├── Scripts
    ├── TPM_reset_with_GPIO.sh
    ├── How to patch a kernel
    │   ├── 6_clean_all.sh
    │   ├── 2_clone_mount.sh
    │   ├── 1_dependencies.sh
    │   ├── README.md
    │   ├── 5_zip_checksum.sh
    │   ├── 3_build_kernel.sh
    │   └── 4_build_kernel7.sh
    └── tpm2_install.sh
├── LICENSE
└── README.md


/Scripts/TPM_reset_with_GPIO.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | # Reset the TPM without reboot
 4 | # only use for development!
 5 | 
 6 | pinctrl set 24 op
 7 | pinctrl set 24 dh
 8 | tpm2_getrandom 10
 9 | pinctrl set 24 dl
10 | tpm2_getrandom 10
11 | sleep 0.1
12 | pinctrl set 24 dh
13 | tpm2_getrandom 10
14 | tpm2_startup -c
15 | tpm2_getrandom 10
16 | 


--------------------------------------------------------------------------------
/Scripts/How to patch a kernel/6_clean_all.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/sh
 2 | 
 3 | echo "clean all folders, unmont the image and the tmpfs" >> ../../logfile.txt
 4 | date >> logfile.txt
 5 | 
 6 | sudo umount mnt0/fat32
 7 | sudo umount mnt0/ext4
 8 | sudo umount mnt1/fat32
 9 | sudo umount mnt1/ext4
10 | 
11 | sudo umount tmp/
12 | sudo losetup -D
13 | 
14 | sudo rm tmp/ -r -d
15 | sudo rm mnt0/ -r -d
16 | sudo rm mnt1/ -r -d
17 | sudo rm lite/ -r -d
18 | sudo rm *img* -r -d
19 | 
20 | 
21 | echo "finished
22 | 
23 | " >> logfile.txt
24 | 
25 | 
26 | 


--------------------------------------------------------------------------------
/Scripts/How to patch a kernel/2_clone_mount.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/sh
 2 | 
 3 | mkdir -p mnt0
 4 | mkdir -p mnt0/fat32
 5 | mkdir -p mnt0/ext4
 6 | sudo mount /dev/loop8p1 mnt0/fat32
 7 | sudo mount /dev/loop8p2 mnt0/ext4
 8 | 
 9 | mkdir -p mnt1
10 | mkdir -p mnt1/fat32
11 | mkdir -p mnt1/ext4
12 | sudo mount /dev/loop9p1 mnt1/fat32
13 | sudo mount /dev/loop9p2 mnt1/ext4
14 | 
15 | echo "create tmpfs" >> logfile.txt
16 | date >> logfile.txt
17 | 
18 | mkdir -p tmp
19 | sudo mount -t tmpfs tmpfs tmp/
20 | cd tmp
21 | 
22 | echo "git clone tools" >> ../logfile.txt
23 | date >> ../logfile.txt
24 | 
25 | git clone https://github.com/raspberrypi/tools
26 | export PATH=$PATH:~/tools
27 | 
28 | echo "git clone linux" >> ../logfile.txt
29 | date >> ../logfile.txt
30 | 
31 | git clone --depth=1 https://github.com/raspberrypi/linux
32 | 
33 | 
34 | 


--------------------------------------------------------------------------------
/Scripts/How to patch a kernel/1_dependencies.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/sh
 2 | echo "Start" >> logfile.txt
 3 | date >> logfile.txt
 4 | 
 5 | sudo apt-get install -y -q gcc-arm-linux-gnueabihf
 6 | sudo apt-get install -y gddrescue git libncurses5-dev bc rhash
 7 | 
 8 | echo "Download the image" >> logfile.txt
 9 | date >> logfile.txt
10 | 
11 | 
12 | sudo wget https://downloads.raspberrypi.org/raspbian_lite_latest
13 | sudo wget https://downloads.raspberrypi.org/raspbian_latest
14 | 
15 | echo "Unzip the image" >> logfile.txt
16 | date >> logfile.txt
17 | 
18 | sudo unzip raspbian_lite_latest
19 | sudo unzip raspbian_latest
20 | 
21 | sudo rm raspbian_latest
22 | sudo rm raspbian_lite_latest
23 | 
24 | 
25 | echo "Mount the image" >> logfile.txt
26 | date >> logfile.txt
27 | 
28 | sudo losetup /dev/loop8 -P *raspbian-stretch.img
29 | 
30 | sudo losetup /dev/loop9 -P *raspbian-stretch-lite.img
31 | 
32 | 
33 | 


