I am looking to import a premade 128 bit key into a TPM with the intention of using it for the tpm2_hmac function. I think the tpm2_import command is what I am looking for, but I am having trouble getting it working. The tpm2_import spec sheet has an example to follow but it failed for me. Any help would be greatly appreciated.
The commands I tried to run:
sudo tpm2_createprimary -Grsa2048:aes128cfb -C o -P <password> -o parent.ctx
sudo dd if=/dev/urandom of=rand.key bs=1 count=16
sudo tpm2_import -C parent.ctx -G aes128cfb -i rand.key
The output from running tpm2_import:
ERROR: Unsupported key type
note: also tried " sudo tpm2_import -C parent.ctx -G aes128cfb -i rand.key -u key.pub -r key.priv " which returns the same error.
TPM: infineon optiga SLB 9670 tpm2.0 iridium board
PC: raspberry pi 3
OS: raspbian "buster "
Thank you for your time,
Is there a way to read the TCG event log in the booted OS on an EFI Linux
I am trying to confirm some behavior I am seeing between different vendors'
implementations and how they are handling ExitBootServices().
TPM2 TSS Python Bindings: Update, Request for Naming Ideas, Further Abstraction?
We've switched over to using swig (a move that it sounds like @AndreasFuchsSIT
and @tstruk had discussed, and @tstruk implemented). We've successfully packaged
it into a setuptools package which we can upload to PyPi (Pythons package
TODO's are still the same as they were, packaging was hard. It sounds like we'll
be releasing this as a separate repo (tpm2-software/tpm2-pyesys or something,
I'd like to get ideas and votes on names (below).
We've re-used the CI setup from the tools repo, aka the docker setup. My plan
now is to start re-writing some of the integration tests that are present in the
TSS repo using the Python bindings.
Since we're releasing this as a separate repo the name has to get cleared by our
legal dept. and we have to go through some other internal processes. So code
might not be in the open for a bit. But I'll keep you all up to date as things
- Add Support for TCTIs (via a libtss2-tcti or libpytpm2tss, depending on
what comes first)
- Add documentation
- Add more integration and/or unit testing
- Code review
Options so far (please add suggestions if you have any):
We need to decide if we want to provide a straight wrapper or abstract into a
more pythonic interface (similar to what @AndreasFuchsSIT did with his classes
in PR 1248: https://github.com/tpm2-software/tpm2-tss/blob/1af543f2cc1ba44af66a6279ec...).
So, should the API be a 1:1 mapping to the ESYS API in TSS or should we provide
a layer of abstraction above that. We could of course do this after the initial
release of the Python bindings, but we need to decide if we want to, and then
when we want to time wise. As that will obviously take more time to implement,
validate, and agree upon.
When I try to load keys,the files are getting stored as .pub and .priv. Why
is the private key getting stored in the disk?Even after I load the files
also remains in the disk. The TPM is supposed to store it in the chip
itself as far as I understand it.
Thanks and regards
I tried generating a key using tpm2tss-genkey under owner authority. But
the key generated is written to the disk.I want to load the key to the
tpm.I used tpm2_createprimary and tpm2_load commands as well.How do I
verify if I have successfully loaded the key into the TPM and store it
there?I need help since I'm a beginner.
Thanks and regards
My TPM 2.0 got locked out.It is interfaced in Linux environment.I forgot
the password of owner,endorsement and lockout. Im a beginner and got stuck
here.Is there any way to clear TPM without knowing the password?
Waiting for reply,
Thanks and regards.