TPM零知识学习六 —— tpm2-tools源码安装
1. 源码下载
$ git clone https://github.com/tpm2-software/tpm2-tools2. 安装依赖
编译并安装tpm2-tools需要以下软件依赖:
- GNU Autoconf (version >= 2019.01.06)
- GNU Automake
- GNU Libtool
- pkg-config
- C compiler
- C Library Development Libraries and Header Files (for pthreads headers)
- ESAPI - TPM2.0 TSS ESAPI library (tss2-esys) and header files
- OpenSSL libcrypto library and header files (version >= 1.1.0)
- Curl library and header files
可选依赖:
- pandoc用以编译man pages
- FAPI - TPM2.0 TSS FAPI 库 (tss2-fapi) 和头文件
- tpm2-tabrmd用以使能新的userspace resource manager(推荐)
- 当执行./configure时带有"--enable-unit"或者"--enable-unit=abrmd"参数,the tests are run towards a resource manager, tpm2-abrmd, which must be on $PATH
- 当执行./configure时带有"--enable-unit=mssim",the tests are run directly towards tpm_server, without resource manager
- 对于测试来说,无论是否带有resource manager,tpm_server都必须被安装
- Some tests pass only if xxd, expect, bash and python with PyYAML are available
- 一些测试可选择地使用(但不是需要)curl
满足tpm2-tools的安装依赖分为两个一般步骤:可以通过包管理器获得的和不能通过包管理器获得的。
以Ubuntu(Ubuntu 22.04)为例,安装步骤如下:
$ sudo apt-get install autoconf automake libtool pkg-config gcc libssl-dev libcurl4-gnutls-dev python-yaml其中,python-yaml没有找到,如下所示:
$ sudo apt install python-yaml
正在读取软件包列表... 完成
正在分析软件包的依赖关系树... 完成
正在读取状态信息... 完成
没有可用的软件包 python-yaml,但是它被其它的软件包引用了。
这可能意味着这个缺失的软件包可能已被废弃,
或者只能在其他发布源中找到
E: 软件包 python-yaml 没有可安装候选
3. 源码构建
- 引导构建
ph@ph-ThinkBook-14-G2-ITL:~/dingdao/TPM/tools/tpm2-tools$ ./bootstrap
Generating file lists: src_vars.mk
aclocal: installing 'm4/ax_ac_append_to_file.m4' from '/usr/share/aclocal/ax_ac_append_to_file.m4'
aclocal: installing 'm4/ax_ac_print_to_file.m4' from '/usr/share/aclocal/ax_ac_print_to_file.m4'
aclocal: installing 'm4/ax_add_am_macro_static.m4' from '/usr/share/aclocal/ax_add_am_macro_static.m4'
aclocal: installing 'm4/ax_add_fortify_source.m4' from '/usr/share/aclocal/ax_add_fortify_source.m4'
aclocal: installing 'm4/ax_am_macros_static.m4' from '/usr/share/aclocal/ax_am_macros_static.m4'
aclocal: installing 'm4/ax_check_compile_flag.m4' from '/usr/share/aclocal/ax_check_compile_flag.m4'
aclocal: installing 'm4/ax_check_enable_debug.m4' from '/usr/share/aclocal/ax_check_enable_debug.m4'
aclocal: installing 'm4/ax_check_gnu_make.m4' from '/usr/share/aclocal/ax_check_gnu_make.m4'
aclocal: installing 'm4/ax_check_link_flag.m4' from '/usr/share/aclocal/ax_check_link_flag.m4'
aclocal: installing 'm4/ax_code_coverage.m4' from '/usr/share/aclocal/ax_code_coverage.m4'
aclocal: installing 'm4/ax_file_escapes.m4' from '/usr/share/aclocal/ax_file_escapes.m4'
aclocal: installing 'm4/ax_is_release.m4' from '/usr/share/aclocal/ax_is_release.m4'
aclocal: installing 'm4/libtool.m4' from '/usr/share/aclocal/libtool.m4'
aclocal: installing 'm4/ltoptions.m4' from '/usr/share/aclocal/ltoptions.m4'
aclocal: installing 'm4/ltsugar.m4' from '/usr/share/aclocal/ltsugar.m4'
aclocal: installing 'm4/ltversion.m4' from '/usr/share/aclocal/ltversion.m4'
aclocal: installing 'm4/lt~obsolete.m4' from '/usr/share/aclocal/lt~obsolete.m4'
aclocal: installing 'm4/pkg.m4' from '/usr/share/aclocal/pkg.m4'
libtoolize: putting auxiliary files in '.'.
libtoolize: linking file './ltmain.sh'
configure.ac:8: installing './compile'
configure.ac:10: installing './config.guess'
configure.ac:10: installing './config.sub'
configure.ac:11: installing './install-sh'
configure.ac:11: installing './missing'
Makefile.am:30: warning: AM_DISTCHECK_CONFIGURE_FLAGS was already defined in condition AUTOCONF_CODE_COVERAGE_2019_01_06 and CODE_COVERAGE_ENABLED, which is included in condition TRUE ...
aminclude_static.am:100: ... 'AM_DISTCHECK_CONFIGURE_FLAGS' previously defined here
Makefile.am:5: 'aminclude_static.am' included from here
Makefile.am: installing './depcomp'
parallel-tests: installing './test-driver'
- 配置构建
先运行带--help选项的configure脚本来查看所有支持的选项。如下所示:
ph@ph-ThinkBook-14-G2-ITL:~/dingdao/TPM/tools/tpm2-tools$ ./configure --help
`configure' configures tpm2-tools 5.4-rc0 to adapt to many kinds of systems.
