{"id":13564078,"url":"https://github.com/9elements/tpmtool","last_synced_at":"2025-04-12T06:54:23.652Z","repository":{"id":34600569,"uuid":"137413628","full_name":"9elements/tpmtool","owner":"9elements","description":"A Linux only tool for TPM interaction","archived":false,"fork":false,"pushed_at":"2022-03-25T17:34:27.000Z","size":4459,"stargazers_count":36,"open_issues_count":4,"forks_count":11,"subscribers_count":9,"default_branch":"master","last_synced_at":"2025-04-12T06:54:17.407Z","etag":null,"topics":["cryptsetup","tool","tpm","tpm2"],"latest_commit_sha":null,"homepage":"https://www.tpmtool.org","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"bsd-3-clause","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/9elements.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2018-06-14T22:00:42.000Z","updated_at":"2025-03-08T02:06:07.000Z","dependencies_parsed_at":"2022-07-22T08:32:22.015Z","dependency_job_id":null,"html_url":"https://github.com/9elements/tpmtool","commit_stats":null,"previous_names":["systemboot/tpmtool"],"tags_count":3,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/9elements%2Ftpmtool","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/9elements%2Ftpmtool/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/9elements%2Ftpmtool/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/9elements%2Ftpmtool/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/9elements","download_url":"https://codeload.github.com/9elements/tpmtool/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248530585,"owners_count":21119595,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cryptsetup","tool","tpm","tpm2"],"created_at":"2024-08-01T13:01:26.334Z","updated_at":"2025-04-12T06:54:23.626Z","avatar_url":"https://github.com/9elements.png","language":"Go","readme":"tpmtool is a tool for TPM interaction and disk encryption. It is written in pure Go.\n\n# Basic Features\n\n-   Supports TPM 1.2 and 2.0 with [Go TSS](https://github.com/google/go-tpm).\n-   Higher TPM abstraction layer (TSPI) is implemented.\n-   Written in pure Go.\n-   TPM states are derived by Linux sysfs.\n-   Automatic TSS selection based on TPM version.\n-   TPM1 \u0026 TPM2 event log parser\n-   **Currently only TSPI for TPM specification 1.2 is available.**\n\n## Core Features\n\n-   Shows the TPM status.\n\n```bash\nTPM Manufacturer:          STMicroelectronics\nTPM spec:                  1.2\nTPM owned:                 true\nTPM activated:             true\nTPM enabled:               true\nTPM temporary deactivated: false\n```\n\n-   Dumps Endorsement Key into a file and shows the fingerprint.\n-   Takes ownership of the TPM.\n-   Clears ownership of the TPM.\n-   Resets TPM lock in case of active bruteforce detection.\n-   Sealing/Unsealing credentials with custom/current set of PCRs.\n-   Resealing of credentials using a sealing configuration for PCR pre-calculation\n-   List and read PCRs\n-   Measures a file into given PCR index.\n-   Dump TPM eventlog from OS or custom eventlog binary file input.\n-   Cryptsetup:\n    -   Format device and seal credential.\n    -   Open device by sealed credential.\n    -   Close device.\n    -   Measure device luks header into a given PCR.\n\n# Package Availability\n\n[![Packaging status](https://repology.org/badge/vertical-allrepos/tpmtool.svg)](https://repology.org/metapackage/tpmtool)\n\n# Dependencies\n\n-   [cryptsetup](https://gitlab.com/cryptsetup/cryptsetup) binary is required for the disk commands.\n\n# PCR pre-calculation\n\nPCR pre-calculation is an important feature to reseal credential in case of PCR changes e.g. kernel/firmware update.\n\nUsage:\n\n```bash\ntpmtool crypt reseal sealing.yml sealed-key.file\n```\n\nExample sealing configuration:\n\n```yaml\n---\npcr0:\n  - method: measure\n    filepaths:\n      - /boot/kernel\n      - /boot/initramfs\n  - method: extend\n    hashes:\n      - 8dad1c80be028384f26b929b7e7e251fbe3c1d5\npcr1:\n  - method: dynamic\npcr2:\n  - method: static\n    hash: c3018af653e2f1a16118dd8bab2f409fbc82aa9f\npcr3:\n  - method: log\n    firmware: UEFI\n```\n\n## Calculation methods\n\nEvery PCR can contain different calculation methods. The static and dynamic method are standalone and can't be used with other methods.\n\n### Static\n\nOverwrites and sets the PCR hash you define.\n\n**method:** static\n\n**hash:** 8dad1c80be028384f26b929b7e7e251fbe3c1d5 (string type)\n\n### Dynamic\n\nGets the current PCR of the TPM. Overwrites and sets the hash.\n\n**method:** dynamic\n\n### Extend\n\nExtends a hash into the current PCR.\n\n**method:** extend\n\n**hashes:** [ 8dad1c80be028384f26b929b7e7e251fbe3c1d5, c3018af653e2f1a16118dd8bab2f409fbc82aa9f ] \\(array type)\n\n### FimwareLog\n\nUses the existing firmware log for PCR pre-calculation.\n\n**method:** log\n\n**firmware:** BIOS (enum type){UEFI, BIOS}\n\n### Measure\n\nMeasures a file into the current PCR.\n\n**method:** measure\n\n**filepaths:** [ /foo/bash, /test/foo ] \\(array type)\n\n### Luks\n\nMeasures a LUKS header of a device into the current PCR.\n\n**method:** luks\n\n**devicepath:** /dev/sda (string type)\n","funding_links":[],"categories":["Go"],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2F9elements%2Ftpmtool","html_url":"https://awesome.ecosyste.ms/projects/github.com%2F9elements%2Ftpmtool","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2F9elements%2Ftpmtool/lists"}