Security & Smart Card Forum Discussions

安装tpm2-tools，在安装依赖项执行以下命令时：

sudo apt -y install autoconf automake libtool pkg-config \
gcc libssl-dev libcurl4-gnutls-dev pandoc python-yaml expect

报E: Package 'python-yaml' has no installation candidate 错误

Raspberry PI 3 model B V1.2，内核版本为：Linux raspberrypi 5.15.76-v7+ #1597 SMP Fri Nov 4 12:13:17 GMT 2022 armv7l GNU/Linux。

Hello everyone, I am able to execute tpm2_quote and tpm2_checkquote command successfully. Even I found the equivalent function for tpm2_quote command in esys api library which is esys_quote( ). But I am not able to find any equivalent function for tpm2_checkquote command in esys api. Please guide me how to do the same thing. 

Hello,

I see that optiga has only1 AES key slot (0xE200) but for our use case we need to store at least 5 AES keys in secure storage.

Is there a solution to this? Or any alternative SE?

Thanks

Reference:

https://github.com/Infineon/optiga-trust-m/wiki/Data-and-Key-Store-Overview

Hi Team,

We are working on secure boot implementation in AM5748 using slb9673 TPM2.0.

We are able to detect the tpm2.0 chip in U-boot and we can able to test using commands, But we need more information on enabling secure boot at U-boot stage, And do we need to add TSS  to U-boot?

Can you please provide us a detailed procedure to implement secure boot at u-boot stage using SLB9673 TPM2.0.

Thanks and regards

Yashwanth T L

Hello,

for our project we want to use an SLB9670 TPM chip and I didn't get it to work up to now.

Hardware: i.MX8QM -  Variscite Module
Software: Linux 5.4.142

The image is modified for the tpm support:

zgrep --ignore-case tpm /proc/config.gz
CONFIG_TCG_TPM=y
CONFIG_HW_RANDOM_TPM=y
# CONFIG_TCG_VTPM_PROXY is not set
# CONFIG_TCG_FTPM_TEE is not set
# CONFIG_MFD_STPMIC1 is not set
# CONFIG_PWM_IMX_TPM is not set

zgrep --ignore-case TIS_SPI /proc/config.gz
CONFIG_TCG_TIS_SPI=m

The tcg_tpm_tis overlay is applied for lpspi0.

In the iomux section:

pinctrl_lpspi0: pinctrl_spigrpgio {
fsl,pins = <
IMX8QM_SPI0_SCK_DMA_SPI0_SCK 0x06000040
  IMX8QM_SPI0_SDO_DMA_SPI0_SDO 0x06000060
   IMX8QM_SPI0_SDI_DMA_SPI0_SDI 0x06000060
  >;
};

pinctrl_lpspi0_cs: lpspics0grp {
  fsl,pins = <
   IMX8QM_SPI0_CS0_LSIO_GPIO3_IO05 0x06000020
  >;
};

&lpspi0 {
#address-cells = <1>;
#size-cells = <0>;
fsl,spi-num-chipselects = <2>;
pinctrl-names = "default";
pinctrl-0 = <&pinctrl_lpspi0 &pinctrl_lpspi0_cs>;
cs-gpios = <&lsio_gpio3 5 GPIO_ACTIVE_LOW>;
status = "okay";
assigned-clock-rates = <60000000>;
slb9670@0 {
compatible = "var,spidev";
spi-max-frequency = <500000>;
reg = <0>;
};
};

During the start up the spi is working and try to read the vendor id. This communication looks like:

SPI - COM Startup

After 4 bytes, the cs signal get high. This behaviour looks not so good.

When I call the spidev_test function to get the vendor ID, I can see the answer of 0x15D1.

SPI Test fct - Read Vendor ID

Do you have any idea to get the communication working?

Best regards,

Chris

I am wondering if 2 CVEs published by US-CERT against the TPM 2.0 Module library (CVE-2023-1017 and CVE-2023-1018) affect the SLM9670AQ20FW1311XTMA1 ?

If the product is affected is there any work around or firmware update ?

