A unipolar TPM 2.0 implementation.

Clone this repo:
  1. 8a7ff19 fix(message): add missing PolicySecretResponse parameters by Jarkko Sakkinen · 35 hours ago main
  2. 14cba04 fix(tpmu): clippy issues by Jarkko Sakkinen · 3 days ago
  3. 4cc0198 fix(macros): implement backwards compatible dispatch check by Jarkko Sakkinen · 3 days ago
  4. 174b055 fix(tpmu): add the missing variant by Jarkko Sakkinen · 5 days ago
  5. 91635c2 fix(data): incorrect asym declarations by Jarkko Sakkinen · 5 days ago

TPM 2.0 marshaller/unmarshaller

A unipolar no_std TPM 2.0 implementation that does not require heap allocator and has zero dependencies.

Roadmap

Roadmap in main is that iteratively the following process is executed:

  1. Every existing data type will get its equivalent “cast” counterpart
  2. Once all of this is done the pre-existing structures will be deleted
  3. As the final step “Cast” postfix will removed from everything else except of course TpmCast and TpmCastMut themselves

Thus, also tests for building and parsing have been removed. They continue to persist in 0.10.x branch, which accepts also fixes and improvements for the legacy framework.

Development

Mailing List

The list can be subscribed by sending an empty message to tpm-protocol+subscribe@lists.linux.dev, Unsubscribing follows the same exact pattern except that the subaddress is +unsubscribe. With that all out of the way it is good to remark that the process is relaxed in the sense that opening a thread in the list, or submitting a patch does not require a subscription.

As already denoted in the previous section, patches and other messages can be posted to tpm-protocol@lists.linux.dev. The mailing list archive is available at https://lore.kernel.org/tpm-protocol/.

NOTE: emails must be in text/plain. format. Emails in any other format, e.g. text/html, will be automatically discarded by the list server, and they won't appear in the mailing list.

Build System

The project provides a Makefile with make test target. The unit test is by design compiling with GNU make and rustc, and it outputs kselftest compatible exit codes. This ensures that is code that can be imported to Linux kernel.

Architecture

tpm2_protocol is a low-level and policy-free library for TPM 2.0 command and response building and parsing.

The primary design goal is to be correct against TCG specifications, and to be usable in constrained environments.

The correctness is validated to the point that no rules will be introduced that could be considered as policy. In particular the number of sessions is limited against MAX_SESSIONS but not against number of allowed sessions specified for a particular command.

Licensing

The tpm2-protocol library is licensed under the permissive MIT OR Apache-2.0 license to allow for wide adoption.