vincent/eltt2
1
0
Fork 0
mirror of https://github.com/Infineon/eltt2.git synced 2026-01-12 03:23:46 +00:00
Code Issues Projects Releases Wiki Activity

Update README.md

Browse Source
This commit is contained in:
Thomas Furtner
2017-04-07 08:28:53 +02:00
committed by GitHub
parent 8c689212ce
commit 9acd0b6e1b
1 changed files with 141 additions and 157 deletions
Download Patch File Download Diff File Expand all files Collapse all files

298
README.md
View File

@@ -29,218 +29,202 @@ been tested.
ELTT2 does not support machines with a big-endian CPU.
1.2 Contents of Package
## 1.2 Getting Started
ELTT2 consists of the following files:
- eltt2.c
Contains all method implementations of ELTT2.
- eltt2.h
Contains all constant definitions, method and command byte declarations
for the operation of ELTT2.
- License.txt
Contains the license agreement for ELTT2.
- Makefile
Contains the command to compile ELTT2.
- README.txt
This file.
1.3 Getting Started
In order to execute ELTT2, you need to compile it first:
1. Switch to the directory with the ELTT2 source code
2. Compile the source code by typing the following command:
make
In order to execute ELTT2, you need to compile it first:
1. Switch to the directory with the ELTT2 source code
2. Compile the source code by typing the following command:
make
Due to hardware (and thus TPM) access restrictions for normal users, ELTT2
requires root (aka superuser or administrator) privileges. They can be
obtained e.g. by using the 'sudo' command on Debian Linux derivates.
2. Usage of ELTT2
# 2. Usage of ELTT2
2.1 Generic Usage
## 2.1 Generic Usage
ELTT2 is operated as follows:
ELTT2 is operated as follows:
Call: ./eltt2 <option(s)>
Call: ./eltt2 <option(s)>
For example: ./eltt2 -g or ./eltt2 -gc
For example: ./eltt2 -g or ./eltt2 -gc
For getting an overview of the possible commands, run ./eltt2 -h
For getting an overview of the possible commands, run ./eltt2 -h
Some options require the TPM to be in a specific state. This state is shown
in brackets ("[]") behind each command line option in the list below:
Some options require the TPM to be in a specific state. This state is shown
in brackets ("[]") behind each command line option in the list below:
[u]: started
[u]: started
To get the TPM into the required state, call ELTT2 with the corresponding
commands ("x" for a state means that whether this state is required or not
depends on the actual command or the command parameters sent eventually to
the TPM).
To get the TPM into the required state, call ELTT2 with the corresponding
commands ("x" for a state means that whether this state is required or not
depends on the actual command or the command parameters sent eventually to
the TPM).
Command line options: Preconditions:
Command line options: Preconditions:
-a <data bytes>: Hash Sequence SHA-1 [u]
-a <data bytes>: Hash Sequence SHA-1 [u]
-A <data bytes>: Hash Sequence SHA-256 [u]
-A <data bytes>: Hash Sequence SHA-256 [u]
-b <command bytes>: Enter your own TPM command [u]
-b <command bytes>: Enter your own TPM command [u]
-c: Read Clock [u]
-c: Read Clock [u]
-d <shutdown type>: Shutdown [u]
-d <shutdown type>: Shutdown [u]
-e: PCR Extend SHA-1 <PCR index> <PCR digest> [u]
-e: PCR Extend SHA-1 <PCR index> <PCR digest> [u]
-E: PCR Extend SHA-256 <PCR index> <PCR digest> [u]
-E: PCR Extend SHA-256 <PCR index> <PCR digest> [u]
-g: Get Capability 'TPM Properties' [u]
-g: Get Capability 'TPM Properties' [u]
-G <data length>: Get Random [u]
-G <data length>: Get Random [u]
-h: Help [-]
-h: Help [-]
-r <PCR index>: PCR Read SHA-1 [u]
-r <PCR index>: PCR Read SHA-1 [u]
-R <PCR index>: PCR Read SHA-256 [u]
-R <PCR index>: PCR Read SHA-256 [u]
-s <data bytes>: Hash SHA-1 [u]
-s <data bytes>: Hash SHA-1 [u]
-S <data bytes>: Hash SHA-256 [u]
-S <data bytes>: Hash SHA-256 [u]
-t <test type>: Self Test [u]
-t <test type>: Self Test [u]
-T: Get Test Result [u]
-T: Get Test Result [u]
-u <startup type>: Startup [-]
-u <startup type>: Startup [-]
-z <PCR index>: PCR Reset [u]
-z <PCR index>: PCR Reset [u]
Additional information:
Additional information:
-a:
With the "-a" command you can hash given data with the SHA-1 hash algorithm.
