Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision		 Previous revision
public:research:tpm_live [2020-09-19 16:11] xsvendapublic:research:tpm_live [2023-02-16 09:43] (current) xdufka1
Line 1: Line 1:
 ====== Research: Analysis of Trusted Platform Module chips ====== ====== Research: Analysis of Trusted Platform Module chips ======
 ~~NOTOC~~ ~~NOTOC~~
 +<callout type="danger" icon="true">This guide is already out of date. Please use the version on page  [[https://crocs.fi.muni.cz/tpm | 
 +https://crocs.fi.muni.cz/tpm]]. </callout>
 +
 <text size="large"> <text size="large">
 The goal of the research is to get a better understanding of the Trusted Platform Modules ecosystem. Such information is vital for the designers and developers using this technology, allowing then to answer questions like: What fraction of devices has TPM chip? Which cryptographic algorithms are widely supported? What is the overhead of computing a digital signature? The goal of the research is to get a better understanding of the Trusted Platform Modules ecosystem. Such information is vital for the designers and developers using this technology, allowing then to answer questions like: What fraction of devices has TPM chip? Which cryptographic algorithms are widely supported? What is the overhead of computing a digital signature?
Line 30: Line 33:
  
   - Prepare an empty USB drive with at least 4GB size (IMPORTANT: all content will be erased)   - Prepare an empty USB drive with at least 4GB size (IMPORTANT: all content will be erased)
-  - Download live USB image: https://www.fi.muni.cz/~xzatovic/algtest-usb-disk.img and save to disk (e.g., folder C:\TPM\)+  - Download live USB image: [[https://drive.google.com/file/d/1szV-cMR2k7Ag93lpv7hdGpMG6UykZzle/view?usp=sharing|algtest-usb-disk.img]] and save to disk (e.g., folder C:\TPM\)
   - Download and install [[https://www.balena.io/etcher/|Balena Etcher]] (Windows, Linux, Mac) to create bootable USB drive. (Alternatively, you may use [[https://rufus.ie/|Rufus]] instead (Windows only)).   - Download and install [[https://www.balena.io/etcher/|Balena Etcher]] (Windows, Linux, Mac) to create bootable USB drive. (Alternatively, you may use [[https://rufus.ie/|Rufus]] instead (Windows only)).
-  - Run Balena Etcher, click //Select image// and browse for previously dowloaded algtest-usb-disk.img on your disk+  - Run Balena Etcher, click //Select image// and browse for previously downloaded algtest-usb-disk.img on your disk
   - Insert empty USB drive, click //Select target// and pick the USB disk    - Insert empty USB drive, click //Select target// and pick the USB disk 
     * (double-check that displayed drive is your intended USB drive – check the label, check size)     * (double-check that displayed drive is your intended USB drive – check the label, check size)
Line 38: Line 41:
  
 <TEXT align="center"> <TEXT align="center">
-<button>[[https://www.balena.io/etcher/|Download Balena Etcher]]</button>\_\_\_<button>[[https://www.fi.muni.cz/~xzatovic/algtest-usb-disk.img|Download USB image]] </button> +<button>[[https://www.balena.io/etcher/|Download Balena Etcher]]</button>\_\_\_<button>[[https://drive.google.com/file/d/1szV-cMR2k7Ag93lpv7hdGpMG6UykZzle/view?usp=sharing|Download USB image]] </button> \_\_\_[[https://www.fi.muni.cz/~xsvenda/algtest-usb-disk_v0.1.1.img|Secondary mirror]] \_\_\_ [[https://drive.google.com/drive/folders/1rrzuAhf4v-98SvaSLWdl9Hnx1O2N36GF?usp=sharing | GPG signature]] \_ [[https://keybase.io/petrs#show-public | (key)]]
 </TEXT> </TEXT>
 +
 <row> <row>
 <col xs="12" md="6">{{ :public:research:balena1.png?direct&400&link |}}<TEXT align="center" type="muted">//Click to enlarge the image.//</TEXT></col> <col xs="12" md="6">{{ :public:research:balena1.png?direct&400&link |}}<TEXT align="center" type="muted">//Click to enlarge the image.//</TEXT></col>
Line 52: Line 56:
 Duration: Running Fedora-based system from the bootable device and data collection will take approximately 2-3 hours. Duration: Running Fedora-based system from the bootable device and data collection will take approximately 2-3 hours.
 </text> </text>
 +  * Place your computer to steady location (on the desk) and plug in power cable.
   * Insert installed USB drive from step 1 into the computer and restart your machine.   * Insert installed USB drive from step 1 into the computer and restart your machine.
   * If prompted, select boot from USB device instead of standard disk. Select //Start Fedora-algtest-Live 32// boot option.   * If prompted, select boot from USB device instead of standard disk. Select //Start Fedora-algtest-Live 32// boot option.
Line 75: Line 79:
   - Plug the USB drive, new drive with label ''algtest_res'' is mounted (e.g., 'E:\').   - Plug the USB drive, new drive with label ''algtest_res'' is mounted (e.g., 'E:\').
   - Locate file(s) with a file name in the form of ''algtest_result_xxxxxx-xxxx-xxxx-xxxx-xxxxxxxx.zip''.   - Locate file(s) with a file name in the form of ''algtest_result_xxxxxx-xxxx-xxxx-xxxx-xxxxxxxx.zip''.
-  - Visit page ''https://is.muni.cz/dok/depository_in?lang=en;vybos_vzorek=4085'' and follow instructions how to upload the file (no authentication required, just drop the files). Alternatively, send email to Petr Svenda <svenda@fi.muni.cz> with file ''algtest_result_xxx.zip'' attached. +  - Visit page ''https://is.muni.cz/dok/depository_in?lang=en;vybos_vzorek=4085'' and follow instructions how to upload the file (no authentication required, just drop the files). Alternatively, send email to Petr Svenda <tpm.crocs@gmail.com> with file ''algtest_result_xxx.zip'' attached. 
  
