-
Notifications
You must be signed in to change notification settings - Fork 13
/
README
216 lines (154 loc) · 6.13 KB
/
README
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
Linux Specific build notes
--------------------------
Written by Ken Goldman
IBM Thomas J. Watson Research Center
Prior to the autotools support, most users began by untarring the
tarball or cloning the git repo, and then executing 'make' or 'make -f
<makefile>' in the utils and utils12 directories. For autotools and the
existing makefiles to co-exist, the existing "makefile" was renamed to
"makefiletpmc".
$ cd utils
$ make -f makefiletpmc
$ cd utils12
$ make -f makefiletpmc
This builds a TSS
- with TPM 2.0 and TPM 1.2 support,
- connecting to a TPM 2.0 SW TPM,
- with TSS state files in cwd,
- with tracing support,
- and with elliptic curve support.
Refer to the "Advanced options", below, for additional compiler options.
Autotools - Linux
---------
On Linux (and probably other Unix systems), open source projects expect that
the normal shell command 'autoreconf -i && ./configure && make && make install'
should configure and build the package.
If --prefix is omitted, the default /usr/local is used.
The LD_LIBRARY_PATH environment variable must be set to the path
(either the default or a user specified path). E.g.,
export LD_LIBRARY_PATH=/usr/local/lib
Example 1: To configure the TSS library to use the software TPM, build and
install the package in ${HOME}/local/bin and ${HOME}/local/lib directories
execute the following shell commands:
$ autoreconf -i
$ ./configure --prefix=${HOME}/local --disable-hwtpm
$ make clean
$ make
$ make install
An initial set of the most common TSS "./configure" options are defined
to enable/disable different features.
--disable-tpm-2.0 - include only TPM 1.2 support
--disable-tpm-1.2 - include only TPM 2.0 support
--disable-hwtpm - don't use the hardware TPM, use a software one instead
--disable-rmtpm - when using a hardware TPM, don't use the resource manager
--enable-noprint - build a TSS library without tracing or prints
--enable-nofile - build a TSS library that does not use files to preserve state
(dependency on --disable-tpm-1.2)
The utilities (not the TSS library) require file support.
--enable-nocrypto - build a TSS library that does not require a crypto library
(dependency on "--enable-nofile")
--enable-noecc - build a TSS library that does not require OpenSSL elliptic curve support
--enable-debug - build a TSS library used for debugging.
--enable-nodeprecatedalgs - build a TSS library without SHA-1 support
Example 2: To configure the TSS library to use the hardware TPM, build and
install the package in the default /usr/local directories requires root
privileges. Executing the following shell commands will make and install the
package in the default directories.
$ autoreconf -i
$ ./configure
$ make clean
$ make
$ sudo make install
Other TSS features can be modified by specifying them directly as CFLAGS
"./configure" options.
CFLAGS='<options>'
options:
-O0 - change compiler optimization (default: 02)
-DTPM_DEVICE_DEFAULT="\"/dev/tpmrm0\"" - change hardware TPM (default: /dev/tpm0)
-DTPM_DATA_DIR_DEFAULT="\"<pathname>\"" - specify directory for TSS state files
-DTPM_TRACE_LEVEL_DEFAULT="\"<level>\"" - change level of tracing (default: 0)
0 - no tracing
1 - trace errors
2 - trace errors and execution flow
Example 3: To install the package in ${HOME}/local/bin and ${HOME}/local/lib
directories, compile for the gdb debugger, and connect by default to a socket
simulator TPM at command port 3333, execute the following shell commands:
$ autoreconf -i
$ ./configure --prefix=${HOME}/local --enable-debug --disable-hwtpm \
CFLAGS='-DTPM_INTERFACE_TYPE_DEFAULT="\"socsim\"" -DTPM_COMMAND_PORT_DEFAULT="\"3333\""'
$ make clean
$ make
$ make install
The TPM utility binaries are stored in utils/.lib and utils12/.lib directories
of the source directory.[1] To debug using these binaries in the source tree,
use either the binary stored in .lib or the libtool command.
$ libtool --mode=execute gdb <.lib/utility>
[1] For an explanation, refer to the GNU documentation
https://www.gnu.org/software/libtool/manual/libtool.html#Debugging-executables.
Mac Build - Mac
---------
These are two sets of contributed instructions for a Mac autotools
build. There is also a contributed utils/makefile.mac.
brew install openssl
brew install gawk
brew install automake
brew install autconf
brew install libtool
brew link libtool
brew install pkg-config
1)
PATH=/usr/local/Cellar/openssl\@1.1/1.1.1h/bin/:$PATH
PATH=/usr/local/Cellar/gawk/5.1.0/bin/:$PATH
LD_LIBRARY_PATH=/usr/local/Cellar/openssl\@1.1/1.1.1h
autoreconf -i
./configure \
CPPFLAGS="-I/usr/local/Cellar/[email protected]/1.1.1h/include -DTPM_POSIX" \
LDFLAGS=-L/usr/local/Cellar/[email protected]/1.1.1h/lib \
PKG_CONFIG_PATH=/usr/local/Cellar/[email protected]/1.1.1h/lib/pkgconfig
make clean
make
sudo make install
2)
autoreconf -i
./configure \
CPPFLAGS="-I/usr/local/opt/openssl/include -DTPM_POSIX" \
LDFLAGS=-L/usr/local/opt/openssl/lib \
PKG_CONFIG_PATH=/usr/local/opt/openssl/lib/pkgconfig
make clean
make
sudo make install
Advanced options
----------------
For all options and details, see the documentation in ibmtss.docx or
ibmtss.html.
Some of the more common options are below.
1-3 can also be specified in an environment variable or at run time.
4-8, which are used to reduce the size of the library, must be
specified at compile time.
1) To default to a hardware TPM (rather than the SW TPM)
Add to CCLFLAGS:
-DTPM_INTERFACE_TYPE_DEFAULT="\"dev\""
2) To default to /dev/tpmrm0 (rather than /dev/tpm0)
Add to CCLFLAGS:
-DTPM_DEVICE_DEFAULT="\"/dev/tpm0\""
3) To default to a different directory for TSS state files (rather
than cwd)
Add to CCLFLAGS:
-DTPM_DATA_DIR_DEFAULT="\"directory\""
4) To remove TPM 1.2 support
Delete from CCLFLAGS and CCAFLAGS
-DTPM_TPM12
5) To remove the requirement for a filesystem (see documentation for
limitations)
Add to CCFLAGS
-DTPM_TSS_NOFILE
6) To remove the requirement for crypto (see documentation for
limitations)
Add to CCFLAGS
-DTPM_TSS_NOCRYPTO
7) To remove print tracing support
Add to CCFLAGS
-DTPM_TSS_NO_PRINT
8) To remove elliptic curve dependencies
Add to CCFLAGS
-DTPM_TSS_NOECC