TPM 2.0 policies:
- Read PCR (Platform Configuration Register) values
- Create PCR-based policies (boot integrity)
- Create password policies (PolicyAuthValue)
- Create compound policies (multiple conditions)
- Understanding policy digests
Technologies: TPM 2.0 (tpm2-tss library)
TPM policies with OpenSSL cryptography:
- Generate RSA-2048 keypairs with OpenSSL
- Sign data with RSA private keys
- Verify signatures with public keys
- Validate policy conditions with TPM
- Export keys in PEM format
Technologies: TPM 2.0 (tpm2-tss) + OpenSSL 3.x
# Install required libraries
sudo apt install libtss2-dev libssl-dev build-essential
# Add user to TPM group (optional, to avoid sudo)
sudo usermod -a -G tss $USER
# Logout and login again for group to take effectmake# Demo 1: TPM Policy Basics
make demo1
# Demo 2: TPM + OpenSSL Signing
make demo2make run-all# Demo 1
gcc -Wall -Wextra -std=c11 -O2 01_tpm_policy_basics.c -o 01_tpm_policy_basics \
-ltss2-esys -ltss2-sys -ltss2-mu -ltss2-tctildr -ltss2-rc
# Demo 2
gcc -Wall -Wextra -std=c11 -O2 02_tpm_openssl_signing.c -o 02_tpm_openssl_signing \
-ltss2-esys -ltss2-sys -ltss2-mu -ltss2-tctildr -ltss2-rc -lssl -lcrypto# Run with sudo (if not in tss group)
sudo ./01_tpm_policy_basics
sudo ./02_tpm_openssl_signing
# Or with tss group
sg tss -c "./01_tpm_policy_basics"
sg tss -c "./02_tpm_openssl_signing"