All of lore.kernel.org
 help / color / mirror / Atom feed
* [tpm2] Re: Want to use c++ to get TPM Serial Number - how do it?
@ 2021-07-21 17:08 Roberts, William C
  0 siblings, 0 replies; only message in thread
From: Roberts, William C @ 2021-07-21 17:08 UTC (permalink / raw)
  To: tpm2

[-- Attachment #1: Type: text/plain, Size: 2000 bytes --]

Getting the EK is not as easy as one would expect, it depends on how the TPM
manufacturer provisions it. Some require that you generate the EK and then
get a hash and look it up online, some store it in NV indices. IIRC, Infineon
TPM's store them in NV incidces. The tpm2_getekcertificate tool looks in the following NV indices:
#define RSA_EK_CERT_NV_INDEX 0x01C00002
#define ECC_EK_CERT_NV_INDEX 0x01C0000A

Since the EK is a primary key, you usually need to create it with a template defined in the link below.
This will then create a key that matches the manufacturer generated EK Certificate.

IIRC the NV indices and templates needed are covered in:
  - https://trustedcomputinggroup.org/wp-content/uploads/TCG_IWG_Credential_Profile_EK_V2.1_R13.pdf

So this would involve a NV read using the C API would look like calling the function
Esys_NV_Read().


________________________________
From: Andy Purcell <andy_purcell(a)keysight.com>
Sent: Tuesday, July 20, 2021 12:18 PM
To: tpm2(a)lists.01.org <tpm2(a)lists.01.org>
Subject: [tpm2] Want to use c++ to get TPM Serial Number - how do it?

I have a need to use C++ to obtain the unique TPM information – like a Serial Number.
My system is running Windows 10/64. This is on an HP Desktop PC with TPM 2.0 chip.

I can use PowerShell
Get-TpmEndorsementKeyInfo -hashalgorithm sha256

To get this output:
                …
ManufacturerCertificates : {[Subject]
                             TPMVersion=id:073E, TPMModel=SLB 9670 TPM2.0, TPMManufacturer=id:49465800
                           [Issuer]
                             CN=Infineon OPTIGA(TM) RSA Manufacturing CA 034, OU=OPTIGA(TM) TPM2.0, O=Infineon Technologies AG, C=DE
…
                           [Serial Number]
                             4880DE8E
                           [Thumbprint]
                             B8395DA6A1D661C8CCD35D47E3DA6E9532EFFEC4

But how can I get this same Serial Number information using C++?

ap


[-- Attachment #2: attachment.htm --]
[-- Type: text/html, Size: 6013 bytes --]

^ permalink raw reply	[flat|nested] only message in thread
only message in thread, other threads:[~2021-07-21 17:08 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-07-21 17:08 [tpm2] Re: Want to use c++ to get TPM Serial Number - how do it? Roberts, William C

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.