Usage: ./configure [OPTION]... [VAR=VALUE]...
To assign environment variables (e.g., CC, CFLAGS...), specify them as
VAR=VALUE. See below for descriptions of some of the useful variables.
Defaults for the options are specified in brackets.
Configuration:
-h, --help display this help and exit
--help=short display options specific to this package
--help=recursive display the short help of all the included packages
-V, --version display version information and exit
-q, --quiet, --silent do not print `checking ...' messages
--cache-file=FILE cache test results in FILE [disabled]
-C, --config-cache alias for `--cache-file=config.cache'
-n, --no-create do not create output files
--srcdir=DIR find the sources in DIR [configure dir or `..']
Installation directories:
--prefix=PREFIX install architecture-independent files in PREFIX
[/usr/local]
--exec-prefix=EPREFIX install architecture-dependent files in EPREFIX
[PREFIX]
By default, `make install' will install all the files in
`/usr/local/bin', `/usr/local/lib' etc. You can specify
an installation prefix other than `/usr/local' using `--prefix',
for instance `--prefix=$HOME'.
For better control, use the options below.
Fine tuning of the installation directories:
--bindir=DIR user executables [EPREFIX/bin]
--sbindir=DIR system admin executables [EPREFIX/sbin]
--libexecdir=DIR program executables [EPREFIX/libexec]
--sysconfdir=DIR read-only single-machine data [PREFIX/etc]
--sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com]
--localstatedir=DIR modifiable single-machine data [PREFIX/var]
--runstatedir=DIR modifiable per-process data [LOCALSTATEDIR/run]
--libdir=DIR object code libraries [EPREFIX/lib]
--includedir=DIR C header files [PREFIX/include]
--oldincludedir=DIR C header files for non-gcc [/usr/include]
--datarootdir=DIR read-only arch.-independent data root [PREFIX/share]
--datadir=DIR read-only architecture-independent data [DATAROOTDIR]
--infodir=DIR info documentation [DATAROOTDIR/info]
--localedir=DIR locale-dependent data [DATAROOTDIR/locale]
--mandir=DIR man documentation [DATAROOTDIR/man]
--docdir=DIR documentation root [DATAROOTDIR/doc/tpm2-tools]
--htmldir=DIR html documentation [DOCDIR]
--dvidir=DIR dvi documentation [DOCDIR]
--pdfdir=DIR pdf documentation [DOCDIR]
--psdir=DIR ps documentation [DOCDIR]
Program names:
--program-prefix=PREFIX prepend PREFIX to installed program names
--program-suffix=SUFFIX append SUFFIX to installed program names
--program-transform-name=PROGRAM run sed PROGRAM on installed program names
System types:
--build=BUILD configure for building on BUILD [guessed]
--host=HOST cross-compile to build programs to run on HOST [BUILD]
Optional Features:
--disable-option-checking ignore unrecognized --enable/--with options
--disable-FEATURE do not include FEATURE (same as --enable-FEATURE=no)
--enable-FEATURE[=ARG] include FEATURE [ARG=yes]
--enable-debug=[yes/info/profile/no]
compile with debugging
--enable-shared[=PKGS] build shared libraries [default=yes]
--enable-static[=PKGS] build static libraries [default=yes]
--enable-fast-install[=PKGS]
optimize for fast installation [default=yes]
--disable-libtool-lock avoid locking (might break parallel builds)
--enable-dependency-tracking
do not reject slow dependency extractors
--disable-dependency-tracking
speeds up one-time build
--enable-silent-rules less verbose build output (undo: "make V=1")
--disable-silent-rules verbose build output (undo: "make V=0")
--enable-code-coverage Whether to enable code coverage support
--disable-fapi disable FAPI tools (default: auto)
--enable-unit build cmocka unit tests
--disable-persistent disable tests that require resetting the TPM
--disable-dlclose Some versions of libc cause a sigsegv on exit, this
disables the dlclose and works around that bug
--disable-hardening Disable compiler and linker options to frustrate
memory corruption exploits
Optional Packages:
--with-PACKAGE[=ARG] use PACKAGE [ARG=yes]
--without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no)
--with-pic[=PKGS] try to use only PIC/non-PIC objects [default=use
both]
--with-aix-soname=aix|svr4|both
shared library versioning (aka "SONAME") variant to
provide on AIX, [default=aix].
--with-gnu-ld assume the C compiler uses GNU ld [default=no]
--with-sysroot[=DIR] Search for dependent libraries within DIR (or the
compiler's sysroot if not specified).
--with-gcov=GCOV use given GCOV for coverage (GCOV=gcov).
--with-efivar Build with lib efivar for pretty print of device
path. Default auto detect
--with-bashcompdir=DIR directory for bash completions
--with-tpmsim=BIN simulator used for testing
--with-python-sys-prefix
use Python's sys.prefix and sys.exec_prefix values
--with-python_prefix override the default PYTHON_PREFIX
--with-python_exec_prefix
override the default PYTHON_EXEC_PREFIX
Some influential environment variables:
CC C compiler command
CFLAGS C compiler flags
LDFLAGS linker flags, e.g. -L if you have libraries in a
nonstandard directory
LIBS libraries to pass to the linker, e.g. -l
CPPFLAGS (Objective) C/C++ preprocessor flags, e.g. -I if
you have headers in a nonstandard directory
LT_SYS_LIBRARY_PATH
User-defined run-time library search path.
PKG_CONFIG path to pkg-config utility
PKG_CONFIG_PATH
directories to add to pkg-config's search path
PKG_CONFIG_LIBDIR
path overriding pkg-config's built-in search path
TSS2_FAPI_CFLAGS
C compiler flags for TSS2_FAPI, overriding pkg-config
TSS2_FAPI_LIBS
linker flags for TSS2_FAPI, overriding pkg-config
TSS2_FAPI_3_0_CFLAGS
C compiler flags for TSS2_FAPI_3_0, overriding pkg-config
TSS2_FAPI_3_0_LIBS
linker flags for TSS2_FAPI_3_0, overriding pkg-config
TSS2_ESYS_4_0_CFLAGS
C compiler flags for TSS2_ESYS_4_0, overriding pkg-config
TSS2_ESYS_4_0_LIBS
linker flags for TSS2_ESYS_4_0, overriding pkg-config
TSS2_ESYS_3_0_CFLAGS
C compiler flags for TSS2_ESYS_3_0, overriding pkg-config
TSS2_ESYS_3_0_LIBS
linker flags for TSS2_ESYS_3_0, overriding pkg-config
TSS2_ESYS_2_3_CFLAGS
C compiler flags for TSS2_ESYS_2_3, overriding pkg-config
TSS2_ESYS_2_3_LIBS
linker flags for TSS2_ESYS_2_3, overriding pkg-config
TSS2_TCTILDR_CFLAGS
C compiler flags for TSS2_TCTILDR, overriding pkg-config
TSS2_TCTILDR_LIBS
linker flags for TSS2_TCTILDR, overriding pkg-config
TSS2_MU_CFLAGS
C compiler flags for TSS2_MU, overriding pkg-config
TSS2_MU_LIBS
linker flags for TSS2_MU, overriding pkg-config
TSS2_RC_CFLAGS
C compiler flags for TSS2_RC, overriding pkg-config
TSS2_RC_LIBS
linker flags for TSS2_RC, overriding pkg-config
TSS2_SYS_CFLAGS
C compiler flags for TSS2_SYS, overriding pkg-config
TSS2_SYS_LIBS
linker flags for TSS2_SYS, overriding pkg-config
CRYPTO_CFLAGS
C compiler flags for CRYPTO, overriding pkg-config
CRYPTO_LIBS linker flags for CRYPTO, overriding pkg-config
CURL_CFLAGS C compiler flags for CURL, overriding pkg-config
CURL_LIBS linker flags for CURL, overriding pkg-config
EFIVAR_CFLAGS
C compiler flags for EFIVAR, overriding pkg-config
EFIVAR_LIBS linker flags for EFIVAR, overriding pkg-config
with_bashcompdir
value of completionsdir for bash-completion, overriding
pkg-config
CMOCKA_CFLAGS
C compiler flags for CMOCKA, overriding pkg-config
CMOCKA_LIBS linker flags for CMOCKA, overriding pkg-config
PYTHON the Python interpreter
Use these variables to override the choices made by `configure' or to help
it to find libraries and programs with nonstandard names/locations.
Report bugs to the package provider.
在构建tpm2-tools之前,必须进行配置。最为简单的情况是不带任何选项运行configure脚本,如下所示:
ph@ph-ThinkBook-14-G2-ITL:~/dingdao/TPM/tools/tpm2-tools$ ./configure
checking whether to enable debugging... info
checking for gcc... gcc
checking whether the C compiler works... yes
checking for C compiler default output file name... a.out
checking for suffix of executables...