--------------------------------------------------------------------------------
/Scripts/How to patch a kernel/README.md:
--------------------------------------------------------------------------------
 1 | # Example how to patch a Raspbian with TPM kernel driver
 2 | 
 3 | These six scripts shows you, how to patch an Image.
 4 | With kernel version 4.14.85 in the official Raspbian Image you'll never need this.
 5 | If you want to use an other image or another plattform you could use these script as reference. 
 6 | 
 7 | * 1_dependencies.sh
 8 |  * installs all dependencies
 9 |  * download and unzip the raspbian images
10 | * 2_clone_mount.sh
11 |  * clone all necessary repositories and mount the image in a loop device
12 | * 3_build_kernel.sh
13 |  * download the dto and build the new kernel for the raspberry Pi 1 and Zero
14 | * 4_build_kernel7.sh
15 |  * download the dto and build the new kernel7 for the raspberry Pi 2AB/3AB/3AB+
16 | * 5_zip_checksum.sh
17 |  * generates checksums over the image (md5, sha256 and sha512)
18 |  * zip the image
19 |  * generates checksums over the zip-file (md5, sha256 and sha512)
20 | * 6_clean_all.sh
21 |  * unmount the images
22 |  * delete everything you don't need
23 | 
24 | 
25 | 
26 | I hope it is helpfully! 
27 | 


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
 1 | MIT License
 2 | 
 3 | Copyright (c) 2018 Paul Kissinger
 4 | 
 5 | Permission is hereby granted, free of charge, to any person obtaining a copy
 6 | of this software and associated documentation files (the "Software"), to deal
 7 | in the Software without restriction, including without limitation the rights
 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 | 
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 | 
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.
22 | 


--------------------------------------------------------------------------------
/Scripts/How to patch a kernel/5_zip_checksum.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/sh
 2 | 
 3 | mkdir lite -p
 4 | cp *lite.img lite/
 5 | rm *lite.img
 6 | 
 7 | sha256sum *.img > $(basename *.img).sha256
 8 | md5sum *.img > $(basename *.img).md5
 9 | sha512sum *.img > $(basename *.img).sha512
10 | 
11 | zip letstrust-raspbian-image.zip *raspbian-stretch.img *.sha256 *.md5 *.sha512
12 | 
13 | sha256sum *.zip > $(basename *.zip .zip).sha256
14 | md5sum *.zip > $(basename *.zip .zip).md5
15 | sha512sum *.zip > $(basename *.zip .zip).sha512
16 | 
17 | cd lite/
18 | 
19 | sha256sum *.img > $(basename *.img).sha256
20 | md5sum *.img > $(basename *.img).md5
21 | sha512sum *.img > $(basename *.img).sha512
22 | 
23 | zip letstrust-raspbian-lite-image.zip *.img *.sha256 *.md5 *.sha512
24 | 
25 | sha256sum *.zip > $(basename *.zip .zip).sha256
26 | md5sum *.zip > $(basename *.zip .zip).md5
27 | sha512sum *.zip > $(basename *.zip .zip).sha512
28 | 
29 | echo "delete the image and the source zip" >> logfile.txt
30 | date >> logfile.txt
31 | 
32 | cd ..
33 | 
34 | sudo mv letstrust-raspbian-image.* lite/
35 | 
36 | rename lite new_image
37 | 
38 | sudo mkdir new_image -p
39 | 
40 | cd lite/
41 | 
42 | sudo mv letstrust* ../new_image
43 | 
44 | 
45 | 
46 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | # LetsTrust
 2 | 
 3 | This site collect usefull scripts, links and TPM2 related stuff.
 4 | Most relatet to the LetsTrust-TPM module for the Raspberry Pi.
 5 | The latset update of the script installs also the tcti device for the LetsTrust-TPM2Go
 6 | 
 7 | # News
 8 | 
 9 | 1.1 LetsTrust-TPM
10 | With Raspbian Stretch Kernel >= 4.14.85 you'll get the TPM 2.0 support build in!
11 | 
12 | Six easy steps to activate your TPM on the Rapsberry Pi:
13 | 
14 | * Step one:
15 |   * Open a (whatever) term on your Pi.
16 | * Step two:
17 |    * run a "sudo apt update && upgrade"
18 | * Step three:
19 |     * open the /boot/config.txt with "sudo nano /boot/config.txt"
20 |     * activate SPI with
21 |        * "dtparam=spi=on"
22 |     * and load the TPM device tree overlay with
23 |        * "dtoverlay=tpm-slb9670"
24 | * Step four:
25 |   * plug your LetsTrust-TPM on the right position and reboot your Raspberry Pi
26 | * Step five:
27 |   * Open a (whatever) term on your Pi and type "ls /dev/tpm" and
28 | * /dev/tpm0 and /dev/tpmrm0 will appear in yellow letters!
29 | * Step six:
30 |   * Be happy about your success!
31 | 
32 | 1.2 LetsTrust-TPM2Go
33 | 
34 | The tpm2_all.sh will also install everything for the LetsTrust-TPM2Go.
35 | Futher informations could be found here:
36 | https://github.com/PaulKissinger/LetsTrust-TPM2Go
37 | 
38 | # Scripts
39 | 
40 | * tpm2_all.sh
41 |   * Installs the dependencies for tpm2-software [1]
42 |   * Installs tpm2-tss (Tag: 4.1.3)
43 |   * Installs tpm2-abrmd (Tag: 3.0.0)
44 |   * Installs tpm2-tools (Tag: 5.7)
45 | 
46 | * How to patch a kernel (folder)
47 |   * Inlcude some scripts to patch your kernel, example for Raspbian
48 | 
49 | * TPM_reset_with_GPIO.sh
50 |   * Reset the LetsTrust-TPM with a pintoggle, only for development!
51 | 
52 | 
53 | 
54 |   [1] https://github.com/tpm2-software
55 | 


