Overview

File trousers_0.2.9-tpm_1.2_dual_v20070206_tpm1.2-readme.txt of Package trousers

Infineon TPM 1.2 Patch for TrouSerS 0.2.9 
-----------------------------------------


Version:
---------

v20070206
filename: trousers_0.2.9-tpm_1.2_dual_v20060206.patch


Disclaimer:
-----------

This patch is EXPERIMENTAL software!
It is provided "as is" and WITHOUT ANY WARRANTY.
Please be aware that no guarantees regarding correctness or completeness can be made.


Purpose:
--------

This patch is intended to make the TrouSerS TSS (which currently only supports v 1.1b TPMs)
run on Infineon 1.2 TPMs (SLB 9635 TT 1.2). TPM Spec. 1.2 deprecates numerous commands which
therefore are no longer implemented in Infineon 1.2 TPMs. To make TrouSerS work on such 
TPMs, some functions have to be modified.
A TrouSerS TSS with this patch might also work on other 1.2 TPMs but that has not been tested.


What was patched?
-----------------

- TPM_ORD_LoadKey was replaced by TPM_ORD_LoadKey2
- the keyslot is no longer part of the authorization of the LoadKey2 command
- TPM_ORD_EvictKey was replaced by TPM_ORD_FlushSpecific / TPM_ORD_EvictKey
- TPM_ORD_OwnerReadPubek was replaced by TPM_ORD_OwnerReaderInternalPub + TPM_KH_EK
- TPM_Seal has been changed to pass an instance of TPM_PCR_INFO_LONG instead of TPM_PCR_INFO to the TPM


Who can use this patch?
-----------------------

The patch detects the version of the system's TPM at runtime. That means that a patched
TrouSerS can be used on systems with 1.1 TPMs as well as on systems with Infineon 1.2 TPMs.
Additionally, the patch contains a workaround to function properly also on the TPM emulator
from ETH Zuerich (it claims to be a 1.2 TPM but does not correctly implement the LoadKey2
command).


What should work and what does not?
-----------------------------------

The following functionality should work:

- taking TPM ownership
- key creation and loading
- setting object policies
- extending and reading PCRs
- reading the event log
- TPM quote
- reading the public EK
- AIK creation cycle
- sealing and unsealing data

All JUnit tests shipped with the jTSS Wrapper 0.2.5 should work with TrouSerS 0.2.9
on Infineon 1.2 TPMs if this patch has been applied.
This, however, is no guarantee that this patch covers all aspects where 1.1 TPMs might differ
from 1.2 TPMs.


Applying the Patch:
-------------------

- step1: download TrouSerS 0.2.9 and unpack it.

- step2: copy the patch into the TrouSerS 0.2.9 folder.

- step3: apply the patch:

$ patch -p0 < trousers_0.2.9-tpm_1.2_dual_v20070206.patch
patching file ./src/include/obj.h
patching file ./src/include/spi_utils.h
patching file ./src/include/trousers_types.h
patching file ./src/include/tss/tcpa_defines.h
patching file ./src/tcs/tcskcm.c
patching file ./src/tcs/tcspbg.c
patching file ./src/tcs/tcs_utils.c
patching file ./src/tcsd/svrside.c
patching file ./src/tspi/obj_context.c
patching file ./src/tspi/spi_context.c
patching file ./src/tspi/spi_data.c
patching file ./src/tspi/spi_key.c
patching file ./src/tspi/spi_tpm.c
patching file ./src/tspi/spi_utils.c

- step 4: configure and build TrouSerS as usual

Note: If you do not need the popup functionality of the TSS (TSS_SECRET_MODE_POPUP), you can
use the configure option "--with-gui=none". This way, TrouSerS does not depend on GTK which
might be useful in resource-constrained environments.


Contact:
--------

Thomas Winkler <thomas.winkler@iaik.tugraz.at>
IAIK, Graz University of Technology, Austria
openSUSE Build Service is sponsored by
Places