Documentation
Download
Examples
TSPI API
Links
Examples and test runs
In a "screenshot" manner, this page is intended to show the user programs in action. To recap, neither our user tools nor their syntax are part of the TCG/MTM v.1 specification, originally we did them in order to have a way to test the new functionality.
# Start mtmd and tcsd
$ mtmcontrol start
# Take ownership needed
$ tpm_takeownership
Enter owner password:
Confirm password:
Enter SRK password:
Confirm password:
# Try to read PCR1 value
$ tpm_readpcr -n 1
PCR[01]: ffffffffffffffffffffffffffffffffffffffff
# Extend PCR1 value few times
$ tpm_extend -n 1 -m 0x00000fffff00000fffff000
PCR[01]: ac2b2402d057c2b9a3be2da109d1fff16e709502
$ tpm_extend -n 1 -m 0x00000fffff00000fffff000
PCR[01]: a7e5324c846e145bd606514a738eec9df3d10d04
$ tpm_extend -n 1 -m 0x00000fffff00000fffff000
PCR[01]: 91e38647641ebf484870b41e1e05ae682290693b
# Create data file for PCR selection - select PCR1 and PCR2
$ echo "1 2" > pcrselection.conf
# Set PCR1 and PCR2 as verified PCRs
$ tpm_setverifiedpcrselection -i pcrselection.conf
Enter owner password:
Verified PCR selection is set
# Try to read PCR1 and then extend it. Extend should fail.
$ tpm_readpcr -n 1
PCR[01]: 91e38647641ebf484870b41e1e05ae682290693b
$ tpm_extend -n 1 -m 0x00000fffff00000fffff000
Tspi_TPM_PcrRead failed: 0x0000003d - layer=tpm, code=003d (61), Unknown error
$ tpm_readpcr -n 1
PCR[01]: 91e38647641ebf484870b41e1e05ae682290693b
# Create a verification key.
$ tpm_vkey_create -m 7 -u 3 -o vkey.key -k vkey.rsa
RSA public key extraction
Key size 516 (bytes)
548 bytes written
646 bytes written
# Load verification key to MTM
$ tpm_loadverificationkey -i vkey.key -o vkey.handle
Enter owner password:
Handle is 0x1
Verification key installed
# Create a RIM certificate to authorize extend of PCR1
# Create first a measurement file targeted to extend PCR1
$ echo "1" > measurement.conf
$ echo "00000fffff00000fffff000" >> measurement.conf
# RIM certificate can depend on PCR state. Here PCR2 contains
# initialized values (all ones)
$ echo "2" > state.conf
$ echo "fffffffffffffffffffffff" >> state.conf
# RIM certificate counter dependency - counter 2, value 1
$ echo "2 1" > counter.conf
# Create RIM certificate
$ tpm_rimcert_create -o extendpcr1.cert -k vkey.rsa -p 7 -m measurement.conf \
-s state.conf -c counter.conf
ParentId was 0x7
Measurement data read
tpm_integrity.c:179: Info: tpm_compute_pcr_digest()
PCR state read
RIM cert created
RSA key size is 2048 bits
RSA - size is 334
Marshalling done
Signing done
Integrity data (256 bytes) : 0x8c91c6a852c0bf5bf042aad4702820f1cab787ec070cb47ab\
4404b0f087226840f6e955e5fa784da008d3d16822754b5995f39f5af19595ff6c7971485e332e376c3\
5bd3a5d6b55b46ebbb2d11a6b57cc120f50b30f8db55a172ad924546fff6e4395bab96d917068dbb4f8\
dc3803073b7ca25f41c61746f7fe5eb0802d1f2ce6ab7b316783d3601c2c8be3de7ec7d168d6d810225\
