NUC5I5MYHE + Ubuntu 15.04

F2 -> UEFI setup -> enable TXT
F10 -> boot select
Shift => Grub menu

Power off -> Remove yellow jumper -> Boot -> select 4 to clear TPM -> Power off -> Set yellow jumper [1-2]

    • OS install

Do not use LUKS :-(

http://askubuntu.com/questions/613139/ubuntu-15-04-usb-devices-powered-off-at-encrypted-root-password-prompt
http://askubuntu.com/questions/613241/full-disk-encryption-passphrase-at-boot-keyboard-not-working

$ sudo apt-get update
$ sudo apt-get upgrade
$ sudo apt-get install openssh-server git
    • Kernel 3.19.0 => Video:OK, TPM2:NA
    • Kernel 4.0.9 => Video:OK, TPM2:NG=>OK?
 $ wget \
 http://kernel.ubuntu.com/~kernel-ppa/mainline/v4.0.9-wily/linux-image-4.0.9-040009-generic_4.0.9-040009.201507212131_amd64.deb \
 http://kernel.ubuntu.com/~kernel-ppa/mainline/v4.0.9-wily/linux-headers-4.0.9-040009-generic_4.0.9-040009.201507212131_amd64.deb\
 http://kernel.ubuntu.com/~kernel-ppa/mainline/v4.0.9-wily/linux-headers-4.0.9-040009_4.0.9-040009.201507212131_all.deb
 $ sudo dpkg -i linux-headers-4.0*.deb linux-image-4.0*.deb
 $ reboot

[ 1.289234] tpm_crb MSFT0101:00: ioremap of the command buffer failed
[ 1.293380] tpm_crb: probe of MSFT0101:00 failed with error -12

https://bugzilla.kernel.org/show_bug.cgi?id=98181

tpm_crb.backlist=1 tpm_tis.force=1 

grep menuentry /boot/grub/grub.cfg
sudo vim /etc/default/grub
sudo update-grub

$ dmesg
<SNIP>
[    0.740220] tpm_tis tpm_tis: 2.0 TPM (device-id 0x1A, rev-id 16)
[    2.011423] genirq: Flags mismatch irq 8. 00000000 (rtc0) vs. 00000080 (tpm0)
[    3.516561] tpm_crb: unknown parameter 'backlist' ignored
[    3.516660] Modules linked in: tpm_crb(+) parport_pc ppdev lp parport autofs4 e1000e psmouse usbhid ahci hid ptp libahci pps_core sdhci_acpi sdhci
[    3.516717]  [<ffffffffc03cd244>] crb_acpi_add+0x114/0x2a0 [tpm_crb]
[    3.516753]  [<ffffffffc03d7010>] crb_acpi_driver_init+0x10/0x1000 [tpm_crb]
[    3.516784] tpm_crb MSFT0101:00: ioremap of the command buffer failed
[    3.518838] tpm_crb: probe of MSFT0101:00 failed with error -12
    • Kernel 4.1.3 => Video:NG, TPM2:NG

http://sourcedigit.com/16343-install-linux-kernel-4-1-stable-on-3264-bit-ubuntu-15-04-ubuntu-14-0414-10/

 $ wget \
 http://kernel.ubuntu.com/~kernel-ppa/mainline/v4.1.3-unstable/linux-image-4.1.3-040103-generic_4.1.3-040103.201507220129_amd64.deb \
 http://kernel.ubuntu.com/~kernel-ppa/mainline/v4.1.3-unstable/linux-headers-4.1.3-040103-generic_4.1.3-040103.201507220129_amd64.deb \
 http://kernel.ubuntu.com/~kernel-ppa/mainline/v4.1.3-unstable/linux-headers-4.1.3-040103_4.1.3-040103.201507220129_all.deb
 $ sudo dpkg -i linux-headers-4.1*.deb linux-image-4.1*.deb
 $ reboot

$ dmesg
<SNIP>
[    1.349903] tpm_crb MSFT0101:00: ioremap of the command buffer failed
[    1.352020] tpm_crb: probe of MSFT0101:00 failed with error -12

sudo apt-get remove linux-headers-4.1.3* linux-image-4.1.3*
    • Kernel 4.2 => Video:NG, TPM2:NG
 $ wget \
 http://kernel.ubuntu.com/~kernel-ppa/mainline/v4.2-rc3-unstable/linux-image-4.2.0-040200rc3-generic_4.2.0-040200rc3.201507192329_amd64.deb \
 http://kernel.ubuntu.com/~kernel-ppa/mainline/v4.2-rc3-unstable/linux-headers-4.2.0-040200rc3_4.2.0-040200rc3.201507192329_all.deb \
 http://kernel.ubuntu.com/~kernel-ppa/mainline/v4.2-rc3-unstable/linux-headers-4.2.0-040200rc3-generic_4.2.0-040200rc3.201507192329_amd64.deb
 $ sudo dpkg -i linux-headers-4.2*.deb linux-image-4.2*.deb
 $ reboot

