Ubuntu
tpm2-tools package

[FFE] Sync tpm2-tools from Debian unstable

Bug #1667502 reported by Mathieu Trudel-Lapierre
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
tpm2-tools (Ubuntu)
Fix Released
Undecided
Unassigned

Bug Description

We should sync the new tpm2-tools package from Debian unstable (it has now landed in Debian).

TPM2-tools is the source package for a set of utilities used to handle TPM2 devices -- the new format / specification for TPM chips. These TPM chips are only available in newer hardware.

TPM2 software is not currently integrated in any flavor/ any release. Given that they are leaf packages, I foresee no issues with syncing the packages.

tpm2-tools builds correctly for all architectures:
https://launchpad.net/~cyphermox/+archive/ubuntu/ppa/+sourcepub/7507732/+listing-archive-extra
https://launchpad.net/~cyphermox/+archive/ubuntu/ppa/+build/12049062
https://launchpadlibrarian.net/307642168/buildlog_ubuntu-zesty-amd64.tpm2-tools_1.1-1_BUILDING.txt.gz

A diff of the upstream changelog is included.

Revision history for this message
Mathieu Trudel-Lapierre (cyphermox) wrote :
Revision history for this message
Mathieu Trudel-Lapierre (cyphermox) wrote :

Installation works without issues:

$ sudo apt install tpm2-tools
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following NEW packages will be installed:
  tpm2-tools
0 upgraded, 1 newly installed, 0 to remove and 10 not upgraded.
Need to get 185 kB of archives.
After this operation, 1,215 kB of additional disk space will be used.
Get:1 http://ppa.launchpad.net/cyphermox/ppa/ubuntu zesty/main amd64 tpm2-tools amd64 1.1-1 [185 kB]
Fetched 185 kB in 1s (163 kB/s)
Selecting previously unselected package tpm2-tools.
(Reading database ... 286303 files and directories currently installed.)
Preparing to unpack .../tpm2-tools_1.1-1_amd64.deb ...
Unpacking tpm2-tools (1.1-1) ...
Processing triggers for man-db (2.7.6.1-1) ...
Setting up tpm2-tools (1.1-1) ...

Revision history for this message
Mathieu Trudel-Lapierre (cyphermox) wrote :

Testing of tpm2-tools can be done by calling some of the binaries, even on uninitialized hardware:

$ /usr/sbin/tpm2_nvlist
1 NV indexes defined.

  0. NV Index: 0x1500015
  {
 Hash algorithm(nameAlg):4
  The Index attributes(attributes):0x44040004
  The size of the data area(dataSize):4
   }

$ /usr/sbin/tpm2_listpcrs -s
Supported Bank/Algorithm: TPM_ALG_SHA1(0x0004) TPM_ALG_SHA256(0x000b)

$ /usr/sbin/tpm2_listpcrs -g 0x04

Bank/Algorithm: TPM_ALG_SHA1(0x0004)
PCR_00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR_01: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR_02: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[...]

$ rm ticket hash
$ echo "toto" > toto
$ cat toto
toto
$ /usr/sbin/tpm2_hash -H n -g 0x04 -I toto -o hash -t ticket

hierarchyValue: 0x40000007

halg = 0x0004

tpm2_hash succ.

hash value(hex type): e6 e8 ea 74 65 f1 2e 4d 3b 5a 06 7a 4c 4d c6 98 43 6b 34 78

validation value(hex type):
$ sha1sum toto
e6e8ea7465f12e4d3b5a067a4c4dc698436b3478 toto
$ hexdump -vC hash
00000000 14 00 e6 e8 ea 74 65 f1 2e 4d 3b 5a 06 7a 4c 4d |.....te..M;Z.zLM|
00000010 c6 98 43 6b 34 78 00 00 00 00 00 00 00 00 00 00 |..Ck4x..........|
00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000040 00 00 |..|
00000042
$ hexdump -vC ticket
00000000 24 80 00 00 07 00 00 40 00 00 00 af 77 7f 00 00 |$......@....w...|
[...]

Mathieu Trudel-Lapierre (cyphermox)
summary: - Sync tpm2-tools from Debian unstable
+ [FFE] Sync tpm2-tools from Debian unstable
Revision history for this message
Iain Lane (laney) wrote :

Sounds good - I'll sync for you to save time.

Revision history for this message
Iain Lane (laney) wrote :

Done, but I quit syncpackage instead of letting it close this bug, oops

Changed in tpm2-tools (Ubuntu):
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.