Platform Certificate Validation Tool - TPM 2.0
Clone or download
PlatformCertTool Add files via upload
Additional versions 1119, 1234, and 1331of the TSS have been released to the TSS sourceforge site since the Platform Verify tool set was released. Using Version 1119, the tool set will compile without a problem, but using versions 1234 and 1331 will show errors. This happens because there was a change in the directory structure of the TSS source code in the latter versions. Make sure the local directory structure is set up correctly.
Latest commit 60a6182 Dec 9, 2018
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
lib Add files via upload Oct 16, 2018
sampleFiles Add files via upload Oct 16, 2018
src Add files via upload Dec 9, 2018
ASNTestTool.bat Add files via upload Sep 18, 2018
CAchainECC.txt Add files via upload Sep 18, 2018
CAchainNuvoton.txt Add files via upload Sep 18, 2018
CAchainOptigaEccMfrCA022.txt Add files via upload Sep 18, 2018
CAchainOptigaRsaMfrCA022.txt Add files via upload Sep 18, 2018
CAchainRSA.txt Add files via upload Sep 18, 2018
EK.crt Add files via upload Sep 18, 2018
LICENSE Initial commit Sep 18, 2018
NuvotonTPMRootCA2110.pem Add files via upload Sep 18, 2018
OptigaEccMfrCA003.pem Add files via upload Sep 18, 2018
OptigaEccMfrCA022.pem Add files via upload Sep 18, 2018
OptigaEccRootCA.pem Add files via upload Sep 18, 2018
OptigaRsaMfrCA003.pem Add files via upload Sep 18, 2018
OptigaRsaMfrCA022.pem Add files via upload Sep 18, 2018
OptigaRsaRootCA.pem Add files via upload Sep 18, 2018
PlatCertsNoTPM.bat Add files via upload Sep 18, 2018
README.md Update README.md Oct 5, 2018
TPM2_Verifcation_Tools_Installation_Guide.pdf Add files via upload Sep 18, 2018
TPM2_Verifcation_Tools_Installation_Guide.txt Add files via upload Sep 18, 2018
TPM2_Verifcation_Tools_Usage.pdf Add files via upload Sep 18, 2018
TPM2_Verifcation_Tools_Usage.txt Add files via upload Sep 18, 2018
cert.cer Add files via upload Sep 18, 2018
getAndVerifyEK.exe Add files via upload Sep 18, 2018
getAndVerifyEK2.exe Add files via upload Sep 18, 2018
platformCertFromXml.bat Add files via upload Sep 18, 2018
platformCertFromXml.sh Add files via upload Sep 18, 2018
sample_ekcert.pem Add files via upload Sep 18, 2018
sample_ekcert.xml Add files via upload Sep 18, 2018
sample_ekcert_OptigaRsaMfrCA022.pem Add files via upload Sep 18, 2018
sample_plat_cert.cer Add files via upload Sep 18, 2018
sample_plat_cert.xml Add files via upload Sep 18, 2018
sample_plat_cert_common.xml Add files via upload Sep 18, 2018
sample_plat_cert_ek.xml Add files via upload Sep 18, 2018
sample_plat_cert_platform.xml Add files via upload Sep 18, 2018
title.txt Add files via upload Sep 18, 2018
tss.dll Add files via upload Sep 18, 2018
verifyEKandPlatCertsNoTPM.bat Add files via upload Sep 18, 2018
verifyEKandPlatCertsNoTPM.sh Add files via upload Sep 18, 2018
verifyEKandPlatCertsWithTPM.bat Add files via upload Sep 18, 2018
verifyEKandPlatCertsWithTPM.sh Add files via upload Sep 18, 2018
verifyEKinTPM.bat Add files via upload Sep 18, 2018
verifyEKinTPM.sh Add files via upload Sep 18, 2018
verifyPlatCertsNoTPM.bat Add files via upload Sep 18, 2018

README.md

TPM 2.0 PLATFORM CERTIFICATE VERIFICATION TOOLS INTSALLATION GUIDE

These are the Installation instructions for the TPM 2.0 version of the Platform Certificate Tools package.

  1. DEPENDENCIES This version of the TPM 2.0 Platform Certificate Verification toolset has the following dependencies.

    1. IBM's TPM 2.0 TSS (https://sourceforge.net/projects/ibmtpm20tss/) (version 1045+)
    2. OpenSSL 1.0.x
    3. [optional] IBM's Software TPM 2.0 (https://sourceforge.net/projects/ibmswtpm2/) (version 974+)
    4. Java JVM 1.7 or greater
    5. Ability to run Linux Bash script
  2. BUILDING ‘C’ EXECUTABLES There are two ‘C’ executables used in this package. These two executables will have to be built and linked into the same directory the tools shell scripts are run in.

    1. To build the two required executable files, getAndVerifyEK, and getAndVerifyEK2, follow the instructions in their respective readme.txt files. The readme file are found in the following two directories (relative to the toolset installation directory), ./src/c/getAndVerifyEK, and ./src/c/getAndVerifyEK2.

    2. Once those executable files are built link them into the installation directory for this toolset.

      cd .

      ln -s ./src/c/getAndVerifyEK/getAndVerifyEK .

      ln -s ./src/c/getAndVerifyEK2/getAndVerifyEK2 .

    3. Link IBM TSS libraries to current directory.

      ln -s /ibmtss1045/utils/libtss.so* .

  3. Shell Scripts The shell scripts have to be designated as executable files.

    1. Excute the following command from the command line

      chmod +x *.sh# PCVT_TPM20

Platform Certificate Validation Tool - TPM 2.0

  1. TPM 2.0 PLATFORM CERTIFICATE VERIFICATION TOOLS The TPM2_Verification_Too_Usage file describes typical use cases for this TPM 2.0 version of the Platform Certificate Tools package.

The first three use cases indicate how the tools may be used together in a manufacturing setting to obtain the EK Certificate from the platform, create the Platform Certificate, and then verify the binding between the two certificates. It will also generate XML files containing the information in the platform certificate to more easily access information about the certificates.

The fourth use case shows how the tools may be used out in the field to verify that the Endorsement Key (EK) Certificate and the Platform Certificate match.

This file has the command line usage and the expected output examples files.

  1. C code Readme Files

The Readme_getAndVerifyEK.txt and Readme_getAndVerifyEK2.txt files describe how to generate and compile the C tools getAndVerifyEK and getAndVerifyEK2

a. Overview

This tool is designed to be used by a customer after a platform's delivery, to verify the signature of the Endorsement Key (EK) Certificate and that it matches the EK in the TPM. It performs the following steps.

o Fetch EK Cert from TPM NV – find the correct certificate based Template o Verify the EK Cert against the input EK CA Public Key Chain o Compare the EK in the Cert with the EK in the TPM

b. Dependencies

1. IBM's TPM 2.0 TSS (https://sourceforge.net/projects/ibmtpm20tss/) (verison 1045+)

2. OpenSSL 1.0.x

c. Build Instructions

1. Build OpenSSL (see instructions inside OpenSSL package)

2. Build IBM's TPM 2.0 TSS (see instructions inside IBM TSS pacgage)

3. Link "ibmtss1045/utils/tss2/" and "ibmtss1045/utils/libtss.so*" to current directory

4. Run commands below:
    # cd src
    # make
    # cd ..

d. Run

To run this exectable file, run "./getAndVerifyEK2".

END of README