This hash sequence sends 3 commands [start, update, complete] to the TPM and
allows to hash an arbitrary amount of data.
For example, use the following command to hash the byte sequence {0x41,
0x62, 0x43, 0x64}:
./eltt2 -a 41624364
-a:
With the "-a" command you can hash given data with the SHA-1 hash algorithm.
This hash sequence sends 3 commands [start, update, complete] to the TPM and
allows to hash an arbitrary amount of data.
For example, use the following command to hash the byte sequence {0x41,
0x62, 0x43, 0x64}:
./eltt2 -a 41624364
-A:
With the "-A" command you can hash given data with the SHA-256 hash
algorithm. This hash sequence sends 3 commands [start, update, complete] to
the TPM and allows to hash an arbitrary amount of data.
For example, use the following command to hash the byte sequence {0x41,
0x62, 0x43, 0x64}:
./eltt2 -A 41624364
-A:
With the "-A" command you can hash given data with the SHA-256 hash
algorithm. This hash sequence sends 3 commands [start, update, complete] to
the TPM and allows to hash an arbitrary amount of data.
For example, use the following command to hash the byte sequence {0x41,
0x62, 0x43, 0x64}:
./eltt2 -A 41624364
-b:
With the "-b" command you can enter your own TPM command bytes and read the
TPM response.
For example, use the following command to send a TPM2_Startup with startup
type CLEAR to the TPM:
./eltt2 -b 80010000000C000001440000
-b:
With the "-b" command you can enter your own TPM command bytes and read the
TPM response.
For example, use the following command to send a TPM2_Startup with startup
type CLEAR to the TPM:
./eltt2 -b 80010000000C000001440000
-c:
With the "-c" command you can read the clock values of the TPM.
-c:
With the "-c" command you can read the clock values of the TPM.
-d:
With the "-d" command you can issue a TPM shutdown. It has 2 options:
./eltt2 -d
or
./eltt2 -d clear send a TPM2_Shutdown command with shutdown type CLEAR to
the TPM.
./eltt2 -d state send a TPM2_Shutdown command with shutdown type STATE to
the TPM.
-d:
With the "-d" command you can issue a TPM shutdown. It has 2 options:
./eltt2 -d
or
./eltt2 -d clear send a TPM2_Shutdown command with shutdown type CLEAR to
the TPM.
./eltt2 -d state send a TPM2_Shutdown command with shutdown type STATE to
the TPM.
-e:
With the "-e" command you can extend bytes in the selected PCR with SHA-1.
To do so, you have to enter the index of PCR in hexadecimal that you like to
extend and the digest you want to extend the selected PCR with. Note that
you can only extend PCRs with index 0 to 16 and PCR 23 and that the digest
must have a length of 20 bytes (will be padded with 0 if necessary).
The TPM then builds an SHA-1 hash over the PCR data in the selected PCR and
the digest you provided and writes the result back to the selected PCR.
For example, use the following command to extend PCR 23 (0x17) with the byte
sequence {0x41, 0x62, 0x43, 0x64, 0x00, ... (will be filled with 0x00)}:
./eltt2 -e 17 41624364
-e:
With the "-e" command you can extend bytes in the selected PCR with SHA-1.
To do so, you have to enter the index of PCR in hexadecimal that you like to
extend and the digest you want to extend the selected PCR with. Note that
you can only extend PCRs with index 0 to 16 and PCR 23 and that the digest
must have a length of 20 bytes (will be padded with 0 if necessary).
The TPM then builds an SHA-1 hash over the PCR data in the selected PCR and
the digest you provided and writes the result back to the selected PCR.
For example, use the following command to extend PCR 23 (0x17) with the byte
sequence {0x41, 0x62, 0x43, 0x64, 0x00, ... (will be filled with 0x00)}:
./eltt2 -e 17 41624364
-E:
With the "-E" command you can extend bytes in the selected PCR with SHA-256.
To do so, you have to enter the index of PCR in hexadecimal that you like to
extend and the digest you want to extend the selected PCR with. Note that
you can only extend PCRs with index 0 to 16 and PCR 23 and that the digest
must have a length of 32 bytes (will be padded with 0 if necessary).
The TPM then builds an SHA-256 hash over the PCR data in the selected PCR
and the digest you provided and writes the result back to the selected PCR.
For example, use the following command to extend PCR 23 (0x17) with the byte
sequence {0x41, 0x62, 0x43, 0x64, 0x00, ... (will be filled with 0x00)}:
./eltt2 -E 17 41624364
-E:
With the "-E" command you can extend bytes in the selected PCR with SHA-256.
