search

arnoldthebat / chromiumos

Stub Repo for chromiumos issues
https://arnoldthebat.co.uk/
Other
269 stars 34 forks source link

TPM driver on chromium OS (Maybe different interface support missing (?)) #197

Open dnnyy opened 6 years ago

dnnyy commented 6 years ago

Hey, by default there seem to be TPM drivers enabled into your builds as in the official chromiumOS source. However, my TPM chip (which uses 2.0) does somehow not get recognized. By typing sudo tpm_version you will get an error when your TPM does not work or if you don't have a TPM chip. The interface my CHIP uses is basically a CRB interface but the kernel module tpm_crb does not seem to be exist although I guess it exists in the kernel sources it just isn't compiled by default I guess.

However, I was trying some TPM (https://github.com/PeterHuewe/tpm-emulator) emulation, by just compiling the kernel module against your current build (v69) and after loading it and enabling the daemon and restarting tcsd sudo tpm_version indeed, gives output which means the driver works. TPM 2.0 emulation is not possible with it tho and somehow trunksd (from platform2 rather than platform) does not work with it either. I get weird errors like "Check failed: low_level_transceiver->Init(). Error initializing TPM". Dunno why it is not working tho. Maybe you got an idea there since you seem to have a really good understanding of chromium/Chrome.

So my question is, can you implement more tpm drivers or increase support somehow? I don't know if it's just my TPM chip which is not supported, but TPM emulation seems to be really nice as option tho if you could somehow make it working. Any insights on this?

However, could you just compile the tpm_crb as an external kernel module and upload it so I can check if it works tho?

Regards

erenoglu commented 6 years ago

Hi dnnyy, the trunksd and trunks_client binaries are for TPM2 modules as far as I understood. If your tpm-emulator supports only 1.2, you need to use its compatible binaries. I'm not sure what's included in the ChromeOS/ChromiumOS for TPM 1.2, maybe check for binaries starting with tpm*.

I found some other Software TPM emulators which may support TPM 2.0: https://github.com/stefanberger/swtpm/wiki https://chromium.googlesource.com/chromiumos/third_party/tpm-emulator

First one claims TPM 2.0 compatibility, not clear on 2nd one.

I'm having trouble with my TPM 2.0 module on my PC (tpm_tis), ChromeOS can't take ownership of it, even if Windows & Linux can. This is preventing me from saving client certificate to use in my EAP-TLS Wifi network, which is critical for me. So I'm willing to test any scenario you could come up with. (ie disable hw tpm, use your module and try).