Uncategorized

TPM: A Practical Guide (free ebook)

http://www.springer.com/us/book/9781430265832

It looks like this APress Open Book is also (or only) available via Springer now.

See also: https://firmwaresecurity.com/2016/12/19/apress-tpm-book-free-ebook-option/

Standard
Uncategorized

TPM firmware updates (and BiosSledgehammer)

The below tweet made me realize I’ve not been looking enough for TPM utilities. I’ve seen tools from HP, Dell, and Lenovo. Still looking for tools from other OEMs. The only community tool I can find is BiosSledgehammer, which only works on HP systems.

https://github.com/texhex/BiosSledgehammer

BiosSledgehammer: Automated BIOS update, TPM firmware update and BIOS settings for HP devices.

http://h20566.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c05381064

http://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c05192291

http://www.dell.com/support/home/us/en/4/Drivers/DriversDetails?driverId=2105J

http://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c05192291

http://support.lenovo.com/us/en/downloads/ds038226

https://www.dell.com/support/article/us/en/04/SLN300914/trusted-platform-module–tpm–upgrade-downgrade-process-for-windows-7-and-10-operating-system-upgrade-downgrade?lang=EN

Standard
Uncategorized

Finbarr’s TPM 2.0 PCR Tool

Finnbarr P. Murphy has a new blog post about a new UEFI-based TPM tool he’s written.

[…]By the way, if you have access to the Intel TXT (Trusted Execution Technology) EFI compliance testing toolkit, the included utility, pcrdump.efi, provides similar functionality to the utility described in this post.[…]

http://blog.fpmurphy.com/2017/01/uefi-utility-to-read-tpm-1-2-pcrs.html

See more of his UEFI Utilities:

https://firmwaresecurity.com/2016/03/08/fpmurphys-uefi-utilities-has-2016-fork/

https://github.com/fpmurphy/UEFI-Utilities

https://github.com/fpmurphy/UEFI-Utilities-2016

Standard
Uncategorized

James on Linux and TPM (and TouSerS)

James Bottomley has a new blog post on TPM v2 and Linux:

http://blog.hansenpartnership.com/tpm2-and-linux/

See his pervious blog posts for more on TPM and Linux.

Blogging aside, James also posted a TPM2 patch to TouSerS to allow support for OpenSSL:

[TrouSerS-tech] [PATCH 0/1] TPM2 engine support for openssl

This is a completed version of the original RFC.  It’s working now both on the TPM2 simulator and on real hardware (I’ve converted my laptop to TPM2).  I’ve updated it to use the latest version of the ASN.1 for the key format (still using a TCG OID). I have it building here (it’s what I’m currently using for my laptop VPNs):

https://build.opensuse.org/package/show/home:jejb1:Tumbleweed/openssl_tpm_engine

But note that this version also has experimental patches to activate the in-kernel TPM Resource Manager because for multiple applications TPM2 really doesn’t work well without one.  Since the patch for the RM is currently not upstream (yet), it’s not going to work unless you have a patched kernel.

More info:
https://lists.sourceforge.net/lists/listinfo/trousers-tech

Standard