Discrete TPM 2.0 chips
http://www.trustedcomputinggroup.org/membership/certification/tpm-certified-products/
- Infineon OPTIGA
-
- SPI,VQFN-32: SLB 9670 XQ2.0 FW7.40
- LPC,VQFN-32: SLB 9665 VQ2.0 FW5.51
- LPC,TSSOP-28:SLB 9665 TT2.0 FW5.51
- http://www.infineon.com/cms/jp/product/security-and-smart-card-solutions/optiga-embedded-security-solutions/optiga-tpm/channel.html?channel=5546d462503812bb015066de24291768#goto_producttable
- SPI and LPC
- price: $2.5
- board
- Novoton SafeKeeper
- ST micro
-
- ST33TPxF2E
- ST33TPxF20
- SPI: ST33TPHF20SPI
Thinkpad X1 tablet + Ubuntu + TPM2
- install Ubuntu 16.04
- install TSS2
sudo apt-get tpm2-tools libtss2-0 libtss2-utils sudo systemctl start tpm2-resourcemgr tpm2_listpcrs Show all PCR banks: Bank/Algorithm: TPM_ALG_SHA1(0x0004) PCR_00: 77 0e fa d7 a2 fd 17 6a 6f a4 6d a5 8c 97 a5 47 5a 5d ba 42 PCR_01: 75 61 f9 2e 8d ad dc 4f 77 48 91 81 fa af 73 ca f3 3c 78 07 PCR_02: b2 a8 3b 0e bf 2f 83 74 29 9a 5b 2b df c3 1e a9 55 ad 72 36 PCR_03: b2 a8 3b 0e bf 2f 83 74 29 9a 5b 2b df c3 1e a9 55 ad 72 36 PCR_04: 63 cf 1e 89 63 2e 14 d4 a4 93 50 e2 25 e3 1d 49 db 47 b2 76 PCR_05: a0 85 ce 6b 63 cd 38 34 52 7f 32 dd 30 0f cb c0 02 93 44 36 PCR_06: b2 a8 3b 0e bf 2f 83 74 29 9a 5b 2b df c3 1e a9 55 ad 72 36 PCR_07: b0 97 4e 64 c6 a8 83 70 91 9e c7 93 ce 97 79 b2 5d 4f 87 78 PCR_08: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 PCR_09: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 PCR_10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 PCR_11: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 PCR_12: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 PCR_13: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 PCR_14: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 PCR_15: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 PCR_16: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 PCR_17: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff PCR_18: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff PCR_19: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff PCR_20: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff PCR_21: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff PCR_22: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff PCR_23: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
- install IBM TSS2.0
Download the latest tar archive from https://sourceforge.net/projects/ibmtpm20tss/
sudo apt-get install libssl-dev cd tpm2/utils OPTION) EDIT makefile for TPM device to change the default tpm (default is SWTPM) make sudo systemctl stop tpm2-resourcemgr sudo chmod 777 /dev/tpm0 export TPM_INTERFACE_TYPE=dev $ ./getcapability -cap 6 moreData: 1 64 properties TPM_PT 00000100 value 322e3000 TPM_PT_FAMILY_INDICATOR - a 4-octet character string containing the TPM Family value (TPM_SPEC_FAMILY) TPM_PT 00000101 value 00000000 TPM_PT_LEVEL - the level of the specification TPM_PT 00000102 value 00000074 TPM_PT_REVISION - the specification Revision times 100 TPM_PT 00000103 value 0000012f TPM_PT_DAY_OF_YEAR - the specification day of year using TCG calendar TPM_PT 00000104 value 000007de TPM_PT_YEAR - the specification year using the CE TPM_PT 00000105 value 494e5443 TPM_PT_MANUFACTURER - the vendor ID unique to each TPM manufacturer TPM_PT 00000106 value 496e7465 TPM_PT_VENDOR_STRING_1 - the first four characters of the vendor ID string TPM_PT 00000107 value 6c000000 TPM_PT_VENDOR_STRING_2 - the second four characters of the vendor ID string TPM_PT 00000108 value 00000000 TPM_PT_VENDOR_STRING_3 - the third four characters of the vendor ID string TPM_PT 00000109 value 00000000 TPM_PT_VENDOR_STRING_4 - the