checking whether we are cross compiling... no
checking for suffix of object files... o
checking whether the compiler supports GNU C... yes
checking whether gcc accepts -g... yes
checking for gcc option to enable C11 features... none needed
checking whether gcc understands -c and -o together... yes
checking whether ln -s works... yes
checking build system type... x86_64-pc-linux-gnu
checking host system type... x86_64-pc-linux-gnu
checking how to print strings... printf
checking for a sed that does not truncate output... /usr/bin/sed
checking for grep that handles long lines and -e... /usr/bin/grep
checking for egrep... /usr/bin/grep -E
checking for fgrep... /usr/bin/grep -F
checking for ld used by gcc... /usr/bin/ld
checking if the linker (/usr/bin/ld) is GNU ld... yes
checking for BSD- or MS-compatible name lister (nm)... /usr/bin/nm -B
checking the name lister (/usr/bin/nm -B) interface... BSD nm
checking the maximum length of command line arguments... 1572864
checking how to convert x86_64-pc-linux-gnu file names to x86_64-pc-linux-gnu format... func_convert_file_noop
checking how to convert x86_64-pc-linux-gnu file names to toolchain format... func_convert_file_noop
checking for /usr/bin/ld option to reload object files... -r
checking for objdump... objdump
checking how to recognize dependent libraries... pass_all
checking for dlltool... no
checking how to associate runtime and link libraries... printf %s\n
checking for ar... ar
checking for archiver @FILE support... @
checking for strip... strip
checking for ranlib... ranlib
checking for gawk... no
checking for mawk... mawk
checking command to parse /usr/bin/nm -B output from gcc object... ok
checking for sysroot... no
checking for a working dd... /usr/bin/dd
checking how to truncate binary pipes... /usr/bin/dd bs=4096 count=1
checking for mt... mt
checking if mt is a manifest tool... no
checking for stdio.h... yes
checking for stdlib.h... yes
checking for string.h... yes
checking for inttypes.h... yes
checking for stdint.h... yes
checking for strings.h... yes
checking for sys/stat.h... yes
checking for sys/types.h... yes
checking for unistd.h... yes
checking for dlfcn.h... yes
checking for objdir... .libs
checking if gcc supports -fno-rtti -fno-exceptions... no
checking for gcc option to produce PIC... -fPIC -DPIC
checking if gcc PIC flag -fPIC -DPIC works... yes
checking if gcc static flag -static works... yes
checking if gcc supports -c -o file.o... yes
checking if gcc supports -c -o file.o... (cached) yes
checking whether the gcc linker (/usr/bin/ld -m elf_x86_64) supports shared libraries... yes
checking whether -lc should be explicitly linked in... no
checking dynamic linker characteristics... GNU/Linux ld.so
checking how to hardcode library paths into programs... immediate
checking whether stripping libraries is possible... yes
checking if libtool supports shared libraries... yes
checking whether to build shared libraries... yes
checking whether to build static libraries... yes
checking for a BSD-compatible install... /usr/bin/install -c
checking whether build environment is sane... yes
checking for a race-free mkdir -p... /usr/bin/mkdir -p
checking whether make sets $(MAKE)... yes
checking whether make supports the include directive... yes (GNU style)
checking whether make supports nested variables... yes
checking dependency style of gcc... gcc3
checking whether make supports nested variables... (cached) yes
checking whether to build with code coverage support... no
checking for pandoc... yes
checking for pkg-config... /usr/bin/pkg-config
checking pkg-config is at least version 0.9.0... yes
checking for tss2-fapi... yes
checking for tss2-fapi >= 3.0... yes
checking for tss2-esys >= 4.0.0... yes
checking for tss2-tctildr... yes
checking for tss2-mu... yes
checking for tss2-rc... yes
checking for tss2-sys... yes
checking for libcrypto >= 1.1.0... yes
checking for EVP_sm3 in -lcrypto... yes