To do so, you have to enter the index of PCR in hexadecimal that you like to
extend and the digest you want to extend the selected PCR with. Note that
you can only extend PCRs with index 0 to 16 and PCR 23 and that the digest
must have a length of 32 bytes (will be padded with 0 if necessary).
The TPM then builds an SHA-256 hash over the PCR data in the selected PCR
and the digest you provided and writes the result back to the selected PCR.
For example, use the following command to extend PCR 23 (0x17) with the byte
sequence {0x41, 0x62, 0x43, 0x64, 0x00, ... (will be filled with 0x00)}:
./eltt2 -E 17 41624364
-g:
With the "-g" command you can read the TPM's properties.
-g:
With the "-g" command you can read the TPM's properties.
-G:
With the "-G" command you can get a given amount of random bytes. Note that
you can only request a maximum amount of 32 random bytes at once.
For example, use the following command to get 20 (0x14) random bytes:
./eltt2 -G 14
-G:
With the "-G" command you can get a given amount of random bytes. Note that
you can only request a maximum amount of 32 random bytes at once.
For example, use the following command to get 20 (0x14) random bytes:
./eltt2 -G 14
-r:
With the "-r" command you can read data from a selected SHA-1 PCR.
For example, use the following command to read data from PCR 23 (0x17):
./eltt2 -r 17
-r:
With the "-r" command you can read data from a selected SHA-1 PCR.
For example, use the following command to read data from PCR 23 (0x17):
./eltt2 -r 17
-R:
With the "-R" command you can read data from a selected SHA-256 PCR.
For example, use the following command to read data from PCR 23 (0x17):
./eltt2 -R 17
-R:
With the "-R" command you can read data from a selected SHA-256 PCR.
For example, use the following command to read data from PCR 23 (0x17):
./eltt2 -R 17
-s:
With the "-s" command you can hash given data with the SHA-1 hash algorithm.
This command only allows a limited amount of data to be hashed (depending on
the TPM's maximum input buffer size).
For example, use the following command to hash the byte sequence {0x41,
0x62, 0x43, 0x64}:
./eltt2 -s 41624364
-s:
With the "-s" command you can hash given data with the SHA-1 hash algorithm.
This command only allows a limited amount of data to be hashed (depending on
the TPM's maximum input buffer size).
For example, use the following command to hash the byte sequence {0x41,
0x62, 0x43, 0x64}:
./eltt2 -s 41624364
-S:
With the "-S" command you can hash given data with the SHA-256 hash
algorithm. This command only allows a limited amount of data to be hashed
(depending on the TPM input buffer size).
For example, use the following command to hash the byte sequence {0x41,
0x62, 0x43, 0x64}:
./eltt2 -S 41624364
-S:
With the "-S" command you can hash given data with the SHA-256 hash
algorithm. This command only allows a limited amount of data to be hashed
(depending on the TPM input buffer size).
For example, use the following command to hash the byte sequence {0x41,
0x62, 0x43, 0x64}:
./eltt2 -S 41624364
-t:
With the "-t" command you can issue a TPM selftest. It has 3 options:
./eltt2 -t
or
./eltt2 -t not_full Perform a partial TPM2_Selftest to test previously
untested TPM capabilities.
./eltt2 -t full Perform a full TPM2_Selftest to test all TPM
capabilities.
./eltt2 -t incremental Perform a test of selected algorithms.
-t:
With the "-t" command you can issue a TPM selftest. It has 3 options:
./eltt2 -t
or
./eltt2 -t not_full Perform a partial TPM2_Selftest to test previously
untested TPM capabilities.
./eltt2 -t full Perform a full TPM2_Selftest to test all TPM
capabilities.
./eltt2 -t incremental Perform a test of selected algorithms.
-T:
With the "-T" command you can read the results of a previously run selftest.
-T:
With the "-T" command you can read the results of a previously run selftest.
-u:
With the "-u" command you can issue a TPM startup command. It has 2 options:
./eltt2 -u
or
./eltt2 -u clear send a TPM2_Startup with startup type CLEAR to the TPM.
./eltt2 -u state send a TPM2_Startup with startup type STATE to the TPM.
-u:
With the "-u" command you can issue a TPM startup command. It has 2 options:
./eltt2 -u
or
./eltt2 -u clear send a TPM2_Startup with startup type CLEAR to the TPM.
./eltt2 -u state send a TPM2_Startup with startup type STATE to the TPM.
-z:
With the "-z" command you can reset a selected PCR. Note that you can only
reset PCRs 16 and 23.
For example, use the following command to reset PCR 23 (0x17):
./eltt2 -z 17
-z:
With the "-z" command you can reset a selected PCR. Note that you can only
reset PCRs 16 and 23.
For example, use the following command to reset PCR 23 (0x17):
./eltt2 -z 17
2.2 Examples: