• From: Paris (France)
  • Registered: 2021-04-28
  • Posts: 12

Topic: Getting info about the TPM hardware using wolfTPM API

Hi,

I'm try to get some readable information about the hardware present (or not) into the PC (under windows).

For instance, when I run tpm.msc in a shell (cmd.exe), I get the manufacturer name ("IFX" for me),
the hardware version (7.62.3126.0 for me) and the API version (2.0).

My question is how to get these info using the wolfTPM API.
I tried the TPM2_GetCapability function with many combination of parameters, but in vain...

Thanks in advance !
Hadrien

Share

  • Registered: 2015-10-07
  • Posts: 415

Re: Getting info about the TPM hardware using wolfTPM API

Hi Hadrien,

It looks like you have an Infineon TPM 2.0 module, which is fully supported. You've probably already seen this documentation? https://github.com/wolfSSL/wolfTPM/blob … ndowTBS.md

cd wolftpm/
./autogen.sh
./configure --prefix="$PREFIX" --enable-winapi
make
./examples/wrap/wrap_test

There are two interfaces available to use. 1) The "TPM2_" standard API and 2) The "wolfTPM2_" wrappers.

The easiest will be the wrappers and the code looks like this:

WOLFTPM2_DEV dev;
WOLFTPM2_CAPS caps;

/* Init the TPM2 device */
rc = wolfTPM2_Init(&dev, TPM2_IoCb, userCtx);
if (rc != 0) return rc;

rc = wolfTPM2_GetCapabilities(&dev, &caps);
if (rc != 0) goto exit;

printf("Mfg %s (%d), Vendor %s, Fw %u.%u (%u), "
    "FIPS 140-2 %d, CC-EAL4 %d\n",
    caps.mfgStr, caps.mfg, caps.vendorStr, caps.fwVerMajor,
    caps.fwVerMinor, caps.fwVerVendor, caps.fips140_2, caps.cc_eal4);

Thanks,
David Garske, wolfSSL

Share

3 Reply by Grizzy Kret (edited by Grizzy Kret 2021-06-07 02:16:14)

  • From: Paris (France)
  • Registered: 2021-04-28
  • Posts: 12

Re: Getting info about the TPM hardware using wolfTPM API

Thanks David,
sorry I missed this snippet in wrap_test.c.
It works fine, but I still don't see how the get the spec version (1.2 or 2.0).

By the way, in the function wolfTPM2_ParseCapabilities, I saw a slight mistake:
In the XMEMCMPs between caps->mfgStr and the const strings, the length parameter seem to be inconsistant...

Hadrien

Share

  • Registered: 2015-10-07
  • Posts: 415

Re: Getting info about the TPM hardware using wolfTPM API

Hi Hadrien,

This code will only work with a TPM 2.0 module. With a TPM 1.2 module it will fail. Sorry I don't have any example of how that failure would look.

Thanks,
David Garske, wolfSSL

Share

  • Registered: 2020-11-04
  • Posts: 16

Re: Getting info about the TPM hardware using wolfTPM API

Hi Hadrien,

Have you tried running the native tests in wolfTPM?

They provide some of the TPM 2.0 Capabilities in human readable form.

Launch from ./examples/native/native_test

... and scroll up, it is one of the first tests.

We would also welcome a contribution to our GitHub repo. wolfTPM is an open-source software with commercial support. Thus, you could submit a new example with nice prints about the TPM capabilities. It could be ./examples/caps smile

Please note what David highlighted - wolfTPM works with TPM 2.0. Because TPM 1.2 is obsolete and not recommended by the TCG (Trusting Computing Group).

Thanks,
Dimi

Dimi

Dimi Tomov,
wolfSSL Engineer and Founder of TPM.dev

Share