checking for EVP_sm4_cfb128 in -lcrypto... yes
checking for libcurl... yes
checking for efivar... no
checking whether C compiler accepts -Wall... yes
checking whether C compiler accepts -Wextra... yes
checking whether C compiler accepts -Werror... yes
checking whether C compiler accepts -Wformat... yes
checking whether C compiler accepts -Wformat-security... yes
checking whether C compiler accepts -Wstack-protector... yes
checking whether C compiler accepts -fstack-protector-all... yes
checking whether C compiler accepts -Wstrict-overflow=5... yes
checking whether C compiler accepts -O2... yes
checking whether C compiler accepts -Werror... (cached) yes
checking whether to add -D_FORTIFY_SOURCE=2 to CPPFLAGS... yes
checking whether C compiler accepts -fPIC... yes
checking whether the linker accepts -shared... yes
checking whether C compiler accepts -fPIE... yes
checking whether the linker accepts -pie... yes
checking whether the linker accepts -Wl,-z,relro... yes
checking whether the linker accepts -Wl,-z,now... yes
checking whether C compiler accepts -D_GNU_SOURCE... yes
checking whether C compiler accepts -std=gnu99... yes
checking whether C compiler accepts -Wstringop-overflow=4... yes
checking whether C compiler accepts -Wstringop-truncation... yes
checking whether C compiler accepts -Wduplicated-branches... yes
checking whether C compiler accepts -Wduplicated-cond... yes
checking whether C compiler accepts -Wbool-compare... yes
checking whether C compiler accepts -fdata-sections... yes
checking whether C compiler accepts -ffunction-sections... yes
checking whether the linker accepts -Wl,--gc-sections... yes
checking that generated files are newer than configure... done
configure: creating ./config.status
config.status: creating Makefile
config.status: creating lib/config.h
config.status: executing libtool commands
config.status: executing depfiles commands
- tpm2-tools: 5.4-rc0
- Man pages: yes
- Unit tests: no
- 编译
运行make进行编译,如下所示:
ph@ph-ThinkBook-14-G2-ITL:~/dingdao/TPM/tools/tpm2-tools$ make
CC tools/fapi/tss2-tss2_template.o
CC tools/fapi/tss2-tss2_decrypt.o
CC tools/fapi/tss2-tss2_encrypt.o
CC tools/fapi/tss2-tss2_list.o
CC tools/fapi/tss2-tss2_changeauth.o
CC tools/fapi/tss2-tss2_delete.o
CC tools/fapi/tss2-tss2_import.o
CC tools/fapi/tss2-tss2_getinfo.o
CC tools/fapi/tss2-tss2_createkey.o
CC tools/fapi/tss2-tss2_createseal.o
CC tools/fapi/tss2-tss2_exportkey.o
CC tools/fapi/tss2-tss2_getcertificate.o
CC tools/fapi/tss2-tss2_getplatformcertificates.o
CC tools/fapi/tss2-tss2_gettpmblobs.o
CC tools/fapi/tss2-tss2_getappdata.o
CC tools/fapi/tss2-tss2_gettpm2object.o
CC tools/fapi/tss2-tss2_setappdata.o
CC tools/fapi/tss2-tss2_setcertificate.o
CC tools/fapi/tss2-tss2_sign.o
CC tools/fapi/tss2-tss2_verifysignature.o
CC tools/fapi/tss2-tss2_verifyquote.o
CC tools/fapi/tss2-tss2_createnv.o
CC tools/fapi/tss2-tss2_nvextend.o
CC tools/fapi/tss2-tss2_nvincrement.o
CC tools/fapi/tss2-tss2_nvread.o
CC tools/fapi/tss2-tss2_nvsetbits.o
CC tools/fapi/tss2-tss2_nvwrite.o
CC tools/fapi/tss2-tss2_getdescription.o
CC tools/fapi/tss2-tss2_setdescription.o
CC tools/fapi/tss2-tss2_pcrextend.o
CC tools/fapi/tss2-tss2_quote.o
CC tools/fapi/tss2-tss2_pcrread.o
CC tools/fapi/tss2-tss2_authorizepolicy.o
CC tools/fapi/tss2-tss2_exportpolicy.o
CC tools/fapi/tss2-tss2_provision.o
CC tools/fapi/tss2-tss2_getrandom.o
CC tools/fapi/tss2-tss2_unseal.o
CC tools/fapi/tss2-tss2_writeauthorizenv.o
CC lib/libcommon_a-files.o
CC lib/libcommon_a-log.o
CC lib/libcommon_a-object.o
CC lib/libcommon_a-pcr.o
CC lib/libcommon_a-tool_rc.o
CC lib/libcommon_a-tpm2.o
CC lib/libcommon_a-tpm2_alg_util.o
CC lib/libcommon_a-tpm2_attr_util.o
CC lib/libcommon_a-tpm2_auth_util.o
CC lib/libcommon_a-tpm2_capability.o
CC lib/libcommon_a-tpm2_cc_util.o
CC lib/libcommon_a-tpm2_convert.o
CC lib/libcommon_a-tpm2_ctx_mgmt.o
CC lib/libcommon_a-tpm2_errata.o
CC lib/libcommon_a-tpm2_eventlog.o
CC lib/libcommon_a-tpm2_eventlog_yaml.o