fourth four characters of the vendor ID sting TPM_PT 0000010a value 00000000 TPM_PT_VENDOR_TPM_TYPE - vendor-defined value indicating the TPM model TPM_PT 0000010b value 000b0000 TPM_PT_FIRMWARE_VERSION_1 - the most-significant 32 bits of a TPM vendor-specific value indicating the version number of the firmware TPM_PT 0000010c value 001003e8 TPM_PT_FIRMWARE_VERSION_2 - the least-significant 32 bits of a TPM vendor-specific value indicating the version number of the firmware TPM_PT 0000010d value 00000400 TPM_PT_INPUT_BUFFER - the maximum size of a parameter (typically, a TPM2B_MAX_BUFFER) TPM_PT 0000010e value 00000003 TPM_PT_HR_TRANSIENT_MIN - the minimum number of transient objects that can be held in TPM RAM TPM_PT 0000010f value 00000007 TPM_PT_HR_PERSISTENT_MIN - the minimum number of persistent objects that can be held in TPM NV memory TPM_PT 00000110 value 00000003 TPM_PT_HR_LOADED_MIN - the minimum number of authorization sessions that can be held in TPM RAM TPM_PT 00000111 value 00000040 TPM_PT_ACTIVE_SESSIONS_MAX - the number of authorization sessions that may be active at a time TPM_PT 00000112 value 00000018 TPM_PT_PCR_COUNT - the number of PCR implemented TPM_PT 00000113 value 00000003 TPM_PT_PCR_SELECT_MIN - the minimum number of octets in a TPMS_PCR_SELECT.sizeOfSelect TPM_PT 00000114 value 0000ffff TPM_PT_CONTEXT_GAP_MAX - the maximum allowed difference (unsigned) between the contextID values of two saved session contexts TPM_PT 00000116 value 00000010 TPM_PT_NV_COUNTERS_MAX - the maximum number of NV Indexes that are allowed to have the TPMA_NV_COUNTER attribute SET TPM_PT 00000117 value 00000800 TPM_PT_NV_INDEX_MAX - the maximum size of an NV Index data area TPM_PT 00000118 value 00000006 TPM_PT_MEMORY - a TPMA_MEMORY indicating the memory management method for the TPM TPM_PT 00000119 value 00001000 TPM_PT_CLOCK_UPDATE - interval, in milliseconds, between updates to the copy of TPMS_CLOCK_INFO.clock in NV TPM_PT 0000011a value 0000000b TPM_PT_CONTEXT_HASH - the algorithm used for the integrity HMAC on saved contexts and for hashing the fuData of TPM2_FirmwareRead() TPM_PT 0000011b value 00000006 TPM_PT_CONTEXT_SYM - TPM_ALG_ID, the algorithm used for encryption of saved contexts TPM_PT 0000011c value 00000080 TPM_PT_CONTEXT_SYM_SIZE - TPM_KEY_BITS, the size of the key used for encryption of saved contexts TPM_PT 0000011d value 000000ff TPM_PT_ORDERLY_COUNT - the modulus - 1 of the count for NV update of an orderly counter TPM_PT 0000011e value 00000f80 TPM_PT_MAX_COMMAND_SIZE - the maximum value for commandSize in a command TPM_PT 0000011f value 00000f80 TPM_PT_MAX_RESPONSE_SIZE - the maximum value for responseSize in a response TPM_PT 00000120 value 00000020 TPM_PT_MAX_DIGEST - the maximum size of a digest that can be produced by the TPM TPM_PT 00000121 value 000003a0 TPM_PT_MAX_OBJECT_CONTEXT - the maximum size of an object context that will be returned by TPM2_ContextSave TPM_PT 00000122 value 000000f0 TPM_PT_MAX_SESSION_CONTEXT - the maximum size of a session context that will be returned by TPM2_ContextSave TPM_PT 00000123 value 00000001 TPM_PT_PS_FAMILY_INDICATOR - platform-specific family (a TPM_PS value)(see Table 24) TPM_PT 00000124 value 00000000 TPM_PT_PS_LEVEL - the level of the platform-specific specification TPM_PT 00000125 value 00000100 TPM_PT_PS_REVISION - the specification Revision times 100 for the platform-specific specification TPM_PT 00000126 value 00000000 TPM_PT_PS_DAY_OF_YEAR - the platform-specific specification day of year using TCG calendar TPM_PT 00000127 value 00000000 TPM_PT_PS_YEAR - the platform-specific specification year using the CE