go-tpm-tools

module
v0.3.11 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 18, 2021 License: Apache-2.0, BSD-3-Clause

README

Go-TPM tools

The go-tpm-tools module is a TPM 2.0 support library designed to complement Go-TPM.

It contains the following public packages:

  • client: A Go package providing simplified abstractions and utility functions for interacting with a TPM 2.0, including:
    • Signing
    • Attestation
    • Reading PCRs
    • Sealing/Unsealing data
    • Importing Data and Keys
    • Reading NVData
    • Getting the TCG Event Log
  • server: A Go package providing functionality for a remote server to send, receive, and interpret TPM 2.0 data. None of the commands in this package issue TPM commands, but instead handle:
    • TCG Event Log parsing
    • Attestation verification
    • Creating data for Importing into a TPM
  • proto: Common Protocol Buffer messages that are exchanged between the client and server libraries. This package also contains helper methods for validating these messages.
  • simulator: Go bindings to the Microsoft's TPM 2.0 simulator.

This repository also contains gotpm, a command line tool for using the TPM. Run gotpm --help and gotpm <command> --help for more documentation.

Building and Installing gotpm

gotpm can be directly installed from this repo by running:

go install github.com/google/go-tpm-tools/cmd/gotpm@latest
# gotpm will be installed to $GOBIN
gotpm --help

Alternatively, to build gotpm from a cloned version of this repo, run:

cd /my/path/to/cloned/go-tpm-tools
go build ./cmd/gotpm
# gotpm will be in the root of the repo
./gotpm --help

Minimum Required Go Version

This project currently requires Go 1.16 or newer. Any update to the minimum required Go version will be released as a minor version update.

trousers errors when building server

When building the server library (or tests) you may get an error that looks like:

fatal error: trousers/tss.h: No such file or directory
   17 | // #include <trousers/tss.h>
      |           ^~~~~~~~~~~~~~~~
compilation terminated.

This is because the server library (indirectly) depends on the Trousers libtspi library. This is a temporary dependency (tracking issue). To fix this error, install libtspi by running:

sudo apt install libtspi-dev

openssl errors when building simulator

Similarly, when building the simulator library (or tests), you may get an error that looks like:

fatal error: openssl/aes.h: No such file or directory
   47 | // #include <openssl/aes.h>
      |           ^~~~~~~~~~~~~~~~
compilation terminated.

This is because the simulator library depends on having the OpenSSL headers installed. To fix this error, install them by running:

sudo apt install libssl-dev

macOS Dev

macOS fails to go build and go test by default with the error ld: library not found for -lcrypto. Fix it by installing OpenSSL and pointing cgo to the include and lib.

These commands were tested on macOS 10.15.7 (Catalina).

Install OpenSSL
  1. Install Homebrew
  2. brew install openssl
  3. cd /usr/local/include
  4. sudo ln -s $(brew --prefix openssl)/include/openssl .

To point the simulator at openssl as provided by Homebrew, there are a couple of options. Both of these use the output of $(brew --prefix openssl) for $OPENSSL_PATH.

Add OpenSSL to the include and library path at the command line

This solution does not require modifying go-tpm-tools code and is useful when working on other projects that depend on go-tpm-tools/simulator.

C_INCLUDE_PATH="$OPENSSL_PATH/include" LIBRARY_PATH="$OPENSSL_PATH/lib" go test ...
Add OpenSSL to the include and library path in the code

This solution modifies your local copy of the go-tpm-tools simulator source and removes the need to provide the paths on the command line.

Remember to remove the lines from simulator/internal/internal.go before committing changes.

// #cgo CFLAGS: -I $OPENSSL_PATH/include
// #cgo LDFLAGS: -L$OPENSSL_PATH/lib

No TPM 1.2 support

Unlike Go-TPM (which supports TPM 1.2 and TPM 2.0), this module explicitly only supports TPM 2.0. Users should avoid use of TPM 1.2 due to the inherent reliance on SHA1 (which is quite broken).

Copyright 2018 Google Inc. under the Apache 2.0 License. Microsoft's TPM simulator code is licensed under a 3-clause BSD license and the TCG software license. See the LICENSE file for more information.

This is not an official Google product.

Directories

Path Synopsis
Package client contains some high-level TPM 2.0 functions.
Package client contains some high-level TPM 2.0 functions.
cmd
Package cmd contains a CLI to interact with TPM.
Package cmd contains a CLI to interact with TPM.
Package notinternal contains private helper functions needed in client and server
Package notinternal contains private helper functions needed in client and server
test
Package test provides helper methods for testing.
Package test provides helper methods for testing.
Package proto contains protocol buffers that are exchanged between the client and server.
Package proto contains protocol buffers that are exchanged between the client and server.
tpm
Package server contains functions to be ran on a server (no TPM needed), as oppose to a client (with TPM).
Package server contains functions to be ran on a server (no TPM needed), as oppose to a client (with TPM).
Package simulator provides a go interface to the Microsoft TPM2 simulator.
Package simulator provides a go interface to the Microsoft TPM2 simulator.
internal
Package notinternal provides low-level bindings to the Microsoft TPM2 simulator.
Package notinternal provides low-level bindings to the Microsoft TPM2 simulator.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL