Demo 1: TPM Policy Basics (01_tpm_policy_basics.c)

TPM 2.0 policies:

• Read PCR (Platform Configuration Register) values
• Create PCR-based policies (boot integrity)
• Create password policies (PolicyAuthValue)
• Create compound policies (multiple conditions)
• Understanding policy digests

Technologies: TPM 2.0 (tpm2-tss library)

Demo 2: TPM + OpenSSL Signing (02_tpm_openssl_signing.c)

TPM policies with OpenSSL cryptography:

• Generate RSA-2048 keypairs with OpenSSL
• Sign data with RSA private keys
• Verify signatures with public keys
• Validate policy conditions with TPM
• Export keys in PEM format

Technologies: TPM 2.0 (tpm2-tss) + OpenSSL 3.x

Quick Start

Prerequisites

# Install required libraries
sudo apt install libtss2-dev libssl-dev build-essential

# Add user to TPM group (optional, to avoid sudo)
sudo usermod -a -G tss $USER
# Logout and login again for group to take effect

Build All Programs

make

Run Individual Demos

# Demo 1: TPM Policy Basics
make demo1

# Demo 2: TPM + OpenSSL Signing
make demo2

Run All Demos

make run-all

Manual Compilation

# Demo 1
gcc -Wall -Wextra -std=c11 -O2 01_tpm_policy_basics.c -o 01_tpm_policy_basics \
    -ltss2-esys -ltss2-sys -ltss2-mu -ltss2-tctildr -ltss2-rc

# Demo 2
gcc -Wall -Wextra -std=c11 -O2 02_tpm_openssl_signing.c -o 02_tpm_openssl_signing \
    -ltss2-esys -ltss2-sys -ltss2-mu -ltss2-tctildr -ltss2-rc -lssl -lcrypto

Manual Execution

# Run with sudo (if not in tss group)
sudo ./01_tpm_policy_basics
sudo ./02_tpm_openssl_signing

# Or with tss group
sg tss -c "./01_tpm_policy_basics"
sg tss -c "./02_tpm_openssl_signing"