--------------------------------------------------------------------------------
/Scripts/tpm2_install.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | echo "dependencies for all tpm2 related software"
 4 | sudo apt -y update
 5 | sudo apt -y install doxygen libglib2.0-dev libdbus-1-dev automake libtool pkg-config gcc libssl-dev libcurl4-gnutls-dev autoconf-archive libcmocka0 libcmocka-dev net-tools build-essential git g++ m4 libgcrypt20-dev uthash-dev pandoc libusb-1.0-0-dev libjson-c-dev
 6 | 
 7 | echo "clone, compile and install the latest tpm2-tss version"
 8 | git clone https://github.com/tpm2-software/tpm2-tss.git
 9 | cd tpm2-tss
10 | git checkout 4.1.3
11 | ./bootstrap
12 | ./configure --with-udevrulesdir=/etc/udev/rules.d --with-udevrulesprefix=70-
13 | make -j4
14 | sudo make install
15 | sudo useradd --system --user-group tss
16 | sudo udevadm control --reload-rules && sudo udevadm trigger
17 | sudo ldconfig
18 | cd ..
19 | 
20 | echo "clone, compile and install the latest tpm2-abrmd version"
21 | git clone https://github.com/tpm2-software/tpm2-abrmd.git
22 | cd tpm2-abrmd
23 | git checkout 3.0.0
24 | ./bootstrap
25 | ./configure --with-dbuspolicydir=/etc/dbus-1/system.d --with-systemdsystemunitdir=/lib/systemd/system --with-systemdpresetdir=/lib/systemd/system-preset --datarootdir=/usr/share
26 | make -j4
27 | sudo make install
28 | 
29 | sudo ldconfig
30 | sudo pkill -HUP dbus-daemon
31 | sudo systemctl daemon-reload
32 | sudo systemctl enable tpm2-abrmd.service
33 | sudo systemctl start tpm2-abrmd.service
34 | 
35 | echo "dbus test"
36 | dbus-send --system --dest=org.freedesktop.DBus --type=method_call --print-reply /org/freedesktop/DBus org.freedesktop.DBus.ListNames
37 | 
38 | cd ..
39 | 
40 | echo "clone, compile and install the latest tpm2-tools version"
41 | git clone https://github.com/tpm2-software/tpm2-tools.git
42 | cd tpm2-tools
43 | git checkout 5.7
44 | ./bootstrap
45 | ./configure
46 | make -j4
47 | sudo make install
48 | 


