Coder Social home page Coder Social logo

tpm2-algtest's Introduction

TPM2_AlgTest

It has been found out that implementation specifics of cryptographic smart cards can lead to serious vulnerabilities [1]. Since TPM chips are often manufactured by the same vendors, we have decided to create a tool that would help with collection of data from various TPMs that could be used for further analysis and discovery of similar bugs.

This project uses sources from tpm2-tools project.

Running the tool

Install tpm2-tools and openssl.

Build tpm2-algtest tool:

$ git clone https://github.com/crocs-muni/tpm2-algtest.git
$ mkdir build
$ cd build
$ cmake .. && make
$ cd ..

Install requirements (and optionally use venv):

$ python -m venv venv
$ source venv/bin/activate
$ pip install -r requirements.txt

Run run_algtest.py:

$ python run_algtest.py all

Important: Please DO NOT suspend or hibernate the computer while running the algtest, it will affect the results! Locking the screen is ok.

Important: If during keygen test you don't see lines ending with rc 0000, but see some other number (return code), the key generation fails and it doesn't make sense to continue. Please contact me and send me the out.zip file anyway, the logs and TPM info there will still help us. A few erroneous return codes are ok.

Troubleshooting

If the script crashes with this message:

subprocess.CalledProcessError: Command '['sudo', 'tpm2_getcap', '-T', 'device', 'algorithms']' returned non-zero exit status 1.

check if there is some output in out/detail/Capability_algorithms.txt. If it says

ERROR:sys:src/tss2-sys/api/Tss2_Sys_Execute.c:80:Tss2_Sys_ExecuteFinish() Unsupported device. The device is a TPM 1.2 
ERROR: Failed to GetCapability: capability: 0x0, property: 0x1, TSS2_RC: 0x80001

ERROR: Unable to run tpm2_getcap

you have TPM 1.2 which is not compatible for this testing.

tpm2-abrmd

Only one process can access /dev/tpm0 directly at the same time. Some distributions (e.g. Fedora) use daemon tpm2-abrmd as a resource manager which already takes control of the device. In order to run this script you have to temporarily stop this daemon:

$ sudo systemctl stop tpm2-abrmd

When the script finishes, you can start it again:

$ sudo systemctl start tpm2-abrmd

tpm2-algtest's People

Contributors

danzatt avatar dependabot[bot] avatar dufkan avatar krouma avatar mbroz avatar petrs avatar simon-struk avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.