value 000000f0 TPM_PT_MAX_SESSION_CONTEXT - the maximum size of a session context that will be returned by TPM2_ContextSave
TPM_PT 00000123 value 00000001 TPM_PT_PS_FAMILY_INDICATOR - platform-specific family (a TPM_PS value)(see Table 24)
TPM_PT 00000124 value 00000000 TPM_PT_PS_LEVEL - the level of the platform-specific specification
TPM_PT 00000125 value 00000100 TPM_PT_PS_REVISION - the specification Revision times 100 for the platform-specific specification
TPM_PT 00000126 value 00000000 TPM_PT_PS_DAY_OF_YEAR - the platform-specific specification day of year using TCG calendar
TPM_PT 00000127 value 00000000 TPM_PT_PS_YEAR - the platform-specific specification year using the CE
TPM_PT 00000128 value 00000080 TPM_PT_SPLIT_MAX - the number of split signing operations supported by the TPM
TPM_PT 00000129 value 0000005f TPM_PT_TOTAL_COMMANDS - total number of commands implemented in the TPM
TPM_PT 0000012a value 0000005f TPM_PT_LIBRARY_COMMANDS - number of commands from the TPM library that are implemented
TPM_PT 0000012b value 00000000 TPM_PT_VENDOR_COMMANDS - number of vendor commands that are implemented
TPM_PT 0000012c value 00000800 TPM_PT_NV_BUFFER_MAX - the maximum data size in one NV write command
TPM_PT 00000200 value 00000104 TPM_PT_PERMANENT - TPMA_PERMANENT 
TPM_PT 00000201 value 8000000f TPM_PT_STARTUP_CLEAR - TPMA_STARTUP_CLEAR 
TPM_PT 00000202 value 00000002 TPM_PT_HR_NV_INDEX - the number of NV Indexes currently defined 
TPM_PT 00000203 value 00000000 TPM_PT_HR_LOADED - the number of authorization sessions currently loaded into TPM RAM
TPM_PT 00000204 value 00000003 TPM_PT_HR_LOADED_AVAIL - the number of additional authorization sessions, of any type, that could be loaded into TPM RAM
TPM_PT 00000205 value 00000000 TPM_PT_HR_ACTIVE - the number of active authorization sessions currently being tracked by the TPM
TPM_PT 00000206 value 00000040 TPM_PT_HR_ACTIVE_AVAIL - the number of additional authorization sessions, of any type, that could be created
TPM_PT 00000207 value 00000003 TPM_PT_HR_TRANSIENT_AVAIL - estimate of the number of additional transient objects that could be loaded into TPM RAM
TPM_PT 00000208 value 00000003 TPM_PT_HR_PERSISTENT - the number of persistent objects currently loaded into TPM NV memory
TPM_PT 00000209 value 0000000f TPM_PT_HR_PERSISTENT_AVAIL - the number of additional persistent objects that could be loaded into NV memory
TPM_PT 0000020a value 00000002 TPM_PT_NV_COUNTERS - the number of defined NV Indexes that have NV TPMA_NV_COUNTER attribute SET
TPM_PT 0000020b value 000000a1 TPM_PT_NV_COUNTERS_AVAIL - the number of additional NV Indexes that can be defined with their TPMA_NV_COUNTER and TPMA_NV_ORDERLY attribute SET
TPM_PT 0000020c value 00000000 TPM_PT_ALGORITHM_SET - code that limits the algorithms that may be used with the TPM
TPM_PT 0000020d value 00000002 TPM_PT_LOADED_CURVES - the number of loaded ECC curves 
TPM_PT 0000020e value 00000000 TPM_PT_LOCKOUT_COUNTER - the current value of the lockout counter (failedTries) 
TPM_PT 0000020f value 00000020 TPM_PT_MAX_AUTH_FAIL - the number of authorization failures before DA lockout is invoked
TPM_PT 00000210 value 00001c20 TPM_PT_LOCKOUT_INTERVAL - the number of seconds before the value reported by TPM_PT_LOCKOUT_COUNTER is decremented
TPM_PT 00000211 value 00015180 TPM_PT_LOCKOUT_RECOVERY - the number of seconds after a lockoutAuth failure before use of lockoutAuth may be attempted again
TPM_PT 00000212 value 00000000 TPM_PT_NV_WRITE_RECOVERY - number of milliseconds before the TPM will accept another command that will modify NV
TPM_PT 00000213 value 00000000 TPM_PT_AUDIT_COUNTER_0 - the high-order 32 bits of the command audit counter 


