Home - liuqun/tpm2-pk11 GitHub Wiki
sudo apt-get install -y snapcraft
git clone https://github.com/liuqun/tpm2-pk11
cd tpm2-pk11
snapcraft
snap try --devmode
snap list
# Copy libsapi*.so libtcti-*.so libmarsh.so
sudo cp -d prime/lib/lib* /usr/local/lib
# Copy and configure tpm2-abrmd daemon service
sudo cp prime/sbin/tpm2-abrmd /usr/local/sbin/
sudo cp prime/etc/dbus-1/system.d/tpm2-abrmd.conf /etc/dbus-1/system.d/tpm2-abrmd.conf
sudo cp prime/lib/systemd/system/tpm2-abrmd.service /lib/systemd/system/tpm2-abrmd.service
sudo ln -s /lib/systemd/system/tpm2-abrmd.service /etc/systemd/system/multi-user.target.wants/tpm2-abrmd.service
Description=TPM2 Access Broker and Resource Management Daemon
[Service]
Type=dbus
Restart=always
RestartSec=5
EnvironmentFile=-/etc/default/tpm2-abrmd
BusName=com.intel.tss2.Tabrmd
StandardOutput=syslog
ExecStart=/usr/local/sbin/tpm2-abrmd -t device -d /dev/tpm0 --allow-root
User=root
[Install]
WantedBy=multi-user.target
Why:
-
ExecStart=/usr/local/sbin/tpm2-abrmd -t device -d /dev/tpm0 --allow-root
Configure whether we are using a hardware chip or a software simulator. -
User=root
Configure whether the daemon should be run as root administrator, or you must create a user called "tss".
See the example from: https://github.com/intel/tpm2-abrmd/blob/master/INSTALL.md
sudo useradd --system --user-group tss
Copy libtpm2-pk11.so to one of the standard lib path: "/lib", "/usr/lib" or "/usr/local/lib"
sudo cp prime/lib/libtpm2-pk11.so /usr/local/lib
sudo ldconfig
mkdir -p ~/.tpm2
cp config.sample ~/.tpm2/config
sudo cp sudo cp prime/bin/tpm2_* /usr/local/bin/
tpm2_createprimary -A e -g 0x000b -G 0x0001 -C po.ctx
tpm2_create -c po.ctx -g 0x000b -G 0x0001 -o key.pub -O key.priv
tpm2_load -c po.ctx -u key.pub -r key.priv -n key.name -C obj.ctx
tpm2_evictcontrol -A o -c obj.ctx -S 0x81010010
rm key.name *.ctx
ssh-keygen -D libtpm2-pk11.so >> ~/.ssh/authorized_keys
ssh -I libtpm2-pk11.so localhost