密封数据使用TPM在Windows [英] Sealing Data using TPM In Windows
问题描述
我想在Windows中执行TPM密封操作。我熟悉C ++编程,但不知道我甚至使用哪些库。
I'd like to perform a TPM Seal operation in windows. I'm familiar with C++ programming but have no idea what libraries I'd even use.
我目前坚持以下两个问题:
I'm currently stuck with the following two questions:
我可以使用例如WMI和PowerShell脚本?这个 http:// msdn。 microsoft.com/en-us/library/windows/desktop/aa446799(v=vs.85).aspx 表示我可以使用TBS提交命令,但我没有最微弱的我将如何设置参数例如WMI。
Can I perform this action using e.g. WMI and a powershell script? This http://msdn.microsoft.com/en-us/library/windows/desktop/aa446799(v=vs.85).aspx indicates that I can use TBS To Submit a Command, but I don't have the faintest how I would set up the parameters in e.g. WMI.
我可以使用Windows 7 SDK中的tbs.h / tbs.lib来执行TPM_Seal操作吗?
Can I use the tbs.h/tbs.lib from the Windows 7 SDK to perform a TPM_Seal operation?
是否有TSS API像 http://trousers.sourceforge.net/ 那里我可以打电话这从一些C ++代码?
Is there a TSS API Like http://trousers.sourceforge.net/ where I can call this from some C++ Code?
我这样做的方法不是什么大不了的,但我在Windows上使用TPM 1.2,我的所有客户端都是Windows
The method through which I do this is not a big deal, but I am using TPM 1.2 on windows, and all of my clients are windows.
推荐答案
您可以使用 TPM Base Sevices 。所以您需要自己组装命令。
You can use TPM Base Sevices for sending commands to the TPM. So you need to assemble the commands yourself.
TPM命令,结构和流程在 3个文件:
The TPM commands, structures and flows are defined in 3 documents:
- Part 1 - Design Principles
- Part 2 - Structures of the TPM
- Part 3 - Commands
首先你需要弄清楚哪个comman你要发送然后,您必须在第3部分中查找命令的参考,并按第2部分所述组装所需的结构。
First you need to figure out which command you want to send. Then you have to lookup the command's reference in Part 3 and assembled the needed structures as described in Part 2.
TPM_seal 命令例如在第3部分的第72页的第10.1节中定义。第1331行显示了命令的样子。发出命令后,您可以根据行1332对所返回的结构进行评估(所有数字适用于修订版本116)。
The TPM_seal command for example is defined in section 10.1 on page 72 of Part 3. Line 1331 shows you how the command has to look like. After issuing the command you can evaluate the returned structure according to line 1332. (All numbers apply to revision 116.)
这可能真的很棘手。但是,您可以查看其他实现。如果你只需要一些命令,那就不是那么难,特别是当你可以确定一些角箱不会发生时。
This can be really tricky. However, you can have a look at other implementations. If you just need a few commands it's not that hard, especially when you can be sure that some cornercases don't happen.
我建议你开始看 IBM的软件TPM 。该项目还提供了 libtpm 和一些实用程序。这是我知道的更轻的实现之一。
I would suggest you start looking at IBM's software TPM. This project also provides libtpm and some utilities. This is one of the lighter implementations I know.
您还可以尝试 TrouSerS for Windows 足够稳定以满足您的需求。在那里你会有一个高水平的TSS API。
You can also try whether TrouSerS for Windows is stable enough to fit your needs. There you would have a highlevel TSS API.
如果Java是一个选项,看看 jTSS 。它支持Windows。
If Java is an option, have a look at jTSS. It supports Windows.
这篇关于密封数据使用TPM在Windows的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