CC lib/libcommon_a-tpm2_hash.o
CC lib/libcommon_a-tpm2_hierarchy.o
CC lib/libcommon_a-tpm2_identity_util.o
CC lib/libcommon_a-tpm2_kdfa.o
CC lib/libcommon_a-tpm2_kdfe.o
CC lib/libcommon_a-tpm2_openssl.o
CC lib/libcommon_a-tpm2_options.o
CC lib/libcommon_a-tpm2_policy.o
CC lib/libcommon_a-tpm2_session.o
CC lib/libcommon_a-tpm2_tool_output.o
CC lib/libcommon_a-tpm2_util.o
AR lib/libcommon.a
ar: `u' 修饰符被忽略,因为 `D' 为默认(参见 `U')
CCLD tools/fapi/tss2
CC tools/tpm2-tpm2_tool.o
CC tools/misc/tpm2-tpm2_certifyX509certutil.o
CC tools/misc/tpm2-tpm2_checkquote.o
CC tools/misc/tpm2-tpm2_encodeobject.o
CC tools/misc/tpm2-tpm2_eventlog.o
CC tools/misc/tpm2-tpm2_print.o
CC tools/misc/tpm2-tpm2_rc_decode.o
CC tools/tpm2-tpm2_activatecredential.o
CC tools/tpm2-tpm2_certify.o
CC tools/tpm2-tpm2_changeauth.o
CC tools/tpm2-tpm2_changeeps.o
CC tools/tpm2-tpm2_changepps.o
CC tools/tpm2-tpm2_clear.o
CC tools/tpm2-tpm2_clearcontrol.o
CC tools/tpm2-tpm2_clockrateadjust.o
CC tools/tpm2-tpm2_create.o
CC tools/tpm2-tpm2_createak.o
CC tools/tpm2-tpm2_createek.o
CC tools/tpm2-tpm2_createpolicy.o
CC tools/tpm2-tpm2_setprimarypolicy.o
CC tools/tpm2-tpm2_createprimary.o
CC tools/tpm2-tpm2_dictionarylockout.o
CC tools/tpm2-tpm2_duplicate.o
CC tools/tpm2-tpm2_getcap.o
CC tools/tpm2-tpm2_gettestresult.o
CC tools/tpm2-tpm2_encryptdecrypt.o
CC tools/tpm2-tpm2_evictcontrol.o
CC tools/tpm2-tpm2_flushcontext.o
CC tools/tpm2-tpm2_getekcertificate.o
CC tools/tpm2-tpm2_getrandom.o
CC tools/tpm2-tpm2_gettime.o
CC tools/tpm2-tpm2_hash.o
CC tools/tpm2-tpm2_hierarchycontrol.o
CC tools/tpm2-tpm2_hmac.o
CC tools/tpm2-tpm2_import.o
CC tools/tpm2-tpm2_incrementalselftest.o
CC tools/tpm2-tpm2_load.o
CC tools/tpm2-tpm2_loadexternal.o
CC tools/tpm2-tpm2_makecredential.o
CC tools/tpm2-tpm2_nvdefine.o
CC tools/tpm2-tpm2_nvextend.o
CC tools/tpm2-tpm2_nvincrement.o
CC tools/tpm2-tpm2_nvreadpublic.o
CC tools/tpm2-tpm2_nvread.o
CC tools/tpm2-tpm2_nvreadlock.o
CC tools/tpm2-tpm2_nvundefine.o
CC tools/tpm2-tpm2_nvwrite.o
CC tools/tpm2-tpm2_nvwritelock.o
CC tools/tpm2-tpm2_nvsetbits.o
CC tools/tpm2-tpm2_pcrallocate.o
CC tools/tpm2-tpm2_pcrevent.o
CC tools/tpm2-tpm2_pcrextend.o
CC tools/tpm2-tpm2_pcrread.o
CC tools/tpm2-tpm2_pcrreset.o
CC tools/tpm2-tpm2_policypcr.o
CC tools/tpm2-tpm2_policyauthorize.o
CC tools/tpm2-tpm2_policyauthorizenv.o
CC tools/tpm2-tpm2_policynv.o
CC tools/tpm2-tpm2_policycountertimer.o
CC tools/tpm2-tpm2_policyor.o
CC tools/tpm2-tpm2_policynamehash.o
CC tools/tpm2-tpm2_policytemplate.o
CC tools/tpm2-tpm2_policycphash.o
CC tools/tpm2-tpm2_policypassword.o
CC tools/tpm2-tpm2_policysigned.o
CC tools/tpm2-tpm2_policyticket.o
CC tools/tpm2-tpm2_policyauthvalue.o
CC tools/tpm2-tpm2_policysecret.o
CC tools/tpm2-tpm2_policyrestart.o
CC tools/tpm2-tpm2_policycommandcode.o
CC tools/tpm2-tpm2_policynvwritten.o
CC tools/tpm2-tpm2_policyduplicationselect.o
CC tools/tpm2-tpm2_policylocality.o
CC tools/tpm2-tpm2_quote.o
CC tools/tpm2-tpm2_readclock.o
CC tools/tpm2-tpm2_readpublic.o
CC tools/tpm2-tpm2_rsadecrypt.o
CC tools/tpm2-tpm2_rsaencrypt.o
CC tools/tpm2-tpm2_send.o
CC tools/tpm2-tpm2_selftest.o
CC tools/tpm2-tpm2_setclock.o
CC tools/tpm2-tpm2_shutdown.o
CC tools/tpm2-tpm2_sign.o
CC tools/tpm2-tpm2_certifycreation.o
CC tools/tpm2-tpm2_nvcertify.o
CC tools/tpm2-tpm2_startauthsession.o
CC tools/tpm2-tpm2_startup.o
CC tools/tpm2-tpm2_stirrandom.o
CC tools/tpm2-tpm2_testparms.o
CC tools/tpm2-tpm2_unseal.o
CC tools/tpm2-tpm2_verifysignature.o
CC tools/tpm2-tpm2_setcommandauditstatus.o
CC tools/tpm2-tpm2_getcommandauditdigest.o
CC tools/tpm2-tpm2_getsessionauditdigest.o
CC tools/tpm2-tpm2_geteccparameters.o
CC tools/tpm2-tpm2_ecephemeral.o
CC tools/tpm2-tpm2_commit.o
CC tools/tpm2-tpm2_ecdhkeygen.o
CC tools/tpm2-tpm2_ecdhzgen.o
CC tools/tpm2-tpm2_zgen2phase.o
CC tools/tpm2-tpm2_sessionconfig.o
CC tools/tpm2-tpm2_getpolicydigest.o
CCLD tools/tpm2
GEN man/man1/tpm2_activatecredential.1
GEN man/man1/tpm2_certify.1
GEN man/man1/tpm2_certifyX509certutil.1
