Activity for IBM's Software TPM 2.0

Ken Goldman committed [2cb5b0] on Git

Ken Goldman — Thu, 12 Feb 2026 22:39:08 -0000

Update the license for several files.

Ken Goldman committed [c9cdd0] on Git

Ken Goldman — Fri, 12 Dec 2025 15:41:46 -0000

tpm: Update to OpenSSL 3.6

Ken Goldman committed [3e3bcd] on Git

Ken Goldman — Fri, 12 Dec 2025 15:41:46 -0000

Merge branch 'master' of github.ibm.com:kgoldman/ibmswtpm2

Ken Goldman committed [88f21d] on Git

Ken Goldman — Fri, 12 Dec 2025 15:41:46 -0000

tpm2: stable-0.7: Fix for VRT0009

Ken Goldman committed [a9aa06] on Git

Ken Goldman — Fri, 12 Dec 2025 15:41:46 -0000

tpm2: Avoid NULL pointer access in case allocation fails

Ken Goldman committed [4421b4] on Git

Ken Goldman — Fri, 12 Dec 2025 15:41:46 -0000

Merge branch 'next' of github.ibm.com:kgoldman/ibmswtpm2

Ken Goldman committed [6eb851] on Git

Ken Goldman — Fri, 12 Dec 2025 15:41:46 -0000

tpm2: Initialize eccPublic before passing to TPMS_ECC_POINT_Unmarshal (Coverity)

Ken Goldman committed [6f0ec3] on Git

Ken Goldman — Fri, 12 Dec 2025 15:41:46 -0000

tpm2: Address a possible unsigned integer underflow (Coverity)

Ken Goldman committed [c68d6d] on Git

Ken Goldman — Fri, 12 Dec 2025 15:41:46 -0000

tpm2: Filter bad input values to avoid underflow in FindNthSetBit (Coverity)

Ken Goldman committed [817b89] on Git

Ken Goldman — Fri, 12 Dec 2025 15:41:46 -0000

Merge branch 'master' of github.ibm.com:kgoldman/ibmswtpm2

Ken Goldman committed [57fc29] on Git

Ken Goldman — Fri, 12 Dec 2025 15:41:46 -0000

Merge branch 'next' of github.ibm.com:kgoldman/ibmswtpm2

Ken Goldman committed [be8f59] on Git

Ken Goldman — Fri, 12 Dec 2025 15:41:46 -0000

Merge branch 'master' of github.ibm.com:kgoldman/ibmswtpm2

Ken Goldman committed [b259de] on Git

Ken Goldman — Fri, 12 Dec 2025 15:41:46 -0000

fix compilation issue in aix

Ken Goldman committed [7f35eb] on Git

Ken Goldman — Thu, 29 May 2025 21:37:23 -0000

Fix masking-out of unneeded bits in TpmMath_GetRandomBits

Ken Goldman committed [431535] on Git

Ken Goldman — Fri, 02 May 2025 19:32:11 -0000

apply AWS-LC patch

Ken Goldman committed [e0642d] on Git

Ken Goldman — Fri, 02 May 2025 19:32:11 -0000

rev180: Use CRYPT_CURVE_FREE to free CTX and G

Ken Goldman committed [678440] on Git

Ken Goldman — Fri, 02 May 2025 19:32:11 -0000

tpm: Object: clear out sensitive area if on load if not provided

Ken Goldman committed [27904a] on Git

Ken Goldman — Fri, 02 May 2025 19:32:11 -0000

tpm2: Initialize a whole OBJECT before using it

Ken Goldman committed [720ed4] on Git

Ken Goldman — Fri, 02 May 2025 19:32:11 -0000

tpm: Update to OpenSSL 3.5

Ken Goldman committed [8eff3d] on Git

Ken Goldman — Fri, 02 May 2025 19:32:11 -0000

fix compilation issue in aix

Virender posted a comment on discussion General Discussion

Virender — Fri, 27 Dec 2024 18:38:08 -0000

Thank you for your quick guidance. I mistook Wmissing and Werror as error.

Ken Goldman posted a comment on discussion General Discussion

Ken Goldman — Mon, 23 Dec 2024 18:58:58 -0000

I don't see any errors. It looks like the build completed. BTW, you do not have to be root to build the software.

