This post will show you how to clear the compliance keys from your TPM and create a new and unique Endorsement Key. If you bought the CryptoCape v02, which is the current revision as of this writing, you’ll want to perform these actions. Otherwise, the keys on your TPM are set to “well-known” test keys.
Installing the TPM packages
Under Debian, the TrouSerS (from now on just “trousers”) package provides the software to interface to your TPM. While you are installing trousers, go ahead and install some other TPM related software that will come in handy later on. You’ll want to run this command with the CryptoCape attached and after a reboot. If the TPM kernel driver isn’t loaded when you install trousers,
apt will grumble at you since it tries to start the TPM daemon and it will fail.
sudo apt-get install trousers tpm-tools libtspi-dev opencryptoki
If you have already taken ownership of your TPM, the following status registers should indicate this:
cat /sys/class/misc/tpm0/device/enabled 1 cat /sys/class/misc/tpm0/device/owned 1
Understanding compliance mode
This is the state in which you want your TPM. The issue is, the TPMs as shipped from SparkFun, are in compliance mode. Compliance mode means that the Endorsement Key, the root key on the TPM, is a well-known value. This is extremely useful in testing to validate that the TPM meets the specification, hence the “compliance” moniker. This is not so useful if you want to store unique secrets on the TPM.
TPMs have different order codes from distributors and the one I chose for the CryptoCape means that the TPM ships in compliance mode. I didn’t realize this until some engineers at Atmel pointed it out to me (thank you!). Fortunately, it is relatively easily fixed.
More information about compliance mode can be found in Trusted Platform Module Basics over at Google Books.
Clearing the TPM and creating a new EK
The general procedure is as follows: we must clear the TPM of the compliance vectors, enable the TPM, activate the TPM, reboot, and then create a new, random EK. The benefit of this procedure is that your EK will be unique and not known to Atmel, SparkFun, or me. If I had a better marketing department, I would have said that I meant to do this 🙂
Let’s get started. With the CryptoCape attached and tcsd running, which you can verify with
pgrep tcsd, switch over to root with
Then clear the TPM. You’ll be prompted to enter your owner password. I like running these commands with the
-l debug option so I can see what’s going on:
$ tpm_clear -l debug Tspi_Context_Create success Tspi_Context_Connect success Tspi_Context_GetTpmObject success Enter owner password: Tspi_GetPolicyObject success Tspi_Policy_SetSecret success Tspi_TPM_ClearOwner success tpm_clear succeeded TPM Successfuly Cleared. You need to reboot to complete this operation. After reboot the TPM will be in the default state: unowned, disabled and inactive. Tspi_Context_FreeMemory success Tspi_Context_Close success
Then reboot. On the CryptoCape, the TPM reset line is tied to the BeagleBone reset line, but I always do a full
sudo halt and re-power the board.
After you power on, if you
dmesg | tpm you should see the following, which confirms the TPM is cleared.
[ 5.143291] tpm_i2c_atmel 1-0029: Issuing TPM_STARTUP [ 5.680399] tpm_i2c_atmel 1-0029: TPM is disabled/deactivated (0x6)
Setting physical presence
Now for the tricky part. To enable and activate the TPM we must prove to the TPM that we are physically at the device, known as physical presence. If you follow the trousers rules, the way to do this is to boot in single user mode, which disables network access, and issue the commands. Booting in single user mode on the BBB is a pain. It requires modifying uBoot parameters and then connecting to the BBB over serial. With a cape attached, getting access to the serial debug header is very awkward.
gcc tpm_assertpp.c -o tpm_assertpp
Kill tcsd, as it is monopolizing access to the TPM at the moment:
sudo pkill tcsd
Run the physical presence command:
sudo ./tpm_assertpp Physical presence asserted.
Enabling and activating the TPM
Now we are ready to enable and activate the TPM. Run as root the following commands:
$ tpm_setenable -e -f -l debug Tspi_Context_Create success Tspi_Context_Connect success Tspi_Context_GetTpmObject success Tspi_TPM_SetStatus success tpm_setenable succeeded Tspi_Context_FreeMemory success Tspi_Context_Close success
tpm_setactive -a -l debug Tspi_Context_Create success Tspi_Context_Connect success Tspi_Context_GetTpmObject success Tspi_TPM_SetStatus success Action requires a reboot to take effect tpm_setactive succeeded Tspi_Context_FreeMemory success Tspi_Context_Close success
Power down the board and bring it back up one last time.
Creating a new EK
Now you should be able to create a new EK with
tpm_createek.1 After that, take ownership again with:
tpm_takeownership -z -l debug
You’ll be prompted for a new owner password. To confirm you have real EK on the TPM, run tpm_getpubek. If it starts with
0xab567c0e than you still have the compliance vector loaded and something went wrong. Otherwise, you now have a unique EK.
Using the TPM
In a following post, I’ll show how to use the TPM’s random number generator and use it to protect SSH client keys.