180104TPM2.0的查看與使用

系統環境：16.04 LTS ，內核版本：4.14.0-041400-generic
硬件環境：

含有TPM2.0的聯想YOGA系列電腦

shm@Lenovo:~$ sudo su
root@Lenovo:/home/shm# apt-get install tpm2-tools
正在讀取軟件包列表... 完成
正在分析軟件包的依賴關系樹       
正在讀取狀態信息... 完成       
將會同時安裝下列軟件：
  libtss2-0 libtss2-utils
下列【新】軟件包將被安裝：
  libtss2-0 libtss2-utils tpm2-tools
升級了 0 個軟件包，新安裝了 3 個軟件包，要卸載 0 個軟件包，有 208 個軟件包未被升級。
需要下載 150 kB 的歸檔。
解壓縮后會消耗 1,230 kB 的額外空間。
您希望繼續執行嗎？ [Y/n] y
獲取:1 http://mirrors.aliyun.com/ubuntu xenial/universe amd64 libtss2-0 amd64 0.98+20160226.d4f23cc-0ubuntu2 [40.1 kB]
獲取:2 http://mirrors.aliyun.com/ubuntu xenial/universe amd64 libtss2-utils amd64 0.98+20160226.d4f23cc-0ubuntu2 [19.6 kB]
獲取:3 http://mirrors.aliyun.com/ubuntu xenial/universe amd64 tpm2-tools amd64 1.0.0+20160226.64b3334-0ubuntu2 [90.0 kB]
已下載 150 kB，耗時 1秒 (120 kB/s)   
正在選中未選擇的軟件包 libtss2-0。
(正在讀取數據庫 ... 系統當前共安裝有 348972 個文件和目錄。)
正准備解包 .../libtss2-0_0.98+20160226.d4f23cc-0ubuntu2_amd64.deb  ...
正在解包 libtss2-0 (0.98+20160226.d4f23cc-0ubuntu2) ...
正在選中未選擇的軟件包 libtss2-utils。
正准備解包 .../libtss2-utils_0.98+20160226.d4f23cc-0ubuntu2_amd64.deb  ...
正在解包 libtss2-utils (0.98+20160226.d4f23cc-0ubuntu2) ...
正在選中未選擇的軟件包 tpm2-tools。
正准備解包 .../tpm2-tools_1.0.0+20160226.64b3334-0ubuntu2_amd64.deb  ...
正在解包 tpm2-tools (1.0.0+20160226.64b3334-0ubuntu2) ...
正在處理用於 libc-bin (2.23-0ubuntu9) 的觸發器 ...
正在設置 libtss2-0 (0.98+20160226.d4f23cc-0ubuntu2) ...
正在設置 libtss2-utils (0.98+20160226.d4f23cc-0ubuntu2) ...
tpm2-resourcemgr.service is a disabled or a static unit, not starting it.
正在設置 tpm2-tools (1.0.0+20160226.64b3334-0ubuntu2) ...
正在處理用於 libc-bin (2.23-0ubuntu9) 的觸發器 ...
root@Lenovo:/home/shm# systemctl start tpm2-resourcemgr
root@Lenovo:/home/shm# tpm2_listpcrs

Show all PCR banks:

Bank/Algorithm: TPM_ALG_SHA1(0x0004)
PCR_00: 1a ae 4f 1c b5 4d 59 f2 dc 9b a2 09 e6 0a 49 72 bf 4e 8a 90
PCR_01: e1 50 53 4c fd 7f 1f 93 be ee 37 e7 b0 05 ea ba e5 f2 d6 99
PCR_02: b2 a8 3b 0e bf 2f 83 74 29 9a 5b 2b df c3 1e a9 55 ad 72 36
PCR_03: b2 a8 3b 0e bf 2f 83 74 29 9a 5b 2b df c3 1e a9 55 ad 72 36
PCR_04: 52 78 bd 4b 22 54 4e df 47 0f 07 4e ac b3 d3 60 30 19 da 22
PCR_05: 46 4d 88 ce 4f 10 b8 4b fd cd 25 d6 3c da 9c 7f c9 53 28 2d
PCR_06: b2 a8 3b 0e bf 2f 83 74 29 9a 5b 2b df c3 1e a9 55 ad 72 36
PCR_07: 58 47 eb 8d 2f b8 01 17 c4 80 e3 df 5a d0 3d c2 3d 2c 61 3a
PCR_08: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR_09: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR_10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR_11: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR_12: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR_13: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR_14: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR_15: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR_16: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR_17: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
PCR_18: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
PCR_19: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
PCR_20: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
PCR_21: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
PCR_22: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
PCR_23: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Bank/Algorithm: TPM_ALG_SHA256(0x000b)
PCR_00:
PCR_01:
PCR_02:
PCR_03:
PCR_04:
PCR_05:
PCR_06:
PCR_07:
PCR_08:
PCR_09:
PCR_10:
PCR_11:
PCR_12:
PCR_13:
PCR_14:
PCR_15:
PCR_16:
PCR_17:
PCR_18:
PCR_19:
PCR_20:
PCR_21:
PCR_22:
PCR_23:

Bank/Algorithm: TPM_ALG_SHA384(0x000c)
This bank can not be read, tpm error 0x1c3


Bank/Algorithm: TPM_ALG_SHA512(0x000d)
This bank can not be read, tpm error 0x1c3


Bank/Algorithm: TPM_ALG_SM3_256(0x0012)
This bank can not be read, tpm error 0x1c3

root@Lenovo:/home/shm# 

需要了解和學習 tpm1.2和TPM2.0的區別，包括命令的使用

root@Lenovo:/home/shm# tpm2_getpubek 
tpm2_getpubek, version 1.0.0
Usage: tpm2_getpubek [-h/--help]
   or: tpm2_getpubek [-v/--version]
   or: tpm2_getpubek [-e/--endorsePasswd <password>] [-o/--ownerPasswd <password>] [-P/--ekPasswd <password>]
                     [-H/--handle <hexHandle>] [-g/--alg <hexAlg>] [-f/--file <outputFile>]
   or: tpm2_getpubek [-e/--endorsePasswd <password>] [-o/--ownerPasswd <password>] [-P/--ekPasswd <password>]
                     [-H/--handle <hexHandle>] [-g/--alg <hexAlg>] [-f/--file <outputFile>]
                     [-i/--ip <ipAddress>] [-p/--port <port>] [-d/--dbg <dbgLevel>]

where:

   -h/--help                       display this help and exit.
   -v/--version                    display version information and exit.
   -e/--endorsePasswd <password>   specifies current endorse password (string,optional,default:NULL).
   -o/--ownerPasswd   <password>   specifies current owner password (string,optional,default:NULL).
   -P/--ekPasswd      <password>   specifies the EK password when created (string,optional,default:NULL).
   -H/--handle        <hexHandle>  specifies the handle used to make EK persistent (hex).
   -g/--alg           <hexAlg>     specifies the algorithm type of EK (default:0x01/TPM_ALG_RSA).
   -f/--file          <outputFile> specifies the file used to save the public portion of EK.
   -p/--port          <port>       specifies the port number (optional,default:2323).
   -d/--dbg           <dbgLevel>   specifies level of debug messages(optional,default:0):
                                     0 (high level test results)
                                     1 (test app send/receive byte streams)
                                     2 (resource manager send/receive byte streams)
                                     3 (resource manager tables)

example:
   tpm2_getpubek -e abc123 -o abc123 -P passwd -H 0x81010001 -g 0x01 -f ek.pub
root@Lenovo:/home/shm# 

 未完待續........