TPM_PT 00000128 value 00000080 TPM_PT_SPLIT_MAX - the number of split signing operations supported by the TPM TPM_PT 00000129 value 0000005f TPM_PT_TOTAL_COMMANDS - total number of commands implemented in the TPM TPM_PT 0000012a value 0000005f TPM_PT_LIBRARY_COMMANDS - number of commands from the TPM library that are implemented TPM_PT 0000012b value 00000000 TPM_PT_VENDOR_COMMANDS - number of vendor commands that are implemented TPM_PT 0000012c value 00000800 TPM_PT_NV_BUFFER_MAX - the maximum data size in one NV write command TPM_PT 00000200 value 00000104 TPM_PT_PERMANENT - TPMA_PERMANENT TPM_PT 00000201 value 8000000f TPM_PT_STARTUP_CLEAR - TPMA_STARTUP_CLEAR TPM_PT 00000202 value 00000002 TPM_PT_HR_NV_INDEX - the number of NV Indexes currently defined TPM_PT 00000203 value 00000000 TPM_PT_HR_LOADED - the number of authorization sessions currently loaded into TPM RAM TPM_PT 00000204 value 00000003 TPM_PT_HR_LOADED_AVAIL - the number of additional authorization sessions, of any type, that could be loaded into TPM RAM TPM_PT 00000205 value 00000000 TPM_PT_HR_ACTIVE - the number of active authorization sessions currently being tracked by the TPM TPM_PT 00000206 value 00000040 TPM_PT_HR_ACTIVE_AVAIL - the number of additional authorization sessions, of any type, that could be created TPM_PT 00000207 value 00000003 TPM_PT_HR_TRANSIENT_AVAIL - estimate of the number of additional transient objects that could be loaded into TPM RAM TPM_PT 00000208 value 00000003 TPM_PT_HR_PERSISTENT - the number of persistent objects currently loaded into TPM NV memory TPM_PT 00000209 value 0000000f TPM_PT_HR_PERSISTENT_AVAIL - the number of additional persistent objects that could be loaded into NV memory TPM_PT 0000020a value 00000002 TPM_PT_NV_COUNTERS - the number of defined NV Indexes that have NV TPMA_NV_COUNTER attribute SET TPM_PT 0000020b value 000000a1 TPM_PT_NV_COUNTERS_AVAIL - the number of additional NV Indexes that can be defined with their TPMA_NV_COUNTER and TPMA_NV_ORDERLY attribute SET TPM_PT 0000020c value 00000000 TPM_PT_ALGORITHM_SET - code that limits the algorithms that may be used with the TPM TPM_PT 0000020d value 00000002 TPM_PT_LOADED_CURVES - the number of loaded ECC curves TPM_PT 0000020e value 00000000 TPM_PT_LOCKOUT_COUNTER - the current value of the lockout counter (failedTries) TPM_PT 0000020f value 00000020 TPM_PT_MAX_AUTH_FAIL - the number of authorization failures before DA lockout is invoked TPM_PT 00000210 value 00001c20 TPM_PT_LOCKOUT_INTERVAL - the number of seconds before the value reported by TPM_PT_LOCKOUT_COUNTER is decremented TPM_PT 00000211 value 00015180 TPM_PT_LOCKOUT_RECOVERY - the number of seconds after a lockoutAuth failure before use of lockoutAuth may be attempted again TPM_PT 00000212 value 00000000 TPM_PT_NV_WRITE_RECOVERY - number of milliseconds before the TPM will accept another command that will modify NV TPM_PT 00000213 value 00000000 TPM_PT_AUDIT_COUNTER_0 - the high-order 32 bits of the command audit counter $ ./pcrread -ha 0 -halg sha1
- install IBM TSS2.0 demo
sudo apt-get install openssl libssl-dev sudo apt-get install php php-dev sudo apt-get install tomcat7 sudo apt-get install apache2 sudo apt-get install libapache2-mod-php sudo mkdir /var/www/html/tpm2 sudo chmod 777 /var/www/html/tpm2 sudo make -f makefilesha1_dev
Ubuntu 16.04 Memo
http://qiita.com/yas-nyan/items/55e764304c67736ff9ba
これ、16.04だとできなくなった気がする。。。
http://ottan.xyz/ubuntu-16-04-ime-on-off-4913/
PCの英語KBだとALTのLとRに割り当てられるといいんだけどだめか。。。
- ubuntu で alt を無効に ※「コンピューターとオンラインリソースを検索」= HUDを無効に
http://blog.livedoor.jp/kmiwa_project/archives/1024675920.html
これはやっといた方が便利だ。
Mac - SSD
- ?
