github.com/jlmucb/cloudproxy@v0.0.0-20170830161738-b5aa0b619bc4/src/tpm2/README

github.com/jlmucb/cloudproxy@v0.0.0-20170830161738-b5aa0b619bc4/src/tpm2/README (about)

     1  This is a very preliminary version of a tpm2 utility.
     2  
     3  compile my saying make -f tpm2.mak.
     4  
     5  You'll have to adjust the object and binary directories.
     6  
     7  You can try the following tests, as root.
     8  
     9  ./tpm2_util.exe --command=KeyCombinedTest --pcr_num=7
    10  ./tpm2_util.exe --command=Flushall
    11  ./tpm2_util.exe --command=SealCombinedTest --pcr_num=7
    12  ./tpm2_util.exe --command=Flushall
    13  ./tpm2_util.exe --command=QuoteCombinedTest --pcr_num=7
    14  ./tpm2_util.exe --command=Flushall
    15  ./tpm2_util.exe --command=NvCombinedTest
    16  ./tpm2_util.exe --command=Flushall
    17  ./tpm2_util.exe --command=ContextCombinedTest
    18  ./tpm2_util.exe --command=Flushall
    19  
    20  Other random commands that work are:
    21  
    22  ./tpm2_util.exe --command=GetRandom
    23  ./tpm2_util.exe --command=ReadClock
    24  ./tpm2_util.exe --command=GetCapabilities
    25  ./tpm2_util.exe --command=ReadPcr --pcr_num=15
    26  
    27  The following utilities implement the cloudproxy protocols:
    28  
    29  GeneratePolicyKey.exe - Generates the policy key.
    30  SelfSignPolicyCert.exe - Self signs policy key.  The resulting cert should be included
    31                                     in the cloudproxy applications.
    32  GetEndorsementKey.exe - Gets the TPMs endorsement key.
    33  CloudProxySignEndorsementKey.exe - Signs the endorsement key with the policy key.
    34  
    35  CreateAndSaveCloudProxyKeyHierarchy.exe  - Generates and save the TPM key hierarchy.
    36  RestoreCloudProxyKeyHierarchy.exe - Restores the TPM key hierarchy.
    37  
    38  ClientGenerateProgramKeyRequest.exe - Generates a program key and request, quoting the hash
    39       of the request.
    40  ServerSignProgramKeyRequest.exe - Checks the program key request.  If compliant, signs and
    41       encrypts the cert with a symmetric key.  The symmetric key is sealed to the ActivateCredential
    42       protocol protected by the requestor's Endorsement and Quoting keys.
    43  ClientGetProgramKeyCert.exe - Uses ActivateCredential to unseal the symmetric key
    44       protecting the signed program cert and decrypts the program key cert file.
    45  
    46  SigningInstructions.exe - prepares signing instructions for signing functions.
    47  
    48  Coming: PolicyInstructions - prepares policy ServerSignProgramKeyRequest.exe will consult to
    49       determine which program keys to sign,
    50  
    51  There are two test script: testall.sh and prototest.sh.  Most of the commands must
    52  be run as root.
    53  
    54  Many thanks to Paul England for very helpful discussions.
    55  
    56  John