首页 > 代码库 > 可信计算系列之一——ATMEL的TPM芯片AT97SC3204T及TSS栈

可信计算系列之一——ATMEL的TPM芯片AT97SC3204T及TSS栈

2024-07-08 08:31:27   230人阅读

         最近有项目需要,需要开发移动终端的安全。首先想到的是可信计算,可信计算在PC机比较流行,但是目前对可信计算的褒贬不一,这里不作评论。本文的目的是记录一下我的开发过程。

         我使用的芯片是ATMEL公司的AT97SC3204T,基于I2C总线的。从选型、硬件设计、画板、驱动、TSS栈一条龙下来,目前进展的还算顺利。

一、硬件设计和驱动

         先说一下硬件的设计,上图!        


          原理图异常简单,根据手册的要求设计即可。这里值得提一下的是,手册里要求必须上拉的引脚务必上拉,否则芯片将不能工作。我遇到的情况是由于当初手动焊接该芯片,导致一个引脚虚焊,在加载I2C驱动程序进行芯片探测的时候,一直找不到它:

               

         后来补焊之后就OK了。这里贴一下驱动加载OK之后的一些效果,具体的使用下一步再说。

         加载驱动:

[zhang@ray210 /nfs/at97sc3204t]# insmod tpm_data.ko

[zhang@ray210 /nfs/at97sc3204t]# insmod tpm_i2c_atmel.ko

tpm_i2c_atmel 0-0029: probe TPM 1.2 start.

tpm_i2c_atmel 0-0029: misc device /dev/tpm0 created.

tpm_i2c_atmel 0-0029: Issuing TPM_STARTUP OK.

tpm_i2c_atmel 0-0029: probe TPM 1.2 succeed.

            到特定的目录查看一下:
 [zhang@ray210 /sys/devices/platform/s3c2440-i2c.0/i2c-0/0-0029]# ls
active            enabled           pcrs              timeouts
cancel            misc              power             uevent
caps              modalias          pubek
driver            name              subsystem
durations         owned             temp_deactivated

       

        看一下文件内容:

[zhang@ray210 /sys/devices/platform/s3c2440-i2c.0/i2c-0/0-0029]# cat pcrs 
PCR-00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
PCR-01: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
PCR-02: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
PCR-03: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
PCR-04: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
PCR-05: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
PCR-06: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
PCR-07: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
PCR-08: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
PCR-09: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
PCR-10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
PCR-11: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
PCR-12: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
PCR-13: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
PCR-14: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
PCR-15: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
PCR-16: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
PCR-17: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 
PCR-18: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 
PCR-19: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 
PCR-20: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 
PCR-21: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 
PCR-22: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
PCR-23: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

[zhang@ray210 /sys/devices/platform/s3c2440-i2c.0/i2c-0/0-0029]# cat caps 
Manufacturer: 0x41544d4c		//ATML的ASCII码
TCG version: 1.2
Firmware version: 37.13

[zhang@ray210 /sys/devices/platform/s3c2440-i2c.0/i2c-0/0-0029]# cat pubek 
Algorithm: 00 00 00 01
Encscheme: 00 03
Sigscheme: 00 01
Parameters: 00 00 08 00 00 00 00 02 00 00 00 00
Modulus length: 256
Modulus:
AB 56 7C 0E 60 8C 5C 18 9E 90 2C 37 32 CF E3 FE 
4F A7 B5 0C 78 A1 5D A7 39 EB C0 06 87 05 DB 1F 
E4 AB 2A 9A 68 E3 5B B6 FB 27 69 5A 4B E2 90 65 
04 B2 78 CF 44 02 7C 16 4C FB F5 F0 F6 25 7D 31 
F1 2E D8 67 93 5A 48 B2 C1 4C 16 FD 97 E5 86 65 
4A 2E 07 4B 14 78 F7 66 83 66 05 B0 EA EC 1E 16 
CF F9 F9 C5 5C BC 7B 42 24 A1 A7 1B 55 D7 4B B1 
62 7F 90 88 EE FB FB 26 B1 4F 56 97 8C D0 12 05 
A6 EF 09 C9 08 10 F2 1B 65 9C F2 05 7B CC 4E 6A 
65 0C 1C E1 B5 3E 86 7D F8 0B 8B 6F E3 72 2B CB 
C9 3D F8 61 F4 83 74 B1 38 A6 CE DE 18 7F 8D C4 
8F A1 8E A6 AC 71 A4 89 60 D3 3E 5F 3D 18 5C 32 
6C 96 1D 84 8B 50 C3 5B 68 5C 16 2D 9C BB F1 79 
60 6E C9 25 AA EC 26 9E 9E D4 D6 89 F3 FF 23 AA 
75 46 3B 4A EA 1D E5 03 B9 AC 6D F8 2D 88 FF 84 
12 B8 47 CF 3A 32 C9 66 C6 E3 2C 1F 7D 30 D8 99

