It looks like this APress Open Book is also (or only) available via Springer now.
The below tweet made me realize I’ve not been looking enough for TPM utilities. I’ve seen tools from HP, Dell, and Lenovo. Still looking for tools from other OEMs. The only community tool I can find is BiosSledgehammer, which only works on HP systems.
BiosSledgehammer: Automated BIOS update, TPM firmware update and BIOS settings for HP devices.
Finnbarr P. Murphy has a new blog post about a new UEFI-based TPM tool he’s written.
[…]By the way, if you have access to the Intel TXT (Trusted Execution Technology) EFI compliance testing toolkit, the included utility, pcrdump.efi, provides similar functionality to the utility described in this post.[…]
See more of his UEFI Utilities:
James Bottomley has a new blog post on TPM v2 and Linux:
See his pervious blog posts for more on TPM and Linux.
Blogging aside, James also posted a TPM2 patch to TouSerS to allow support for OpenSSL:
[TrouSerS-tech] [PATCH 0/1] TPM2 engine support for openssl
This is a completed version of the original RFC. It’s working now both on the TPM2 simulator and on real hardware (I’ve converted my laptop to TPM2). I’ve updated it to use the latest version of the ASN.1 for the key format (still using a TCG OID). I have it building here (it’s what I’m currently using for my laptop VPNs):
But note that this version also has experimental patches to activate the in-kernel TPM Resource Manager because for multiple applications TPM2 really doesn’t work well without one. Since the patch for the RM is currently not upstream (yet), it’s not going to work unless you have a patched kernel.
“This project allows bidirectional enforcement of hardware-protected keys for SSH. Trusted Platform Module (TPM) attestation ensures that both parties are using hardware root of trust, a secure host, and non-exportable authentication keys.”
Interesting use of TPM in an open source project.
James has a follow-up post. The first post, besides being a good introduction to the Linux TPM stack, talks about using TPM as a store for your keys. This second post shows how to integrate with GNOME.
APress has a printing mode called APress Open where the ebook is freely-available, including this TPM 2.0-centric book: