9esec-security-tooling/cmd/txt-prov
Dmitrii Okunev e2a02949f4 Switch pkg/intel to fiano's version 2022-01-14 12:41:27 +00:00
..
README.md Fix a README.md typo 2021-03-29 10:48:37 +02:00
cmd.go Remove hwapi package 2021-08-13 09:05:17 +02:00
config.go Make error msgs more go style by uncapitalize them 2021-08-11 11:55:47 +02:00
lcp.json Fix provisioning tooling 2020-09-03 17:17:19 +02:00
main.go Switch pkg/intel to fiano's version 2022-01-14 12:41:27 +00:00
tools.go Remove hwapi package 2021-08-13 09:05:17 +02:00

README.md

Intel TXT Provisioning

This Golang utility provisions the Trusted Platform Module on a Intel TXT capable machine.

Prerequisites for Usage

Supported OS: Any Linux distribution

Hardware Config: Unprovisionend Trusted Platform Module

How to Compile

Get Golang >=1.11 and export:

export GO111MODULE=on

or set it in front of every go command. This environment variable activates modules for GO 1.11

To download all dependencies run:

<GO111MODULE=on> go mod download

Verify all downloaded dependencies run:

<GO111MODULE=on> go mod verify

To build the test suite run:

<GO111MODULE=on> go build -o txt-prov cmd/txt-prov/*.go

Create a configuration file:

Please get necessary information out of the Intel TXT documents/provisioning tools.

lcp.json

{
    "Version": "0x300",
    "HashAlg": "SHA256",
    "PolicyType": "Any",
    "SINITMinVersion":"0",
    "MaxSINITMinVersion": "ff",
    "PolicyControl":"",
    "LcpHashAlgMask":"SHA256",
    "LcpSignAlgMask": "RSA2048SHA256"
}

Run it as root:

./txt-prov -config lcp.json -prov

Commandline subcommands

Usage of ./txt-prov:
  aux-define
      Define AUX index if not exists in TPM NVRAM
  aux-delete
      Delete AUX index if exists in TPM NVRAM
  ps-define
      Define PS index if not exists in TPM NVRAM
  ps-delete
      Delete PS index if exists in TPM NVRAM
  platform-prov
      Provision PS & AUX index with LCP config
  ps-update
      Update PS index content in TPM NVRAM
  show
      Shows current provisioned PS & AUX index in NVRAM on stdout
  version    
      Shows version and license information

Further information are available via:

./txt-prov <subcommand> -h

Showing the NVRAM indices and LCP policy

NV index overview

PS NV index
   Index: 0x1c10103
   Attributes: PlatformCreate + PolicyWrite + PolicyDelete + AuthRead + No Do + Writte
   Size: 70
   AuthPolicy: 0x85b1cdcf3bb7205b0c9375f68f448b76411d3091199ced7fca5093ec76a2b6bd

AUX NV index
   Index: 0x1c10102
   Attributes: No Do + AuthRead + Writte + WriteSTClear + PlatformCreate + PolicyWrite + PolicyDelete
   Size: 104
   AuthPolicy: 0xef9a26fc22d1ae8cecff59e9481ac1ec533dbe228bec6d17930f4cb2cc5b9724

PS index LCP Policy
   Version: 0x300
   HashAlg: SHA256
   PolicyType: Any
   SINITMinVersion: 0
   DataRevocationCounters:
   PolicyControl:
   MaxSINITMinVersion: ff
   LcpHashAlgMask: SHA256
   LcpSignAlgMask: RSA2048SHA256
   PolicyHash: [0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31]