Virender posted a comment on discussion General Discussion

Virender — Mon, 23 Dec 2024 12:22:37 -0000

Hi Ken, In my attempt to install tpm 2.0 on ubuntu 22.04 in virtualbox, I am getting the following errors: root@virender-VirtualBox:/home/virender/ibmtpm1682/src# make /usr/bin/gcc -Wall -Wmissing-declarations -Wmissing-prototypes -Wnested-externs -Werror -Wsign-compare -Wno-deprecated-declarations -c -ggdb -O0 -DTPM_POSIX -D_POSIX_ -DTPM_NUVOTON -DUSE_BIT_FIELD_STRUCTURES=NO ACTCommands.c -o ACTCommands.o /usr/bin/gcc -Wall -Wmissing-declarations -Wmissing-prototypes -Wnested-externs -Werror -Wsign-compare...

Ken Goldman committed [f27b51] on Git

Ken Goldman — Wed, 11 Dec 2024 21:35:34 -0000

Update to openssl 3.4

Ken Goldman posted a comment on discussion General Discussion

Ken Goldman — Fri, 11 Oct 2024 13:37:07 -0000

Is the issue the phrase "All Rights Reserved"? IANAL, but my understanding is that this is obsolete but OK. E.g., it's in the Linux kernel at LICENSES/preferred/BSD-3-Clause. If this is a real issue blocking your use case, can you perhaps have your legal team contact me?

txtsd posted a comment on discussion General Discussion

txtsd — Thu, 10 Oct 2024 16:58:21 -0000

Nothing additional is needed, but the contents of the file have to make sense. So the file that exists has (c) Copyright IBM Corporation 2016. and All rights reserved. which are not BSD-3-Clause. Do you know if they supersede (or how they supplement) the BSD license? We could end up with an SPDX string like BSD-3-Clause OR LicenseRef-IBMfoobar

Ken Goldman posted a comment on discussion General Discussion

Ken Goldman — Thu, 10 Oct 2024 16:53:20 -0000

Isn't that already there? There is a LICENSE file. Do I need something additional, like 'SPDX=something'?

txtsd posted a comment on discussion General Discussion

txtsd — Thu, 10 Oct 2024 13:23:22 -0000

Yes, just create a LICENSE in the root dir with the contents/text of the BSD-3-Clause: https://spdx.org/licenses/BSD-3-Clause.html

Ken Goldman posted a comment on discussion General Discussion

Ken Goldman — Thu, 10 Oct 2024 13:12:08 -0000

I believe that this is BSD-3-Clause. If you agree, is there a file or other place that I should add it?

txtsd posted a comment on discussion General Discussion

txtsd — Thu, 10 Oct 2024 07:45:51 -0000

The SPDX License list can be found here: https://spdx.org/licenses/

CPC modified a comment on discussion General Discussion

CPC — Wed, 11 Sep 2024 14:57:40 -0000

For first time I can use load and push my data 48 bytes inside the TPM, later I will delete the handles deliberately , then i want to recover my data after my hardware reboot. 1)./createprimary -hi o -ecc nistp256 -pwdp test1 .2)/create -hp -opu sealed_data.pub -opr sealed_data.priv -pwdp test1 .3)/load -hp -ipu sealed_data.pub -ipr sealed_data.priv -pwdp test1 -c sealed_data.ctx 4)./evictcontrol -hi o -ho -hp 0x81010001 5)rm sealed_data.pub sealed_data.priv...

CPC posted a comment on discussion General Discussion

CPC — Wed, 11 Sep 2024 14:56:12 -0000

Ken Goldman posted a comment on discussion General Discussion

Ken Goldman — Wed, 11 Sep 2024 14:43:00 -0000

TPM_PT_HR_PERSISTENT_AVAIL gives a minimum, but a TPM is permitted to return 1 even when more can fit. The reason it's an estimate is that a small sealed blob with no authorization takes up less space than an RSA 4096 key with a SHA-384 policy and a long password.

CPC posted a comment on discussion General Discussion

CPC — Wed, 11 Sep 2024 14:31:06 -0000

Thanks Ken, any way to check how may slots remining using getcapability and push the sealed data using evcitcontrol command example , If I am not wrong I have clean the data back using same evcitcontrol.

Ken Goldman posted a comment on discussion General Discussion

Ken Goldman — Wed, 11 Sep 2024 14:28:05 -0000

Sealed data is an object, and can be persisted using evictcontrol. However, there are very few TPM slots, so it's better to store the blob externally and back it up like you back up any other data.

CPC posted a comment on discussion General Discussion

CPC — Wed, 11 Sep 2024 14:19:22 -0000

How to persist the sealed data?

Ken Goldman posted a comment on discussion General Discussion

Ken Goldman — Wed, 11 Sep 2024 13:57:21 -0000

I don't think so. The TPM is resource constrained. It's designed so that minimal state is on the TPM and other data is stored externally, protected by the TPM. Back up the sealed data. Persist the sealed data, but there are only about 7 persistent slots. You can fill them all.

CPC posted a comment on discussion General Discussion

CPC — Wed, 11 Sep 2024 04:42:28 -0000

Hello Ken, I have these below commands , I want to understand how we can get back the sea.bin if , I delete my tpmpub.bin and tpmpriv.bin. 1) ./createprimary -hi o -pwdp test1 -ecc nistp256 2) ./evictcontrol -hi o -ho 80000000 -hp 81200000 3) ./create -hp 81200000 -bl -if sea.bin -opr tpmpriv.bin -opu tpmpub.bin 4) ./load -hp 81200000 -ipu tpmpub.bin -ipr tpmpriv.bin 5) ./unseal -ha 80000002 -of sec_out.bin Please let me know, I accidently delete my tpmpriv.bin and tpmpriv.bin, is there way to get...

Ken Goldman committed [89a4cb] on Git

Ken Goldman — Fri, 02 Aug 2024 19:45:32 -0000

src/BnToOsslMath.h: fix build with openssl 3.3.x

Tomasz Maczkowski posted a comment on discussion General Discussion

Tomasz Maczkowski — Mon, 17 Jun 2024 14:12:04 -0000

Thank you for your response, Ken. It looks like it is working from the latest master.

Ken Goldman posted a comment on discussion General Discussion

Ken Goldman — Tue, 11 Jun 2024 15:04:49 -0000

Could you try the latest master, or the latest tagged commit? I think this was fixed.

Tomasz Maczkowski posted a comment on discussion General Discussion

Tomasz Maczkowski — Wed, 05 Jun 2024 13:13:34 -0000

During compilation of the project against OpenSSL 3.2.1 following compilation errors occur: In file included from BnValues.h:324, from Global.h:80, from Tpm.h:78, from AuditCommands.c:62: TpmToOsslMath.h:79:5: error: #error Untested OpenSSL version 79 | # error Untested OpenSSL version | ^~~~~ Are there any plans to simulate TPM using recent versions of OpenSSL (e.g. 3.2.1)?

Ken Goldman modified a comment on a wiki page

Ken Goldman — Tue, 21 May 2024 15:47:59 -0000

For big endian machines, build with BIG_ENDIAN_TPM=YES The download is a compressed tarball. Evidently, some versions of gnu tar for Windows aren't built to handle compressed files. If the untar fails, try this: > gzip -d ibmtpmnnn.tar.gz # unzip > tar xvf ibmtpmnnn.tar # untar Any TPM needs TPM2_Startup as its first command. A BIOS supporting a hardware TPM 2.0 will send this command. Otherwise, see the IBM TSS "startup" sample. ** For future changes notes, see the ChangeLog. ** **Build 1682 includes...

Ken Goldman committed [d40025] on Git

Ken Goldman — Mon, 08 Apr 2024 17:59:32 -0000

Merge branch 'master' of github.ibm.com:kgoldman/ibmswtpm2

Ken Goldman committed [d47972] on Git

Ken Goldman — Mon, 08 Apr 2024 17:59:32 -0000

TcpServerPosix fails to build with gcc7 due to uninitialized value warning

Ken Goldman committed [a1537c] on Git

Ken Goldman — Mon, 08 Apr 2024 17:33:32 -0000

Merge branch 'next'

Ken Goldman committed [cc8dfa] on Git

Ken Goldman — Mon, 08 Apr 2024 17:33:32 -0000

TcpServerPosix: Fix use of uninitialized value.

Ken Goldman committed [a23c41] on Git

Ken Goldman — Mon, 08 Apr 2024 17:33:32 -0000

README.md: Update ibmtss project URL

Ken Goldman committed [dcd6c8] on Git

Ken Goldman — Mon, 08 Apr 2024 16:02:56 -0000

README.md: Update ibmtss project URL

Ken Goldman committed [54deb0] on Git

Ken Goldman — Mon, 08 Apr 2024 15:52:07 -0000

tpm: Update VS project to openssl 3.2

Ken Goldman committed [c37c74] on Git