search

tpm2-software / tpm2-tss

OSS implementation of the TCG TPM2 Software Stack (TSS2)
https://tpm2-software.github.io
BSD 2-Clause "Simplified" License
748 stars 364 forks source link

Centos #252

Closed YaHosoda closed 8 years ago

YaHosoda commented 8 years ago

Does anyone used this program with Centos (7.2 or later)?

flihp commented 8 years ago

I think the issue you'll run into with Centos / RHEL support is the kernel. The TPM2 drivers landed in the main line kernel around 4.2 but due to some bug fixes I'd recommend 4.4 or later. RHEL is still on a 3 series kernel and I don't know that they've back-ported the driver.

Can you confirm that the tpm_crb driver is in the Centos / RHEL kernel?

YaHosoda commented 8 years ago

Thank you very much for your information. I will confirm the tpm_crb driver. Another possibility is running TPM20-TSS with Federa as a platform. Do you know someone has used Fedora as a platform and if so, which version he/she uses?

flihp commented 8 years ago

I just walked a friend through building and installing the TSS on FC24. They ran into the usual problems: not reading the manual :) Once they got the autoconf-archive and libcmocka-devel package installed they got everything built just fine.

andy289 commented 8 years ago

Hi!

I have a half working system using the following:

The BIOS recognises TPM and gives option of Version 1 / version 2 / auto. Used auto and seen as Version 2. Offered either SHA1 or SHA256 for PCR; using SHA256.

Running Fedora 24 - Linux 4.6.3. I have recompiled kernel to add IMA and EVM features. I have compiled  Tools as at version 66a6f765c729e244120246ebc7ec29022e416ca0 and TSS as at c31b087. Now I can use the  tpm2_rc_decode so tell me what my errors are!

I can confirm the following appears to be working:

I have IMA giving me hashes of boot up files in /sys/kernel/security/ima/ascii_runtime_measurements but disagreements about boot aggregate hashes. I need to research this.

I do not a properly configured EFI system; it is always in 'setup' mode so I need to install the platform keys. This is a hand built machine. The system is booting in EFI mode but no signature checks are being done. Bit of a mess really.  I find SuperMicro's manuals unhelpful to say the least.

I have had no luck using keyctl to create tpm based keys - 'keyctl add trusted' fails. I have a query on AskFedora. 

Hope this is helpful.

Andy

On Wed, 2016-07-27 at 02:33 -0700, YaHosoda wrote:

Thank you very much for your information.  I will confirm the tpm_crb driver.

Another possibility is running TPM20-TSS with Federa as a platform. Do you know someone has used Fedora as a platform and if so, which version he/she uses?

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub, or mute the thread.