Hi TPM users! I reworked bsssd[*] ports as modern-improved ports. So please test attached ports. If test is ok, I'll commit these. [*] http://bsssd.sourceforge.net/download.html#id5 Ports in bsssd are following status: TrouSerS reworked, quite ok tpm_tools reworked, quite ok openssl_tpm_engine crashed on my environment, so now reworking as high priority opencryptoki reworked, quite ok Trusted GRUB not interesting, so I don't rework it TPMemulator reworked, maybe well, but not tested TPM testsuite not interesting, but I'll rework as middle priority I discussed MFC to RELENG_8 with takawata_at_, so I decided to do MFC by me. (takawata, thanks for my following-up!) Please wait a middle time:-). I tested these ports and got following results on 9-current: (installed) TrouSerS, opencryptoki and tpm_tools (started daemons) service tcsd start; service pkcsslotd start $ id nork uid=1000(nork) gid=1000(users) groups=1000(users),0(wheel),5(operator),602(_pkcs11),601(_tss) $ tpm_version TPM 1.2 Version Info: Chip Version: 1.2.3.16 Spec Level: 2 Errata Revision: 2 TPM Vendor ID: IFX Vendor Specific data: 0310000a 00 TPM Version: 01010000 Manufacturer Info: 49465800 $ tpm_getpubek Public Endorsement Key: Version: 01010000 Usage: 0x0002 (Unknown) Flags: 0x00000000 (!VOLATILE, !MIGRATABLE, !REDIRECTION) AuthUsage: 0x00 (Never) Algorithm: 0x00000020 (Unknown) Encryption Scheme: 0x00000012 (Unknown) Signature Scheme: 0x00000010 (Unknown) Public Key: baa42f29 16a038da eb41f256 d7ad3351 d324b802 d380d92a 7414102e 274331b0 abdfc8a6 b731f365 29f64975 eabaca79 8b254f66 b7496fa8 2fc580d4 6d7cfc2a : $ tpm_setpresence -a Tspi_TPM_SetStatus failed: 0x00000003 - layer=tpm, code=0003 (3), Bad Parameter Change to Physical Presence Failed $ tpm_clear -f Tspi_TPM_ClearOwner failed: 0x0000002d - layer=tpm, code=002d (45), Bad physical presence value (I did these operations on single user mode, so I initialized by BIOS instead of these). $ tpm_takeownership -y -z (no messages, ok) $ pkcsconf -s -c0 Slot #0 Info Description: FreeBSD 9.0-CURRENT FreeBSD (TPM) Manufacturer: FreeBSD 9.0-CURRENT Flags: 0x5 (TOKEN_PRESENT|HW_SLOT) Hardware Version: 0.0 $ pkcsconf -I -c0 Enter the SO PIN: ********** Enter a unique token label: IBM PKCS#11 TPM Token $ pkcsconf -t -c0 Token #0 Info: Label: IBM PKCS#11 TPM Token Manufacturer: IBM Corp. Model: TPM v1.1 Token Serial Number: 123 Flags: 0x880445 (RNG|LOGIN_REQUIRED|CLOCK_ON_TOKEN|TOKEN_INITIALIZED|USER_PIN_TO_BE_CHANGED|SO_PIN_TO_BE_CHANGED) Sessions: -1/-1 R/W Sessions: -1/-1 PIN Length: 6-127 Public Memory: 0xFFFFFFFF/0xFFFFFFFF Private Memory: 0xFFFFFFFF/0xFFFFFFFF Hardware Version: 1.0 Firmware Version: 1.0 Time: 02:13:50 $ tpmtoken_init -k "IBM PKCS#11 TPM Token" Warning: The TPM token has already been initialized. Reinitializing the TPM token will cause all TPM token data to be lost. Clear the TPM token data? [y/N]: y Enter the TPM security officer password: ********** A new TPM security officer password is needed. The password must be between 6 and 127 characters in length. Enter new password: ********** Confirm password: ********** C_SetPIN failed: 0x00000006 (6) (Hum.......) $ ssh -vv -Ilibopencryptoki.so localhost OpenSSH_5.5p1 FreeBSD-20100428, OpenSSL 0.9.8n 24 Mar 2010 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * : debug1: manufacturerID <IBM> cryptokiVersion 2.11 libraryDescription <Meta PKCS11 LIBRARY> libraryVersion 2.3 debug1: label <IBM PKCS#11 TPM Token> manufacturerID <IBM Corp.> model <TPM v1.1 Token> serial <123> flags 0x880445 debug1: label <IBM OS PKCS#11> manufacturerID <IBM Corp.> model <IBM SoftTok> serial <123> flags 0x880045 no keys : I want to use on ssh, wpa_spplicant, SSL and firefox. But I don't know how to. There are few tutorials to do my hope:-(. Please teach me TPM related 'can do'! SEE ALSO: http://www.ibm.com/developerworks/linux/library/s-pkcs/ http://www.osxbook.com/book/bonus/chapter10/tpm/ http://blog.4zal.net/2009/06/12/kryptografia-trusted-platform-module-i-ubuntu/ http://infond.blogspot.com/2010/03/trusted-platforms-module-tpm-openssl.html http://infond.blogspot.com/2010/04/tutorial-mutual-authentication-trusted.html Thank you. -- Norikatsu Shigemura <nork_at_FreeBSD.org>
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:40:08 UTC