二、TSS栈

          这里指的是Trousers,我用的版本是0.3.11.2。Trousers是一个开源可信计算软件栈,它从下到上依次为TDDL(驱动库)、TCS(核心服务)、TSP(服务提供者),tcsd是编译完毕之后的一个用户态可执行文件,作为守护进程运行。tcsd需在系统启动初始化阶段运行,这样以后所有要操作tpm的程序都必须经过TSS栈,这也是TCG规范所规定的。TDDL负责唯一打开TPM设备,实现打开、关闭、收发指令数据、获取版本信息等,TCS提供核心服务,调用TDDL。TSP是给上层程序的接口,用户可以编写应用程序利用这些接口,实现操作TPM。

          

1)       修改一下文件

修改src/include/tcsd.h里面的宏定义为:

#defineTCSD_DEFAULT_CONFIG_FILE  "/etc/tcsd.conf"

这是默认的tcsd的配置文件,要不然默认的配置文件是编译输出的文件夹。按照下一步的做法,即是:$PWD/out/ etc/tcsd.conf。

当然,这一步不做的话也可以,使用 -c指定配置文件: tcsd -c /etc/tcsd.conf

 

2)       编译安装

[root@ubuntu:/home/zcw/tpm/trousers-0.3.11.2]# ./configure --host=arm-linux --prefix=$PWD/out LIBS=-liconv
[root@ubuntu:/home/zcw/tpm/trousers-0.3.11.2]# make
[root@ubuntu:/home/zcw/tpm/trousers-0.3.11.2]# make install
[root@ubuntu:/home/zcw/tpm/trousers-0.3.11.2]# ls out/
etc  include  lib sbin  share  var
3)       将编译出的文件拷贝到根文件系统
4)       执行tcsd可能遇到的错误:
错误1:
[zhang@ray210 /mine]# ./tcsd -f
TCSD ERROR: Group "tss" not found, please add this groupmanually.

修改/etc/group文件,里面添加一行(其中1001是PC机上模拟器的,可以尝试一下别的是否可行):
tss::1001:

错误2:
[zhang@ray210 /mine]# ./tcsd -f
TCSD ERROR: User "tss" not found, please add this usermanually.

办法,看了一下PC上的(事先在PC上安装了模拟器),修改/etc目录下的passwd,添加一行:
tss:x:999:1001::/:/bin/sh

错误3:
[zhang@ray210 /mine]# ./tcsd -f
TCSD ERROR: TCSD config file (/etc/tcsd.conf)must be user/group tss/tss

执行:
[zhang@ray210 /nfs]# chown tss /etc/tcsd.conf
[zhang@ray210 /nfs]# chgrp tss etc/tcsd.conf

错误4:
[zhang@ray210 /nfs]# ./tcsd -f
TCSD ERROR: Failed bind: Cannot assign requested address

       解决办法
[zhang@ray210 /nfs]# ifconfig lo up
       之后就成功了。
[zhang@ray210 /nfs/at97sc3204t]# tcsd -f
TCSD TDDL ioctl: (25) Inappropriate ioctl for device
TCSD TDDL Falling back to Read/Write device support.
TCSD trousers 0.3.11.2: TCSD up and running.

三、tpm-tools-1.3.8
修改:tpm_nvread.c添加下面头文件:
26 #include <sys/stat.h>
[root@ubuntu:/home/zcw/open_source_tools/tpm/tpm-tools-1.3.8]# ./configure--prefix=$PWD/out --host=arm-linux --with-openssl=/path/to/openssl/compiled_out
[root@ubuntu:/home/zcw/open_source_tools/tpm/tpm-tools-1.3.8]# make
[root@ubuntu:/home/zcw/open_source_tools/tpm/tpm-tools-1.3.8]# makeinstall
      拷贝库、可执行文件到根文件系统。

测试芯片:
[zhang@ray210 /nfs/at97sc3204t]# tpm_version 
  TPM 1.2 Version Info:
  Chip Version:        1.2.37.13
  Spec Level:          2
  Errata Revision:     2
  TPM Vendor ID:       ATML
  TPM Version:         01010000
  Manufacturer Info:   41544d4c

































        

            
                
                  
                
                

                    联系

                    我们