Skip to content
Stefan Berger edited this page Jul 23, 2020 · 51 revisions

Welcome to the libtpms wiki!

Build Status Coverity Scan Build Status Coverage Status CII Best Practices

Libtpms provides TPM emulation for TPM 1.2 and TPM 2.0 without tying it to a specific storage backend or an interface for receiving TPM commands. One user of libtpms is swtpm.

One of the challenges of the TPM 2 support is the support of the state file and its format. The TPM 2 state file must be readable by libtpms of the same or a more recent version. In other words, the state must be usable after upgrades of the TPM 2 code. Since this is a non-trivial thing, libtpms will only support those TPM 2 configurations, which ultimately are reflected in the state libtpms writes out, maintained as part of this project. Backporting of patches that influence the state format (enablement of algorithms, enablement of commands) is therefore also not supported. This is also implies that you should not use libtpms's TPM 2 support and have it create the NVChip file from the original TPM 2 code. The NVChip file's format may change and compatibility of that state file will not be looked at at all (see the TPMLIB_RegisterCallbacks man page).

Mailing lists

For announcements of libtpms releases and security issues, please subscribe to the libtpms-announce mailing list here.

Contributing

Bug fixes are always welcome but talk to me before trying to contribute something major. This library is limited in scope in so far as it will only provide TPM 1.2 and TPM 2.0 functionality and therefore will primarily follow the developments of the TPM 2.0 code these days.

If you found a bug and you don't want to open an issue on github, please drop me an email (stefanb at linux.ibm.com)

Every patch must have a Signed-off-by.

Compile and install on Linux

# Install dependencies
sudo dnf builddep dist/libtpms.spec
./autogen.sh --with-openssl --prefix=/usr --with-tpm2
make -j4
make check
sudo make install

Build a 32bit version on x86_64 Linux (for testing)

CFLAGS="-m32" ./autogen.sh --with-openssl --prefix=/usr --with-tpm2 --libdir=/lib
make clean
make -j4
make check
sudo make install

Compile and install on Cygwin

./autogen.sh --with-openssl --prefix=/usr --with-tpm2
make -j4
make check
make install

Compile and install on OpenBSD

./autogen.sh --with-openssl --prefix=/usr --with-tpm2
gmake -j 4
gmake check
sudo gmake install

Compile and install on OS/X

LDFLAGS="-L/usr/local/opt/openssl/lib" CFLAGS="-I/usr/local/opt/openssl/include" CC=gcc ./autogen.sh --with-openssl --prefix=/Users/adminuser/ --with-tpm2
make -j4
make check
sudo make install

Build a package on Ubuntu

sudo apt-get -y install automake autoconf libtool gcc build-essential libssl-dev dh-exec pkg-config
./autogen.sh --with-openssl
make dist
dpkg-buildpackage -us -uc -j4
# Install the library and development packages
cd ..
sudo dpkg -i libtpms_0.x.y-z..._amd64.deb libtpms-dev_0.x.y-z..._amd64.deb

Build a package on Debian

sudo apt-get -y install automake autoconf libtool gcc build-essential libssl-dev dh-exec pkg-config gawk
./autogen.sh --with-openssl
sudo make dist
mv debian/source debian/source.old
dpkg-buildpackage -us -uc -j4
cd ..
sudo dpkg -i libtpms0_0*_amd64.deb libtpms-dev_0*_amd64.deb

Compile and install on OpenSUSE (Tumbleweed)

sudo zypper install -y automake autoconf libtool gcc gcc-c++ make openssl-devel pkg-config
./autogen.sh --prefix=/usr --libdir=/lib64 --with-openssl --with-tpm2
make -j4
make check
sudo make install