--------------------------------------------------------------------------------
/Scripts/How to patch a kernel/3_build_kernel.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/sh
 2 | cd tmp
 3 | cd linux
 4 | 
 5 | echo "build Kernel for Raspi Zero" >> ../../logfile.txt
 6 | date >> ../../logfile.txt
 7 | 
 8 | echo Raspi 0/0W/1/Mod1
 9 | echo make ARCH=arm CROSS_COMPILE=arm-linux-gnueabihf- bcmrpi_defconfig
10 | KERNEL=kernel
11 | sudo make ARCH=arm CROSS_COMPILE=arm-linux-gnueabihf- bcmrpi_defconfig
12 | 
13 | echo "CONFIG_HW_RANDOM_TPM=m
14 | CONFIG_TCG_TPM=m
15 | CONFIG_TCG_TIS_CORE=m
16 | CONFIG_TCG_TIS_SPI=m
17 | CONFIG_SECURITYFS=y
18 | CONFIG_TCG_TIS=m
19 | CONFIG_TCG_TIS_I2C_ATMEL=n
20 | CONFIG_TCG_TIS_I2C_INFINEON=n
21 | CONFIG_TCG_TIS_I2C_NUVOTON=n
22 | CONFIG_TCG_ATMEL=n
23 | CONFIG_TCG_VTPM_PROXY=n
24 | CONFIG_TCG_TIS_ST33ZP24_I2C=n
25 | CONFIG_TCG_TIS_ST33ZP24_SPI=n
26 | CONFIG_TRUSTED_KEYS=m" >> .config
27 | 
28 | sudo wget https://letstrust.de/uploads/letstrust-tpm-overlay.dts -O arch/arm/boot/dts/overlays/letstrust-tpm-overlay.dts
29 | sudo make ARCH=arm CROSS_COMPILE=arm-linux-gnueabihf- zImage modules dtbs overlays/letstrust-tpm.dtbo -j12
30 | 
31 | echo "install Kernel for Raspi Zero in the image" >> ../../logfile.txt
32 | date >> ../../logfile.txt
33 | 
34 | sudo make ARCH=arm CROSS_COMPILE=arm-linux-gnueabihf- INSTALL_MOD_PATH=../../mnt0/ext4 modules_install
35 | sudo make ARCH=arm CROSS_COMPILE=arm-linux-gnueabihf- INSTALL_MOD_PATH=../../mnt1/ext4 modules_install
36 | sudo cp ../../mnt0/fat32/$KERNEL.img ../../mnt0/fat32/$KERNEL-backup.img
37 | sudo cp ../../mnt1/fat32/$KERNEL.img ../../mnt1/fat32/$KERNEL-backup.img
38 | sudo cp arch/arm/boot/zImage ../../mnt0/fat32/$KERNEL.img
39 | sudo cp arch/arm/boot/zImage ../../mnt1/fat32/$KERNEL.img
40 | sudo cp arch/arm/boot/dts/*.dtb ../../mnt0/fat32/
41 | sudo cp arch/arm/boot/dts/*.dtb ../../mnt1/fat32/
42 | sudo cp arch/arm/boot/dts/overlays/*.dtb* ../../mnt0/fat32/overlays/
43 | sudo cp arch/arm/boot/dts/overlays/*.dtb* ../../mnt1/fat32/overlays/
44 | sudo cp arch/arm/boot/dts/overlays/README ../../mnt0/fat32/overlays/
45 | sudo cp arch/arm/boot/dts/overlays/README ../../mnt1/fat32/overlays/
46 | 
47 | echo ../../mnt0/ext4/lib/modules/$(grep -o -m 1 "[0-9].[0-9][0-9].[0-9][0-9]" .config)+/build >> ../../logfile.txt
48 | 
49 | sudo rm ../../mnt0/ext4/lib/modules/$(grep -o -m 1 "[0-9].[0-9][0-9].[0-9][0-9]" .config)+/build
50 | sudo rm ../../mnt1/ext4/lib/modules/$(grep -o -m 1 "[0-9].[0-9][0-9].[0-9][0-9]" .config)+/source
51 | 
52 | sudo rm ../../mnt1/ext4/lib/modules/$(grep -o -m 1 "[0-9].[0-9][0-9].[0-9][0-9]" .config)+/build
53 | sudo rm ../../mnt0/ext4/lib/modules/$(grep -o -m 1 "[0-9].[0-9][0-9].[0-9][0-9]" .config)+/source
54 | 
55 | 
56 | 


