Comments (7)
williamcroberts
commented on June 13, 2024
Toggling physical presence is needed for testing PolicyPhysicalPresence and PP_Commands, I'm looking into a solution for the IBM simulator, but I'm unsure how to do it for swtpm.
I have no idea, maybe @stefanberger knows?
Adding an EK certs with matching EK primary keys and keeping them in the standard NV indices would be useful for testing a standard MakeCredential and ActivateCredential setup as well as EK cert parsing.
If we weren't hooking into bindings I'd be more concerned with this test case. Here we're mostly looking that we can call into the api and get the responses that we want. If theirs a bug, it would likely be in the C library.
from tpm2-pytss.
stefanberger
commented on June 13, 2024
I have no idea, maybe @stefanberger knows?
Afaik it's not possible.
from tpm2-pytss.
williamcroberts
commented on June 13, 2024
Further thought, we just have to test that command works, so we don't actually have to test the TPM accepts the policy. So just call the command, and optionally verify you get a hash back (length). For extra points, check the hash value is as expected. It should be a static policy hash.
from tpm2-pytss.
williamcroberts
commented on June 13, 2024
For PP_Commands, just call them and expect a specific failure.
from tpm2-pytss.
whooo
commented on June 13, 2024
I'll skip the physical presence part then and just check the RC
from tpm2-pytss.
whooo
commented on June 13, 2024
Adding an EK certs with matching EK primary keys and keeping them in the standard NV indices would be useful for testing a standard MakeCredential and ActivateCredential setup as well as EK cert parsing.
If we weren't hooking into bindings I'd be more concerned with this test case. Here we're mostly looking that we can call into the api and get the responses that we want. If theirs a bug, it would likely be in the C library.
The reason for the EK cert combined with a matching EK pub is that I'll add a pure python MakeCredential and would like to add a TPM cert parser using asn1crypto as they are both common pain points for people setting up remote attestation.
While both can be solved without an matching EK cert and EK pub it would be nice being able to test a common flow
from tpm2-pytss.
williamcroberts
commented on June 13, 2024
We test make credential without a TPM backend in the tools, for example. We output the public key in PEM format and use that over the EK Certificate. If you wanted to test against an x509 certificate, you could generate a certificate using tpm2-pkcs11 or tpm2-openssl-engine and the x509 command.
You could separately grab some actual EK certificates, and just run a unit test that you can convert/read them into this and mock any other parts.
from tpm2-pytss.
Related Issues (20)
- CryptoTest::test_unsupported_key FAILED with cryptography >= 41 HOT 2
- Build fails on i686 (Fedora) HOT 2
- Uncompleted function "verify_signature" HOT 4
- ECC Encryption not yet supported HOT 2
- buffer in get_calculated_json() hardcoded to 8096
- buffer in property description hardcoded to 8096
- docs build failing HOT 2
- Create an ecdsa key? HOT 20
- Access for PyPi HOT 1
- ERROR: Could not build wheels for tpm2-pytss, which is required to install pyproject.toml-based projects HOT 3
- Attestation Quote and sending Public AK and EK to remote server HOT 5
- Deprecate tools_encdec
- Import fails with cryptography 42.0.1 HOT 3
- 2.2.0 not in PyPi HOT 3
- releases > 2.1.0 are not done using signed tags HOT 13
- RFE: is it possible to start making github releases?🤔 HOT 1
- can not install on ubuntu 22.04 HOT 12
- Error in the installation of tpm2-pytss HOT 15
- Install Error : ubuntu 20.04.6 ARM64 [MAC M1 chip - Parallels 19] HOT 2
- nv_create return code HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from tpm2-pytss.