Thanks in advance

Hi,

「Board Description OPTIGA™ TPM SLB 9672 RPI evaluation board」 "2.1 Schematic" shows the schematic, but the PIRQ# pull-up resistor is n.p.
Is this correct that the customer needs to add a pull-up resistor?

https://www.infineon.com/dgdl/Infineon-OPTIGA%20TPM%20SLB%209672%20FW15-DataSheet-v01_00-EN.pdf?fileId=8ac78c8c850f4bee01852eeaeb200bc8

Best Regards

Hi all,

My system configuration:

• TPM device: SLB9672
• Fedora 35
• tpm2 dependencies:
  • openssl.aarch64: 1.1.1n-1.fc32
  • tpm2-tss.aarch64: 3.2.2-1.fc35
  • tpm2-tools.aarch64: 5.4-1.fc35

Description:

I got errors while executing tpm2_nvundefine

Specifically, this is my command sequences:

$ echo "please123abc" >nv.test_w
$ echo "Allocate NV memory at 0x1500018"
$ tpm2_nvdefine -Q 0x1500018 -C o -s 32 -a "ownerread|policywrite|ownerwrite"
$ echo "Writing data to NV memory at 0x1500018"
$ tpm2_nvwrite -Q 0x1500018 -C o -i nv.test_w
$ cat nv.test_w
$ echo "Reading data from NV memory at 0x1500018"
$ tpm2 nvread -Q 0x1500018 -C o -s 32 -o nv.test_w_out
$ cat nv.test_w_out
$ echo "Display the total available NV memory after allocation "
$ tpm2_nvreadpublic
$ echo "Deallocate NV memory at 0x1500018 "
$ tpm2_nvundefine -Q 0x1500018

And this is the terminal output

Allocate NV memory at 0x1500018
Writing data to NV memory at 0x1500018
please123abc
Reading data from NV memory at 0x1500018
please123abc
Display the total available NV memory after allocation 
0x1500018:
  name: 000be2f8083260af321548a6b21123e36c90729bd625b89c42fe7dfd41a940ac914c
  hash algorithm:
    friendly: sha256
    value: 0xB
  attributes:
    friendly: ownerwrite|policywrite|ownerread|written
    value: 0x2002000A
  size: 32

0x1c00002:
  name: 000b27f802855e9cf3fd408f515724ea495bec5613d130f325e16c3b33e0a9fd45e8
  hash algorithm:
    friendly: sha256
    value: 0xB
  attributes:
    friendly: ppwrite|writedefine|ppread|ownerread|authread|no_da|written|platformcreate
    value: 0x62072001
  size: 1171

0x1c0000a:
  name: 000bb80c6ab6dbc90dcee5b6b7c2a426afcca4efea21e35e0bed824bb3701d25e3bc
  hash algorithm:
    friendly: sha256
    value: 0xB
  attributes:
    friendly: ppwrite|writedefine|ppread|ownerread|authread|no_da|written|platformcreate
    value: 0x62072001
  size: 775

Deallocate NV memory at 0x1500018 
[  294.609187] tpm tpm0: Operation Timed out
ERROR:tcti:src/tss2-tcti/tcti-device.c:198:tcti_device_receive() Failed to get response size fd 3, got errno 62: Timer expired 
ERROR:esys:src/tss2-esys/api/Esys_NV_UndefineSpace.c:309:Esys_NV_UndefineSpace_Finish() Received a non-TPM Error 
ERROR:esys:src/tss2-esys/api/Esys_NV_UndefineSpace.c:108:Esys_NV_UndefineSpace() Esys Finish ErrorCode (0x000a000a) 
ERROR: Failed to release NV area at index 0x1500018
ERROR: Esys_NV_UndefineSpace(0xA000A) - tcti:IO failure
ERROR:esys:src/tss2-esys/esys_iutil.c:1145:iesys_check_sequence_async() Esys called in bad sequence. 
ERROR:esys:src/tss2-esys/api/Esys_FlushContext.c:66:Esys_FlushContext() Error in async function ErrorCode (0x00070007) 
ERROR: Esys_FlushContext(0x70007) - esapi:Function called in the wrong order
ERROR: Unable to run tpm2_nvundefine