$ dmesg
<SNIP>
[    1.331035] tpm_crb MSFT0101:00: TPM2 ACPI table has a zero address for the control area
[    1.332007] tpm_crb: probe of MSFT0101:00 failed with error -22

sudo apt-get remove linux-headers-4.2.0* linux-image-4.2.0*
    • TPM device driver

https://github.com/PeterHuewe/linux-tpmdd/blob/for-james/drivers/char/tpm/tpm_crb.c

    • IMA
$ sudo cat /sys/kernel/security/ima/ascii_runtime_measurements 
10 cfbe2620da3d75f72918f60297b57bb64fb30ef5 ima-ng sha1:75ee0981b107b37b7715e8992fd1b244c9f80d51 boot_aggregate
$ sudo cat /sys/kernel/security/ima/runtime_measurements_count 
1

http://lxr.free-electrons.com/source/drivers/char/tpm/tpm_crb.c

https://github.com/jethrogb/tpm2-utils

git clone https://github.com/jethrogb/tpm2-utils.git
cd tpm2-utils
make
    • IBM's TPM2.0 TSS (356)

http://sourceforge.net/projects/ibmtpm20tss/

wget http://downloads.sourceforge.net/project/ibmtpm20tss/ibmtss356.tar?r=http%3A%2F%2Fsourceforge.net%2Fprojects%2Fibmtpm20tss%2Ffiles%2F%3Fsource%3Dnavbar&ts=1437574733&use_mirror=cznic

$ sudo apt-get install libssl-dev
$ sudo  chmod 777 /dev/tpm0
$ export TPM_INTERFACE_TYPE=dev

$ cd tpm2/utils
$ make
$ sudo ./getcapability -cap 6
63 properties
TPM_PT 00000100 value 322e3000 TPM_PT_FAMILY_INDICATOR - a 4-octet character string containing the TPM Family value (TPM_SPEC_FAMILY)
TPM_PT 00000101 value 00000000 TPM_PT_LEVEL - the level of the specification
TPM_PT 00000102 value 00000063 TPM_PT_REVISION - the specification Revision times 100
TPM_PT 00000103 value 000000ce TPM_PT_DAY_OF_YEAR - the specification day of year using TCG calendar
TPM_PT 00000104 value 000007dd TPM_PT_YEAR - the specification year using the CE
TPM_PT 00000105 value 49465800 TPM_PT_MANUFACTURER - the vendor ID unique to each TPM manufacturer 
TPM_PT 00000106 value 534c4239 TPM_PT_VENDOR_STRING_1 - the first four characters of the vendor ID string
TPM_PT 00000107 value 36363500 TPM_PT_VENDOR_STRING_2 - the second four characters of the vendor ID string 
TPM_PT 00000108 value 00000000 TPM_PT_VENDOR_STRING_3 - the third four characters of the vendor ID string 
TPM_PT 00000109 value 00000000 TPM_PT_VENDOR_STRING_4 - the fourth four characters of the vendor ID sting 
TPM_PT 0000010a value 00000001 TPM_PT_VENDOR_TPM_TYPE - vendor-defined value indicating the TPM model 
TPM_PT 0000010b value 00050000 TPM_PT_FIRMWARE_VERSION_1 - the most-significant 32 bits of a TPM vendor-specific value indicating the version number of the firmware
TPM_PT 0000010c value 00044102 TPM_PT_FIRMWARE_VERSION_2 - the least-significant 32 bits of a TPM vendor-specific value indicating the version number of the firmware

IFX
SLB9
665

    • IBM's TPM2.0 TSS (387)

Build.

$ cd utils
$ export TPM_INTERFACE_TYPE=dev
$ make

Quick test.

$ sudo  chmod 777 /dev/tpm0
$ export TPM_INTERFACE_TYPE=dev
$ ./getcapability -cap 6
63 properties
TPM_PT 00000100 value 322e3000 TPM_PT_FAMILY_INDICATOR - a 4-octet character string containing the TPM Family value (TPM_SPEC_FAMILY)
TPM_PT 00000101 value 00000000 TPM_PT_LEVEL - the level of the specification
TPM_PT 00000102 value 00000063 TPM_PT_REVISION - the specification Revision times 100
<SNIP>


Clear lockout (Ref http://sourceforge.net/p/ibmtpm20tss/tickets/3/)

$ ./clear -hi l

Regression test

$ ./reg.sh -h
<SNIP>
    • Intel's TPM2.0-TSS (commit 9dc480eed8e7f6ba1e6b8e1481f40399dedf820f)

Build.

$ sudo apt-get install autoconf-archive
$ git clone https://github.com/01org/TPM2.0-TSS
$ cd TPM2.0-TSS/
$ ./bootstrap
$ ./configure
$ make
<snip>
$ sudo make install

/usr/local/lib/libtpm2sapi.so.0.0.0
/usr/local/sbin/resourcemgr

Run resource manager.

$ sudo  chmod 777 /dev/tpm0
$ export LD_LIBRARY_PATH=/usr/local/lib
$ /usr/local/sbin/resourcemgr
Initializing local TPM Interface
Initializing Resource Manager
maxActiveSessions = 32
gapMaxValue = 255
socket created:  0x4
bind to IP address:port:  127.0.0.1:2324
Other CMD server listening to socket:  0x4
socket created:  0x5
bind to IP address:port:  127.0.0.1:2323
TPM CMD server listening to socket:  0x5
Starting SockServer (TPM CMD), socket: 0x5.
Starting SockServer (Other CMD), socket: 0x4.
<SNIP>

Run Test.

$ ./test/tpmtest/tpmtest
Initializing Resource Manager Interface
socket created:  0x3
socket created:  0x4
Client connected to server on port:  2324
Client connected to server on port:  2323

GET/SET DECRYPT PARAM TESTS:
	failing case: 	PASSED!
	failing case: 	PASSED!
	passing case:  	PASSED!
	failing case: 	PASSED!
	failing case: 	PASSED!
	failing case: 	PASSED!
	failing case: 	PASSED!
	failing case: 	PASSED!
	failing case: 	PASSED!
	failing case: 	PASSED!
	passing case:  	PASSED!
	passing case:  	PASSED!
	passing case:  	PASSED!
	passing case:  	PASSED!
	failing case: 	PASSED!
	failing case: 	PASSED!
	passing case:  	PASSED!
	passing case:  	PASSED!
	passing case:  	PASSED!
	failing case: 	PASSED!
	passing case:  	PASSED!
	passing case:  	PASSED!
	passing case:  	PASSED!
	passing case:  	PASSED!
	passing case:  	PASSED!
	passing case:  	PASSED!
	failing case: 	PASSED!
	passing case:  	PASSED!

Check TPM type: discrete TPM (IFX)
Warning - Non-Null PlatformAuth.

NV INDEX LIST CLEAR:
	passing case:  	PASSED!
	The count of defined NV Index: 6

	NV Index: 1410001

The result of releasing NV 1410001: 9a2

The result of releasing NV 1410001: 184

	NV Index: 1410002

The result of releasing NV 1410002: 9a2

The result of releasing NV 1410002: 184

	NV Index: 1800001

The result of releasing NV 1800001: 9a2

The result of releasing NV 1800001: 184

	NV Index: 1800003

The result of releasing NV 1800003: 9a2

The result of releasing NV 1800003: 184

	NV Index: 1c00002

The result of releasing NV 1c00002: 9a2

The result of releasing NV 1c00002: 184

	NV Index: 1c0000a

The result of releasing NV 1c0000a: 9a2

The result of releasing NV 1c0000a: 184

Q - QUIT THE PROGRAM
D - PRINT DESCRIPTION ON ALL CASES
0 - RUN ALL TEST CASES
1 - GET/SET DECRYPT PARAM TESTS
2 - STARTUP TESTS
3 - CREATE, CREATE PRIMARY, and LOAD TESTS
5 - UNSEAL TEST
6 - TPM Version TESTS
7 - SELFTEST TESTS
8 - GET TEST RESULT TESTS
9 - DICTIONARY ATTACK LOCK RESET TEST
13 - GET_CAPABILITY TESTS
14 - PCR_EXTEND, PCR_EVENT, PCR_ALLOCATE, and PCR_READ TESTS
15 - HASH TESTS
16 - POLICY TESTS
20 - GET_RANDOM TESTS
21 - SHUTDOWN TESTS
24 - QUOTE CONTROL TESTS
25 - PCR ALLOCATE TEST
26 - RM TESTS
32 - EC Ephemeral TESTS
Please select an action:Q
    • tpm2.0-tools
$ sudo  chmod 777 /dev/tpm0
$ export LD_LIBRARY_PATH=/usr/local/lib
$ /usr/local/sbin/resourcemgr