- MacBook Air (2010 - 2011)
- M.2 Adapter
- NGFF-APSSD12-6 Sourcingbay M.2 (NGFF) SSD → 18ピン アダプター 2010-2011 Macbook Air対応
- ?
- MacBook Air (2012)
- M.2 Adapter
- SATA Adopter
- Sourcingbay 2012 MacBook Air SSDをSATAに変換するアダプター
- PCIe SSD
- MacBook Air (6.1 - 7.2, 2013 - 2015)
- MacBook Pro (11.1 - 11.5, 2013 - 2015)
- iMac (14.1 - 15.1, 2013 - 2014)
- MacMini (7.1, 2014)
- MacPro (2013-)
- M.2 Adapter
DELL XPS 9550: TPM1.2 to TPM2.0
DELL の XPS9550 は TPM1.2とTPM2.0を両方サポートしている
出荷時は1.2なのでユーティリティを使って更新する。
http://www.dell.com/support/home/jp/ja/jpdhs1/Drivers/DriversDetails?driverId=2105J
この作業を行うOSはWindowsでないとダメ。
BIOSが1.1.19だと失敗。最新の1.2.14に更新後は成功。
- TPM FW更新手順
01.01.XX ではBIOSのSecurityの項目にTPMがあるが、01.02.XXに更新するとTPMの項目が消える模様。
1.2.0 1.2.2 1.2.10 では同じ症状とのこと
http://en.community.dell.com/support-forums/laptop/f/3518/t/19985939
- DELLの製品サポートページから最新版を導入
http://www.dell.com/support/home/jp/ja/jpdhs1/product-support/product/xps-15-9550-laptop/drivers
普段Ubuntuを使っている場合は、一旦OSをWindowsに変更して実施。
安いM.2 SSDにWindowsを入れとく(残しておく)と良いかもしれない。SSDの交換は裏蓋を開ければ比較的簡単だが、開封にはT5のトルクスドライバーが必要。
MinnowBoard Turbot
- Use Discrete TPM 2.0 Moduleon MinnowBoard Turbot
This video is part of the training video series for Intel Cup ESDC 2016. This is a training session regarding use discrete TPM2.0 module on Minnowboard Turbot to enhance the security feature of your IoT solution.
https://software.intel.com/en-us/videos/use-discrete-tpm-2-0-moduleon-minnowboard-turbot
-
- Nationz I2C TPM Z32H320TC
http://www.nationz.com.cn/html/en/index.php?ac=article&at=list&tid=68
http://www.nationz.com.cn/upfile/2016/20160505085704_844.pdf
https://developer.mbed.org/users/LordOfDorks/code/NationZ_TPM20/
-
- IBMTSS
-
- Windows 10 IoT Core Security
https://github.com/ms-iot/security
https://github.com/ms-iot/security/blob/master/TPM-ACPITABL/ASL/NTZI2C-TPM20.asl