GEN man/man1/tpm2_changeauth.1
GEN man/man1/tpm2_changeeps.1
GEN man/man1/tpm2_changepps.1
GEN man/man1/tpm2_checkquote.1
GEN man/man1/tpm2_clear.1
GEN man/man1/tpm2_clearcontrol.1
GEN man/man1/tpm2_clockrateadjust.1
GEN man/man1/tpm2_create.1
GEN man/man1/tpm2_createak.1
GEN man/man1/tpm2_createek.1
GEN man/man1/tpm2_createpolicy.1
GEN man/man1/tpm2_setprimarypolicy.1
GEN man/man1/tpm2_createprimary.1
GEN man/man1/tpm2_dictionarylockout.1
GEN man/man1/tpm2_duplicate.1
GEN man/man1/tpm2_encodeobject.1
GEN man/man1/tpm2_getcap.1
GEN man/man1/tpm2_encryptdecrypt.1
GEN man/man1/tpm2_eventlog.1
GEN man/man1/tpm2_evictcontrol.1
GEN man/man1/tpm2_flushcontext.1
GEN man/man1/tpm2_getekcertificate.1
GEN man/man1/tpm2_getrandom.1
GEN man/man1/tpm2_gettestresult.1
GEN man/man1/tpm2_gettime.1
GEN man/man1/tpm2_hierarchycontrol.1
GEN man/man1/tpm2_hash.1
GEN man/man1/tpm2_hmac.1
GEN man/man1/tpm2_import.1
GEN man/man1/tpm2_incrementalselftest.1
GEN man/man1/tpm2_load.1
GEN man/man1/tpm2_loadexternal.1
GEN man/man1/tpm2_makecredential.1
GEN man/man1/tpm2_nvdefine.1
GEN man/man1/tpm2_nvextend.1
GEN man/man1/tpm2_nvincrement.1
GEN man/man1/tpm2_nvreadpublic.1
GEN man/man1/tpm2_nvread.1
GEN man/man1/tpm2_nvreadlock.1
GEN man/man1/tpm2_nvundefine.1
GEN man/man1/tpm2_nvwrite.1
GEN man/man1/tpm2_nvwritelock.1
GEN man/man1/tpm2_nvsetbits.1
GEN man/man1/tpm2_pcrallocate.1
GEN man/man1/tpm2_pcrevent.1
GEN man/man1/tpm2_pcrextend.1
GEN man/man1/tpm2_pcrread.1
GEN man/man1/tpm2_pcrreset.1
GEN man/man1/tpm2_policypcr.1
GEN man/man1/tpm2_policyrestart.1
GEN man/man1/tpm2_policycommandcode.1
GEN man/man1/tpm2_policynvwritten.1
GEN man/man1/tpm2_policyduplicationselect.1
GEN man/man1/tpm2_policylocality.1
GEN man/man1/tpm2_policyauthorize.1
GEN man/man1/tpm2_policyauthorizenv.1
GEN man/man1/tpm2_policynv.1
GEN man/man1/tpm2_policycountertimer.1
GEN man/man1/tpm2_policyor.1
GEN man/man1/tpm2_policynamehash.1
GEN man/man1/tpm2_policytemplate.1
GEN man/man1/tpm2_policycphash.1
GEN man/man1/tpm2_policypassword.1
GEN man/man1/tpm2_policysigned.1
GEN man/man1/tpm2_policyticket.1
GEN man/man1/tpm2_policyauthvalue.1
GEN man/man1/tpm2_policysecret.1
GEN man/man1/tpm2_print.1
GEN man/man1/tpm2_quote.1
GEN man/man1/tpm2_rc_decode.1
GEN man/man1/tpm2_readclock.1
GEN man/man1/tpm2_readpublic.1
GEN man/man1/tpm2_rsadecrypt.1
GEN man/man1/tpm2_rsaencrypt.1
GEN man/man1/tpm2_send.1
GEN man/man1/tpm2_selftest.1
GEN man/man1/tpm2_setclock.1
GEN man/man1/tpm2_shutdown.1
GEN man/man1/tpm2_sign.1
GEN man/man1/tpm2_certifycreation.1
GEN man/man1/tpm2_nvcertify.1
GEN man/man1/tpm2_startauthsession.1
GEN man/man1/tpm2_startup.1
GEN man/man1/tpm2_stirrandom.1
GEN man/man1/tpm2_testparms.1
GEN man/man1/tpm2_unseal.1
GEN man/man1/tpm2_verifysignature.1
GEN man/man1/tpm2_setcommandauditstatus.1
GEN man/man1/tpm2_getcommandauditdigest.1
GEN man/man1/tpm2_getsessionauditdigest.1
GEN man/man1/tpm2_geteccparameters.1
GEN man/man1/tpm2_ecephemeral.1
GEN man/man1/tpm2_commit.1
GEN man/man1/tpm2_ecdhkeygen.1
GEN man/man1/tpm2_ecdhzgen.1
GEN man/man1/tpm2_zgen2phase.1
GEN man/man1/tpm2_sessionconfig.1
GEN man/man1/tpm2_getpolicydigest.1
GEN man/man1/tpm2.1
GEN man/man1/tss2_list.1
GEN man/man1/tss2_changeauth.1
GEN man/man1/tss2_delete.1
GEN man/man1/tss2_import.1
GEN man/man1/tss2_decrypt.1
GEN man/man1/tss2_encrypt.1
GEN man/man1/tss2_getinfo.1
GEN man/man1/tss2_createnv.1
GEN man/man1/tss2_nvread.1
GEN man/man1/tss2_nvextend.1
GEN man/man1/tss2_nvincrement.1
GEN man/man1/tss2_nvsetbits.1
GEN man/man1/tss2_nvwrite.1
GEN man/man1/tss2_createkey.1
GEN man/man1/tss2_createseal.1
GEN man/man1/tss2_getcertificate.1
GEN man/man1/tss2_getplatformcertificates.1
GEN man/man1/tss2_gettpmblobs.1
GEN man/man1/tss2_getappdata.1
GEN man/man1/tss2_gettpm2object.1
GEN man/man1/tss2_setappdata.1
GEN man/man1/tss2_setcertificate.1
GEN man/man1/tss2_exportkey.1
GEN man/man1/tss2_sign.1
GEN man/man1/tss2_verifysignature.1
GEN man/man1/tss2_verifyquote.1