$ ./pcrread -ha 0 -halg sha1

install IBM TSS2.0 demo

sudo apt-get install openssl  libssl-dev
sudo apt-get install php php-dev
sudo apt-get install tomcat7
sudo apt-get install apache2
sudo apt-get install libapache2-mod-php

sudo  mkdir /var/www/html/tpm2
sudo chmod 777 /var/www/html/tpm2

sudo make -f makefilesha1_dev

Open http://localhost/tpm2/index.php

2016-10-15

Ubuntu 16.04 Memo

Ubuntuの入力モード切り替えのキーバインドを変更してMac風にする

http://qiita.com/yas-nyan/items/55e764304c67736ff9ba

これ、16.04だとできなくなった気がする。。。

Ubuntu 16.04 LTSで、Macの「英数」「かな」キーにIMEオフ、オンを割り当てる

http://ottan.xyz/ubuntu-16-04-ime-on-off-4913/

PCの英語KBだとALTのLとRに割り当てられるといいんだけどだめか。。。

ubuntu で　alt　を無効に　※「コンピューターとオンラインリソースを検索」＝ HUDを無効に

http://blog.livedoor.jp/kmiwa_project/archives/1024675920.html

これはやっといた方が便利だ。

2016-10-02

Mac - SSD

?
- MacBook Air (2010 - 2011)
- M.2 Adapter
  - NGFF-APSSD12-6 Sourcingbay M.2 (NGFF) SSD → 18ピンアダプター 2010-2011 Macbook Air対応

?
- MacBook Air (2012)
  - Transcend
- M.2 Adapter
- SATA Adopter
  - Sourcingbay 2012 MacBook Air SSDをSATAに変換するアダプター

PCIe SSD
- MacBook Air (6.1 - 7.2, 2013 - 2015)
- MacBook Pro (11.1 - 11.5, 2013 - 2015)
- iMac (14.1 - 15.1, 2013 - 2014)
- MacMini (7.1, 2014)
- MacPro (2013-)
  - OWC Aura SSD for Mac Pro 1TB, 2TB, 3TB
    - https://eshop.macsales.com/shop/ssd/owc/mac-pro/2013
  - Samsung 256G, 512G, 1TB
- M.2 Adapter
  - M2-1022-MAC NGFF M.2 PCIe SSD Card as 2013 2014 2015 MacBook SSD (かなり怪しい)

2016-10-01

DELL XPS 9550: TPM1.2 to TPM2.0

DELL の XPS9550 は TPM1.2とTPM2.0を両方サポートしている

http://en.community.dell.com/techcenter/enterprise-client/w/wiki/11850.how-to-change-tpm-modes-1-2-2-0

出荷時は1.2なのでユーティリティを使って更新する。

http://www.dell.com/support/home/jp/ja/jpdhs1/Drivers/DriversDetails?driverId=2105J

この作業を行うOSはWindowsでないとダメ。
BIOSが1.1.19だと失敗。最新の1.2.14に更新後は成功。

TPM FW更新手順

BIOSを最新版に更新（再起動）
BIOSメニューでTPMをクリア（再起動）
FW更新ユーティリティを起動（再起動）

TPMについてはBIOSのバージョンによる不都合がある模様

01.01.XX ではBIOSのSecurityの項目にTPMがあるが、01.02.XXに更新するとTPMの項目が消える模様。
1.2.0 1.2.2 1.2.10 では同じ症状とのこと

http://en.community.dell.com/support-forums/laptop/f/3518/t/19985939

DELLの製品サポートページから最新版を導入

http://www.dell.com/support/home/jp/ja/jpdhs1/product-support/product/xps-15-9550-laptop/drivers

BIOSやTPMのFW更新はWindowsOSからでないとできない。

普段Ubuntuを使っている場合は、一旦OSをWindowsに変更して実施。
安いM.2 SSDにWindowsを入れとく（残しておく）と良いかもしれない。SSDの交換は裏蓋を開ければ比較的簡単だが、開封にはT5のトルクスドライバーが必要。

2016-09-04

MinnowBoard Turbot

http://www.mouser.jp/ProductDetail/ADI-Engineering/MBT-2210/?qs=sGAEpiMZZMufdu5QM0tCwQsjri8glezVnrrWdiKLvTI%3d

Use Discrete TPM 2.0 Moduleon MinnowBoard Turbot

This video is part of the training video series for Intel Cup ESDC 2016. This is a training session regarding use discrete TPM2.0 module on Minnowboard Turbot to enhance the security feature of your IoT solution.

https://software.intel.com/en-us/videos/use-discrete-tpm-2-0-moduleon-minnowboard-turbot