$ sudo apt-get install autoconf-archive

$ git clone https://github.com/01org/tpm2.0-tools.git
$ tpm2.0-tools
$ ./bootstrap
$ ./configure
$ make

$ cd sapi-tools
$ ./tpm2_getrandom -s 20 -o random.out 

GetRandom succ...
byte size: 20
 0xFF 0x10 0xB9 0x76 0x1C 0x4D 0x48 0x63 0x87 0x0D 0xC5 0x29 0xB4 0x9E 0xE5 0x72 0x40 0x59 0xC1 0x8D

$ ./tpm2_listpcrs

Show all PCR banks:

Bank/Algorithm: TPM_ALG_SHA1(0x0004)
PCR_00: 3d ca ea 25 dc 86 55 4d 94 b9 4a a5 bc 8f 73 5a 49 21 2a f8
PCR_01: b2 a8 3b 0e bf 2f 83 74 29 9a 5b 2b df c3 1e a9 55 ad 72 36
PCR_02: b2 a8 3b 0e bf 2f 83 74 29 9a 5b 2b df c3 1e a9 55 ad 72 36
PCR_03: b2 a8 3b 0e bf 2f 83 74 29 9a 5b 2b df c3 1e a9 55 ad 72 36
PCR_04: b2 a8 3b 0e bf 2f 83 74 29 9a 5b 2b df c3 1e a9 55 ad 72 36
PCR_05: b2 a8 3b 0e bf 2f 83 74 29 9a 5b 2b df c3 1e a9 55 ad 72 36
PCR_06: b2 a8 3b 0e bf 2f 83 74 29 9a 5b 2b df c3 1e a9 55 ad 72 36
PCR_07: dd 28 a7 ce 11 87 00 1c 50 ff 5b 6a 6c b1 40 c7 c5 d2 76 22
PCR_08: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR_09: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR_10: e5 5f 3b c2 f3 92 66 60 7c d4 c2 99 2f d8 d6 2e f6 99 80 59
PCR_11: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR_12: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR_13: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR_14: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR_15: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR_16: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR_17: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
PCR_18: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
PCR_19: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
PCR_20: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
PCR_21: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
PCR_22: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
PCR_23: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Bank/Algorithm: TPM_ALG_SHA256(0x000b)
PCR_00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR_01: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR_02: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR_03: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR_04: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR_05: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR_06: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR_07: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR_08: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR_09: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR_10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR_11: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR_12: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR_13: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR_14: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR_15: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR_16: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR_17: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
PCR_18: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
PCR_19: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
PCR_20: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
PCR_21: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
PCR_22: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
PCR_23: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Bank/Algorithm: TPM_ALG_SHA384(0x000c)
This bank can not be read, tpm error 0x1c3


Bank/Algorithm: TPM_ALG_SHA512(0x000d)
This bank can not be read, tpm error 0x1c3


Bank/Algorithm: TPM_ALG_SM3_256(0x0012)
This bank can not be read, tpm error 0x1c3

$ ./tpm2_nvlist
6 NV indexes defined.

  0. NV Index: 0x1410001
  {
	Hash algorithm(nameAlg):11
 	The Index attributes(attributes):0x26040014
 	The size of the data area(dataSize):16
   }

  1. NV Index: 0x1410002
  {
	Hash algorithm(nameAlg):11
 	The Index attributes(attributes):0x22040014
 	The size of the data area(dataSize):8
   }

  2. NV Index: 0x1800001
  {
	Hash algorithm(nameAlg):11
 	The Index attributes(attributes):0x62042c04
 	The size of the data area(dataSize):70
   }

  3. NV Index: 0x1800003
  {
	Hash algorithm(nameAlg):11
 	The Index attributes(attributes):0x62044408
 	The size of the data area(dataSize):104
   }

  4. NV Index: 0x1c00002
  {
	Hash algorithm(nameAlg):11
 	The Index attributes(attributes):0x62072001
 	The size of the data area(dataSize):1189
   }

  5. NV Index: 0x1c0000a
  {
	Hash algorithm(nameAlg):11
 	The Index attributes(attributes):0x62072001
 	The size of the data area(dataSize):794
   }