GEN man/man1/tss2_getdescription.1
GEN man/man1/tss2_setdescription.1
GEN man/man1/tss2_pcrextend.1
GEN man/man1/tss2_quote.1
GEN man/man1/tss2_pcrread.1
GEN man/man1/tss2_provision.1
GEN man/man1/tss2_authorizepolicy.1
GEN man/man1/tss2_exportpolicy.1
GEN man/man1/tss2_unseal.1
GEN man/man1/tss2_getrandom.1
GEN man/man1/tss2_writeauthorizenv.1
4. 测试
测试tpm2-tools工具连接abrmd服务是否正常(前提是tpm2-abrmd已经启动运行,详见本系列5),命令及结果如下所示:
ph@ph-ThinkBook-14-G2-ITL:~/dingdao/TPM/tools/tpm2-tools$ ./tools/tpm2 getrandom 4
** (process:12845): WARNING **: 16:00:46.650: Failed to create connection with service: GDBus.Error:org.freedesktop.DBus.Error.AccessDenied: Rejected send message, 1 matched rules; type="method_call", sender=":1.160" (uid=1000 pid=12845 comm="./tools/tpm2 getrandom 4 " label="unconfined") interface="com.intel.tss2.TctiTabrmd" member="CreateConnection" error name="(unset)" requested_reply="0" destination=":1.158" (uid=0 pid=6839 comm="/usr/local/sbin/tpm2-abrmd --allow-root " label="unconfined")
ERROR:tcti:src/tss2-tcti/tctildr-dl.c:169:tcti_from_file() Could not initialize TCTI file: libtss2-tcti-tabrmd.so.0
ERROR:tcti:src/tss2-tcti/tcti-device.c:451:Tss2_Tcti_Device_Init() Failed to open specified TCTI device file /dev/tpmrm0: Permission denied
ERROR:tcti:src/tss2-tcti/tctildr-dl.c:169:tcti_from_file() Could not initialize TCTI file: libtss2-tcti-device.so.0
ERROR:tcti:src/tss2-tcti/tcti-device.c:451:Tss2_Tcti_Device_Init() Failed to open specified TCTI device file /dev/tpm0: Permission denied
ERROR:tcti:src/tss2-tcti/tctildr-dl.c:169:tcti_from_file() Could not initialize TCTI file: libtss2-tcti-device.so.0
WARNING:tcti:src/util/io.c:262:socket_connect() Failed to connect to host 127.0.0.1, port 2321: errno 111: Connection refused
ERROR:tcti:src/tss2-tcti/tcti-swtpm.c:613:Tss2_Tcti_Swtpm_Init() Cannot connect to swtpm TPM socket
ERROR:tcti:src/tss2-tcti/tctildr-dl.c:169:tcti_from_file() Could not initialize TCTI file: libtss2-tcti-swtpm.so.0
WARNING:tcti:src/util/io.c:262:socket_connect() Failed to connect to host 127.0.0.1, port 2321: errno 111: Connection refused
ERROR:tcti:src/tss2-tcti/tctildr-dl.c:169:tcti_from_file() Could not initialize TCTI file: libtss2-tcti-mssim.so.0
ERROR:tcti:src/tss2-tcti/tctildr-dl.c:269:tctildr_get_default() No standard TCTI could be loaded
ERROR:tcti:src/tss2-tcti/tctildr.c:430:Tss2_TctiLdr_Initialize_Ex() Failed to instantiate TCTI
ERROR: Could not load tcti, got: "(null)"
使用sudo再次运行命令:
ph@ph-ThinkBook-14-G2-ITL:~/dingdao/TPM/tools/tpm2-tools$ sudo ./tools/tpm2 getrandom 4
�i�4ph@ph-ThinkBook-14-G2-ITL:~/dingdao/TPM/tools/tpm2-tools$ 如果tpm2-abrmd没有先启动,运行上述命令的结果为:
ph@ph-ThinkBook-14-G2-ITL:~/dingdao/TPM/tools/tpm2-tools$ sudo ./tools/tpm2 getrandom 4
** (process:12942): CRITICAL **: 16:08:35.294: failed to allocate dbus proxy object: Error calling StartServiceByName for com.intel.tss2.Tabrmd: Unit tpm2-abrmd.service not found.
ERROR:tcti:src/tss2-tcti/tctildr-dl.c:169:tcti_from_file() Could not initialize TCTI file: libtss2-tcti-tabrmd.so.0
�,�@ph@ph-ThinkBook-14-G2-ITL:~/dingdao/TPM/tools/tpm2-tools$
以上测试物理真机上,在模拟器环境下测试步骤及结果如下:
(1)启动tpm模拟器
ph@ph-ThinkBook-14-G2-ITL:~/dingdao/TPM/ibmtpm/ibmtpm/src$ ./tpm_server
LIBRARY_COMPATIBILITY_CHECK is ON
Starting ACT thread...
TPM command server listening on port 2321
Platform server listening on port 2322
(2)启动tpm-abrmd
ph@ph-ThinkBook-14-G2-ITL:~/dingdao/TPM/abrmd/tpm2-abrmd$ sudo /usr/local/sbin/tpm2-abrmd --allow-root --tcti=mssim
此时运行tpm_server的终端出现如下信息:
ph@ph-ThinkBook-14-G2-ITL:~/dingdao/TPM/ibmtpm/ibmtpm/src$ ./tpm_server
LIBRARY_COMPATIBILITY_CHECK is ON
Starting ACT thread...
TPM command server listening on port 2321
Platform server listening on port 2322
Platform IPv4 client accepted
Command IPv4 client accepted
(3)再次测试tpm2-tools
ph@ph-ThinkBook-14-G2-ITL:~/dingdao/TPM/tools/tpm2-tools$ sudo ./tools/tpm2 getrandom 4
Q��xph@ph-ThinkBook-14-G2-ITL:~/dingdao/TPM/tools/tpm2-tools$