Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
View Source
var ( App *app.App InitParams *app.AppInitParams DevicePath string )
View Source
var ClearCmd = &cobra.Command{ Use: "clear", Short: "TPM2_Clear", Long: `This command removes all TPM context associated with a specific Owner. The clear operation will: • flush resident objects (persistent and volatile) in the Storage and Endorsement hierarchies; • delete any NV Index with TPMA_NV_PLATFORMCREATE == CLEAR; • change the storage primary seed (SPS) to a new value from the TPM’s random number generator (RNG), • change shProof and ehProof, NOTE 1 The proof values are permitted to be set from the RNG or derived from the associated new Primary Seed. If derived from the Primary Seeds, the derivation of ehProof shall use both the SPS and EPS. The computation shall use the SPS as an HMAC key and the derived value may then be a parameter in a second HMAC in which the EPS is the HMAC key. The reference design uses values from the RNG. • SET shEnable and ehEnable; • set ownerAuth, endorsementAuth, and lockoutAuth to the Empty Buffer; • set ownerPolicy, endorsementPolicy, and lockoutPolicy to the Empty Buffer; • set Clock to zero; • set resetCount to zero; • set restartCount to zero; and • set Safe to YES. • increment pcrUpdateCounter This command requires Platform Authorization or Lockout Authorization. If TPM2_ClearControl() has disabled this command, the TPM shall return TPM_RC_DISABLED. If this command is authorized using lockoutAuth, the HMAC in the response shall use the new lockoutAuth value (that is, the Empty Buffer) when computing the response HMAC. See TPM 2.0 Part 3: Commands - Section 24.6: TPM2_Clear https://trustedcomputinggroup.org/wp-content/uploads/TPM-2.0-1.83-Part-3-Commands.pdf `, Run: func(cmd *cobra.Command, args []string) { App.Init(InitParams) var err error if err := App.OpenTPM(); err != nil { App.Logger.Fatal(err) } defer func() { if err := App.TPM.Close(); err != nil { App.Logger.Fatal(err) } }() if bForce { deviceName := filepath.Base(DevicePath) file := fmt.Sprintf("/sys/class/tpm/%s/ppi/request", deviceName) err = os.WriteFile(file, []byte("5"), os.ModePerm) if err != nil { App.Logger.Fatal(err) } color.New(color.FgGreen).Printf("Success, now reboot") return } switch strings.ToLower(hierarchy) { case "e": err = App.TPM.Clear(InitParams.SOPin, tpm2.TPMRHEndorsement) case "o": err = App.TPM.Clear(InitParams.SOPin, tpm2.TPMRHOwner) case "l": err = App.TPM.Clear(InitParams.SOPin, tpm2.TPMRHLockout) } if err != nil { App.Logger.Fatal(err) } color.New(color.FgGreen).Printf("TPM successfully cleared") }, }
View Source
var EKCmd = &cobra.Command{ Use: "ek", Short: "Retrieve TPM 2.0 Public Endorsement Key", Long: `Display TPM 2.0 Endorsement Public Key in PEM form`, Run: func(cmd *cobra.Command, args []string) { App.Init(InitParams) if err := App.OpenTPM(); err != nil { App.Logger.Warning(err) } defer func() { if err := App.TPM.Close(); err != nil { App.Logger.Fatal(err) } }() if !bRSA && !bRSA { fmt.Println("No algorithm flags, defaulting to RSA...") bRSA = true } if bRSA { rsaPub := App.TPM.EKRSA() fmt.Println(keystore.EncodePubKey(rsaPub)) } if bECC { eccPub := App.TPM.EKECC() fmt.Println(keystore.EncodePubKey(eccPub)) } if bCertificate { cert, err := App.TPM.EKCertificate() if err != nil { App.Logger.Fatal(err) } fmt.Println(certstore.EncodePEM(cert.Raw)) } }, }
View Source
var EventLogEKCmd = &cobra.Command{ Use: "eventlog", Short: "Dumps the local binary_bios_measurements log", Long: `Dumps the TPM event log from the local system. Read permissions are required to the system file. TODO: Needs parsing to human-readable format.`, Run: func(cmd *cobra.Command, args []string) { App.Init(InitParams) eventLog, err := App.TPM.EventLog() if err != nil { App.Logger.Fatalf("error parsing event log: %s", err) } App.Logger.Infof("%s", string(eventLog)) }, }
View Source
var InfoCmd = &cobra.Command{ Use: "info", Short: "Retrieve TPM 2.0 general information", Long: `Display TPM 2.0 Endorsement Public Key in PEM form`, Run: func(cmd *cobra.Command, args []string) { App.Init(InitParams) if err := App.OpenTPM(); err != nil { App.Logger.Warning(err) } defer func() { if err := App.TPM.Close(); err != nil { App.Logger.Fatal(err) } }() App.TPM.PrintCapabilities() }, }
View Source
var ProvisionCmd = &cobra.Command{ Use: "provision", Short: "Provision Trusted Platform Module", Long: `Provisions a Trusted Platform Module in alignment with the TCG provisioning guidance.`, Run: func(cmd *cobra.Command, args []string) { InitParams.Initialize = true App.Init(InitParams) App.InitTPM(InitParams.PlatformCA, InitParams.SOPin, InitParams.Pin) ekAttrs, err := App.TPM.EKAttributes() if err != nil { App.Logger.Fatal(err) } keystore.PrintKeyAttributes(ekAttrs) ssrkAttrs, err := App.TPM.SSRKAttributes() if err != nil { App.Logger.Fatal(err) } keystore.PrintKeyAttributes(ssrkAttrs) iakAttrs, err := App.TPM.IAKAttributes() if err != nil { App.Logger.Fatal(err) } keystore.PrintKeyAttributes(iakAttrs) }, }
Functions ¶
This section is empty.
Types ¶
This section is empty.
Source Files
Click to show internal directories.
Click to hide internal directories.