
Simple TPM Utility for Remote Attestation

Example 

1. Quote

1-0. Take the TPM ownwer ship

  $ tpm_takeownership
  Enter owner password: 
  Confirm password: 
  Enter SRK password: 
  Confirm password: 
 
  Note) Just enter for RSK password to set default auth.

1-1. Create RSA 2048-bit Sign Key just under SRK 
    and store in SYSTEM PS, with given UUID, without auth secret

  $ tpm_createkey -N -u 1448c61c6af7770fc4a3b413c1094e35

1-2. Issue TPM_Quote

  $ tpm_quote -N -u 1448c61c6af7770fc4a3b413c1094e35  -p 0 -p 2 -p 4 -p 8 -n 83c5cacb20a590e5b48980598cc69f18068495de
  pcrnums=24
  nonce=83c5cacb20a590e5b48980598cc69f18068495de
  pcr.0=130f8accf255c1e495bda46c1071e5401031afa6
  pcr.2=53de584dcef03f6a7dac1a240a835893896f218d
  pcr.4=7bd436270b52218cbdfa04330b4c802b81ccd792
  pcr.8=454af0c0b32c6acac693c75f9dc1339efdf103c0
  quoteinfo=0101000051554f5454cf5507c5b9dc9b894c4530311ba304aaba205a83c5cacb20a590e5b48980598cc69f18068495de
  signature=bb44c78c6b5576e14940a81be1bd70a835fe27fb03dbbe7776cb2a3cd65620ca8646d26a0f8c93ba2e062f56dc05a08d023b589975cd1b1c7ad5c1e3e6e8799c387b377c5c29db03996abf1972164e1d4b762598bf1f752cdd72e98ed2ddec9160e370a3c43ed0cd8488caefa001246356db462eab664ae7d10fd2bfac302308304f793ecf52ce32db75a1ba254a1963ebb68657d01426aa2c583219ffc8cdf7b07d598535ca5be03cc26b965b95f3bec821505090dc275c8de62fd90875e08801d5500fa55c5e0842be595c9af18f78947a79fc8e3fcc4c9e585c99f80ef10136efd2e33aa0551e6e7768bd4828c2748cf86b200113ab153132d0d54f627f3a
  pubkey=00000001000100020000000c00000800000000020000000000000100d71fa1e5f89f26370b7879819b133148db94ff8aa46fb3c1d93e652c014b478a80ea12116044585eca3a484e949ae94967823cfaf112405efdec734ef39f94c864b4f45cbe08d826b425ff4a0ca865137a6f301ec79a250baa1003a9df65ac7309e9789268eeb19d2eea0f15cb055c724190c3b41cfb7c6c9894f11e452e6dc9d32ea6596569585054737d4b0a6b700c3c66286fb299efa0f6c812cda0381d797e1cf7d756c905c0a068c6dd1bfa855f0b3e79c648a248df3981a259f3c64e27f7ef290a99cb0e6df347e1d1642c241b40857792095276f00927172965c6c6ae5f3dbe80401d31e3334c5c891a9bf80cc499e1707072ff5210a7d1c242fb5ca1

2. Extend PCR and Read PCR (with IMA)

2-1.  Extend

  # tpm_extend --file hoge 
  # tail /sys/kernel/security/ima/ascii_runtime_measurements 
  ...
  10 f73d086fcf5cba367f2a46c45c172c261517c474 /usr/bin/tpm_extend
  10 53b3d3711ef9ab14823aecbad54312bd464878ff /home/munetoh/workspace/tools/tpm/README
  10 8ad12dfaacb4fd032cdf8a5ded5c8c9c3faad171 /usr/bin/tail
  
   
2-2. PCR read

  $ tpm_pcrread -p 0 -p 2 -p 4 -p 10
  pcr.0=130f8accf255c1e495bda46c1071e5401031afa6
  pcr.2=53de584dcef03f6a7dac1a240a835893896f218d
  pcr.4=7bd436270b52218cbdfa04330b4c802b81ccd792
  pcr.10=e78c897488e60cb3b1080ee985cba20fcf701d68

3. Seal/Unseal (TBD)

3-1. Seal (use tpm-tools from TrouSerS)

  $ tpm_sealdata -i README -o README.sealed
  
3-2. Unseal

  $ tpm_unsealdata -i README.sealed -o README.plain
  $ diff README README.plain
  
  