--------------------------------------------------------------------------------
/Scripts/How to patch a kernel/4_build_kernel7.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/sh
 2 | cd tmp
 3 | cd linux
 4 | echo "build Kernel for Raspi Zero" >> ../../logfile.txt
 5 | date >> ../../logfile.txt
 6 | 
 7 | git clean -f
 8 | git reset --hard
 9 | 
10 | echo Raspi 2/3/Mod3
11 | 
12 | echo "build Kernel for Raspi 2/3b/3b+" >> ../../logfile.txt
13 | date >> ../../logfile.txt
14 | KERNEL=kernel7
15 | sudo make ARCH=arm CROSS_COMPILE=arm-linux-gnueabihf- bcm2709_defconfig
16 | 
17 | echo "CONFIG_HW_RANDOM_TPM=m
18 | CONFIG_TCG_TPM=m
19 | CONFIG_TCG_TIS_CORE=m
20 | CONFIG_TCG_TIS_SPI=m
21 | CONFIG_SECURITYFS=y
22 | CONFIG_TCG_TIS=m
23 | CONFIG_TCG_TIS_I2C_ATMEL=n
24 | CONFIG_TCG_TIS_I2C_INFINEON=n
25 | CONFIG_TCG_TIS_I2C_NUVOTON=n
26 | CONFIG_TCG_ATMEL=n
27 | CONFIG_TCG_VTPM_PROXY=n
28 | CONFIG_TCG_TIS_ST33ZP24_I2C=n
29 | CONFIG_TCG_TIS_ST33ZP24_SPI=n
30 | CONFIG_TRUSTED_KEYS=m" >> .config
31 | 
32 | wget https://letstrust.de/uploads/letstrust-tpm-overlay.dts -O arch/arm/boot/dts/overlays/letstrust-tpm-overlay.dts
33 | sudo make ARCH=arm CROSS_COMPILE=arm-linux-gnueabihf- zImage modules dtbs overlays/letstrust-tpm.dtbo -j12
34 | 
35 | echo "install Kernel for Raspi 2/3b/3b+ in the image" >> ../../logfile.txt
36 | date >> ../../logfile.txt
37 | 
38 | sudo make ARCH=arm CROSS_COMPILE=arm-linux-gnueabihf- INSTALL_MOD_PATH=../../mnt0/ext4 modules_install
39 | sudo make ARCH=arm CROSS_COMPILE=arm-linux-gnueabihf- INSTALL_MOD_PATH=../../mnt1/ext4 modules_install
40 | sudo cp ../../mnt0/fat32/$KERNEL.img ../../mnt0/fat32/$KERNEL-backup.img
41 | sudo cp ../../mnt1/fat32/$KERNEL.img ../../mnt1/fat32/$KERNEL-backup.img
42 | sudo cp arch/arm/boot/zImage ../../mnt0/fat32/$KERNEL.img
43 | sudo cp arch/arm/boot/zImage ../../mnt1/fat32/$KERNEL.img
44 | sudo cp arch/arm/boot/dts/*.dtb ../../mnt0/fat32/
45 | sudo cp arch/arm/boot/dts/*.dtb ../../mnt1/fat32/
46 | sudo cp arch/arm/boot/dts/overlays/*.dtb* ../../mnt0/fat32/overlays/
47 | sudo cp arch/arm/boot/dts/overlays/*.dtb* ../../mnt1/fat32/overlays/
48 | sudo cp arch/arm/boot/dts/overlays/README ../../mnt0/fat32/overlays/
49 | sudo cp arch/arm/boot/dts/overlays/README ../../mnt1/fat32/overlays/
50 | 
51 | sudo rm ../../mnt0/ext4/lib/modules/$(grep -o -m 1 "[0-9].[0-9][0-9].[0-9][0-9]" .config)-v7+/build
52 | sudo rm ../../mnt1/ext4/lib/modules/$(grep -o -m 1 "[0-9].[0-9][0-9].[0-9][0-9]" .config)-v7+/source
53 | 
54 | sudo rm ../../mnt1/ext4/lib/modules/$(grep -o -m 1 "[0-9].[0-9][0-9].[0-9][0-9]" .config)-v7+/build
55 | sudo rm ../../mnt0/ext4/lib/modules/$(grep -o -m 1 "[0-9].[0-9][0-9].[0-9][0-9]" .config)-v7+/source
56 | 
57 | 
58 | echo add "dtparam=spi=on dtoverlay=letstrust-tpm"
59 | echo "activate SPI over the confic file" >> logfile.txt
60 | date >> logfile.txt
61 | 
62 | sudo wget https://letstrust.de/uploads/config.txt -O ../../mnt0/fat32/config.txt
63 | sudo wget https://letstrust.de/uploads/config.txt -O ../../mnt1/fat32/config.txt
64 | 


--------------------------------------------------------------------------------