709310b63c52efc2d2e0f0ecef9236f56e4edd85189cf57c832e4cdc582e4fc6209343de04d1d9d5c97\
04864c90aed033e29029386e7835e94e104415959f56e0b0c28ec18e9b875c9d70da230a77e6a88cb8b\
96ac870fcfd2a15c390d07c462f77d4ee3ed5d24b9a04e86
integrity data created
# Verify RIM certificate and extend PCR1 with a measurement value
$ tpm_verifyrimcert -i extendpcr1.cert -r 1 -k vkey.handle
RIM KEY ID IS 1
RIM certificate verified
# Read PCR1 value
$ tpm_readpcr -n 1
PCR[01]: 91e38647641ebf484870b41e1e05ae682290693b
# Dump RIM certificate
$ tpm_rimcert_dump extendpcr1.cert
TPM_RIM_CERTIFICATE
TAG: 770
LABEL: PLATON2
VERSION: 1
COUNTER: 2
VALUE: 1
STATE:
Size of PCR selection: 3
pcrSelect[0] = 0x04
pcrSelect[1] = 0x00
pcrSelect[2] = 0x00
Locality: 31
State digest: 0xfe6ecbac76620290d3480a7ab716cd4faf2739bd
PCR index: 1
Measurement digest: 0x00000fffff00000fffff00000000000000000000
ParentId 7
No extension
Integrity digest: 0x8c91c6a852c0bf5bf042aad4702820f1cab787ec070cb47ab4404b0f0\
87226840f6e955e5fa784da008d3d16822754b5995f39f5af19595ff6c7971485e332e376c35bd3a5d6\
b55b46ebbb2d11a6b57cc120f50b30f8db55a172ad924546fff6e4395bab96d917068dbb4f8dc380307\
3b7ca25f41c61746f7fe5eb0802d1f2ce6ab7b316783d3601c2c8be3de7ec7d168d6d810225709310b6\
3c52efc2d2e0f0ecef9236f56e4edd85189cf57c832e4cdc582e4fc6209343de04d1d9d5c9704864c90\
aed033e29029386e7835e94e104415959f56e0b0c28ec18e9b875c9d70da230a77e6a88cb8b96ac870f\
cfd2a15c390d07c462f77d4ee3ed5d24b9a04e86
# Dump verification key
$ tpm_vkey_dump vkey.key
TPM_VERIFICATION_KEY
TAG: 0x301
USAGE FLAGS: 0x3
PARENT ID: 0xffffffff
MY ID: 0x7
COUNTER: 0
VALUE: 0
KEY ALGORITHM: 0x1
KEY SCHEME: 0x2
No extension
Key data (516 bytes) : 0x01000003c0b93a8c335936b872172728457e887cfe30804a66dd6332f\
e46207604faf2c6981dba1f466bf14e56ab3fc019ef607025ba6f803263acc716635a928e1d99c8e73e\
3573ef6d8e2a4b9157c1a71c0d32ddb36b3b45acc67db2bc37811e12261a79d7e5fd30dbbb6c34c90a5\
70e7be7d3ea9fc56cb9e628adfab1cc8190ca68e45bcf65b5248fa48e659b2c570df50aa75104476b00\
703f06a9657b406dc4e0689420ca412a9c1f10f8d84636444f1b2b3d4555a0d33e7e9b30f12d75b04d1\
8c2fa44bf775a2ab29005731351e7b4f9a3211962010f8bc9fa54d31fed1e6c51dec46d5a1420ab2963\
29854300af56ad28bcc0856547100b1c941f6096d4a5723f01000100efbeadde70d1ebb700000000000\
00000509e01fee56ac4d912983107a35b27d6905fad226a747d3298320f113a7a89f950117c874998a6\
5d71b62ea909ad07349ced37c74c3c49637d27b17fc7cbb5520c84731dab822e26fbe33e62364ede9ec\
6cc5b00289df48925c5f836a0a2b19f0eb3f35373d8da1b70caf6fb775ab09166828957042ce7e0a002\
000088000000b401d249796a88143cf0d0a0d0451853fffad270b025c34cf672f80d6073ff2c2feb469\
fe10951aec8a4d4f06230f60c5a740ccef916090781052f03c53f94dc47219f7cabda52ded4079ffe16\
2fb0a4ed6f70300b7bb82912d5b32e7edf791d4b8f3148d6162e9c38d0b70c
RSA size is 2048 bits
No integrity check data
# Stop MTM emulator
$ mtmcontrol stop
Updated: 25.2.2008