1 1. Download TPM emulator - ibmtpm974.tar.gz
2 (Note: Optional. No need to execute this step if the system has real TPM device on it)
5 c. Run tpm_server binary - ./tpm_server –rm
7 2. Download TSS version 1.2.0
8 a. Run following commands
11 iii. If you face any error for pkg-config,
12 1. export PKG_CONFIG_PATH=/usr/local/lib/pkgconfig
13 iv. make && make install
15 3. Download tpm2-abrmd version 1.1.1
16 a. Run following commands
17 i. sudo useradd --system --user-group tss
21 v. If you face any error for pkg-config,
22 1. export PKG_CONFIG_PATH=/usr/local/lib/pkgconfig
23 vi. make && make install
24 vii. sudo udevadm control --reload-rules && sudo udevadm trigger
25 viii. sudo pkill -HUP dbus-daemon
26 ix. systemctl daemon-reload
27 b. Run tpm2-abrmd as follows - ./tpm2-abrmd -t socket
28 c. Check in tpm_server whether following debug prints are resulted in console, after resource manager startup
32 4. Download tpm2-tools version 2.1.0
33 a. Run the following commands
36 iii. make && make install
38 5. Now configure Initialize TPM, configure with Primary key and then save it in TPM’s NV ram
39 (Equivalent of script - initandverify/Init_and_create_tpm_primary.sh, you can run that script)
41 i. tpm2_startup -clear -T tabrmd –V
43 i. tpm2_takeownership -o new -e new -l new -T tabrmd –V
45 i. tpm2_createprimary -P new -A o -g 0x000B -G 0x0001 -T tabrmd -V -C PrimaryKeyBlob
46 d. Save primary Key in NV ram
47 i. tpm2_evictcontrol -A o -c ./PrimaryKeyBlob -S 0x81000011 -T tabrmd -V -P new
48 e. Check Primary Keys public portion
49 i. tpm2_readpublic -H 0x81000011 --opu out_primary_public -T tabrmd –V
50 f. If all the above commands are successful then TPM emulator, TPM resource manager and TPM tools are working fine
52 6. Now compile the TPM duplication and import tools with "make" command (after creation of Makefile) and run it as per instructions.
53 use "./ossl_tpm_duplicate --help" for usage.
54 use "./ossl_tpm_import --help" for usage.
56 7. Note: If you restart tpm_server, then you have to restart TPM resource manager too. And the repeat from step 5.