The source repository for the TPM (Trusted Platform Module) 2 tools
Clone or download
diabonas and williamcroberts tpm2_create: Use better object attributes defaults for authentication
The tpm2_create tool allows to define a policy session or a password for
authentication. By default no policy session is used and the password is
empty, which means that this empty password is used for authentication.

So the default object attribute flag userWithAuth is set in order to use
the empty password. This isn't a good default though if a policy is set,
since in this case the policy session has to be used for authentication
instead of an empty password.

If a policy is defined, the userWithAuth bit has to be clear unless the
user defines a password so in that case authentication would happen only
using the policy session or the defined password.

Also add these cases in the integration test to detect regressions.

Fixes: #1123

Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
Latest commit 119c29e Sep 21, 2018

README.md

Build Status Coverity Scan Coverage Status

This site contains the code for the TPM (Trusted Platform Module) 2.0 tools based on tpm2-tss

News

  • Release 3.1.2 is now available.
  • A mailing list now exists for support: https://lists.01.org/mailman/listinfo/tpm2
  • CVE-2017-7524 - Where an HMAC authorization uses the tpm to perform the hmac calculation. This results in a disclosure of the password to the tpm where the user would not expect it. It appears likely unreachable in the current code base. This has been fixed on releases greater than version 1.1.1.

Build and Installation instructions:

Instructions for building and installing the tpm2-tools are provided in the INSTALL.md file.

Release Procedures

Instructions for how releases are conducted, including our QA practices, please see the RELEASE.md file.

Support

Please use the mailing list at https://lists.01.org/mailman/listinfo/tpm2 for general questions. The Issue Tracker on github should be reserved for actual feature requests or bugs. For security bugs, please see CONTRIBUTING.md for information on how to submit those.

Resources

The tpm2-tools wiki: https://github.com/tpm2-software/tpm2-tools/wiki

TPM 2.0 specifications can be found at Trusted Computing Group.

Specifically, the following sections:

The Library Specification

This specifies the external programatic interface to the TPM: https://trustedcomputinggroup.org/tpm-library-specification/

The System API Specification

This is the SAPI dependency mentioned in INSTALL.md. This is the low-level software API to the tpm. The tpm2-tools project relies heavily on this. https://trustedcomputinggroup.org/wp-content/uploads/TSS_SAPI_v1.1_r21_Public_Review.pdf

The TCTI Specification

This specifies the transmission interfaces or how bytes get from the system api to the tpm. https://trustedcomputinggroup.org/wp-content/uploads/TSS_TCTI_v1.0_r04_Public-Review.pdf

Books

Contributing

Instructions for contributing to the project are provided in the CONTRIBUTING.md file.