  
 <TEXT align="center"> <TEXT align="center">
 <button type="success" icon="fa fa-fw fa-upload">[[https://is.muni.cz/dok/depository_in?lang=en;vybos_vzorek=4085|Upload collected data here]]</button>\_ <button type="success" icon="fa fa-fw fa-upload">[[https://is.muni.cz/dok/depository_in?lang=en;vybos_vzorek=4085|Upload collected data here]]</button>\_
-or send data by email to %%<%%<svenda@fi.muni.cz>%%>%%.+or send data by email to %%<%%<tpm.crocs@gmail.com>%%>%%.
 </TEXT> </TEXT>
  
Line 89: Line 93:
 <TEXT size="large" align="center">You are now all good and helped research – **Thank you a LOT!**</TEXT> <TEXT size="large" align="center">You are now all good and helped research – **Thank you a LOT!**</TEXT>
  
 +</panel>
 +
 +<panel type="info" title="Troubleshooting ">
 +
 +<text type="muted"></text>
 +
 +=== Issue: Solutions below does not solve the problem ===
 +**Solution:** If you have any issue which solutions below will not help with, please notify us at <tpm.crocs@gmail.com>.
 +
 +=== Issue: The bootable image cannot be downloaded ===
 +**Solution:** Download from the secondary backup location. Please notify us at tpm.crocs@gmail.com. 
 +
 +----
 +
 +=== Issue: The live Fedora system will not start to boot ===
 +**Solution:** Go to BIOS (press F1, F8, F12, Enter or special button depending on your computer), select alternative boot device (USB you flashed) and continue 
 +
 +----
 +
 +=== Issue: The live Fedora system will stop with error during boot ===
 +**Solution:** Try to change USB slot used to insert bootable USB disk, try to put device into stable position to prevent interruption of communication to USB disk 
 +
 +----
 +
 +=== Issue: The TPM data collection will start, but finish very quickly (less than 10 seconds) with error 'Cannot collect TPM 2.0 info. Your TPM may probably be disabled in BIOS or you do not have a TPM 2.0.'===
 +
 +**Solution 1:** Restart your computer, enter BIOS (press F1, F8, F12, Enter or special button right), enable option named as 'TPM chip', 'Security chip' or similar. Then try to boot from USB again. 
 +
 +**Solution 2:** Try to update your BIOS if possible (older BIOSes are known to have incompatibility with some TPM chips under Linux). Then restart and boot from USB again. 
 +
 +Please submit the results even if the error persists.
 +
 +----
 +=== Issue: I want to see the source code and build live image myself ===
 +**Solution:** You are more than welcome, please visit https://github.com/danzatt/tpm2_algtest_live for live image builder repository and https://github.com/danzatt/tpm2-algtest (collection tool itself).
 +
 +----
  
 </panel> </panel>
 +
 ======= Research details ======= ======= Research details =======
  
Line 105: Line 147:
  
 **Data we collect:** **Data we collect:**
-  * Device vendor and type (e.g., ''Lenovo ThinkBook 15'').+  * Device vendortype (e.g., ''Lenovo ThinkBook 15''and BIOS version.
   * TPM vendor, firmware version (e.g., ''Intel 401.1.0.0'') and TPM version-related information.   * TPM vendor, firmware version (e.g., ''Intel 401.1.0.0'') and TPM version-related information.
   * TPM metadata (''TPM_PT_xxx'' properties like ''TPM_PT_REVISION'', ''TPM_PT_MANUFACTURER'' or ''TPM_PT_PCR_COUNT'' – see file ''Quicktest_properties-fixed.txt'' and ''Quicktest_properties-variable.txt'' for full list).   * TPM metadata (''TPM_PT_xxx'' properties like ''TPM_PT_REVISION'', ''TPM_PT_MANUFACTURER'' or ''TPM_PT_PCR_COUNT'' – see file ''Quicktest_properties-fixed.txt'' and ''Quicktest_properties-variable.txt'' for full list).