tpm2_protocol/tpm2sh

tpm2_protocol/tpm2sh

[Jarkko Sakkinen]

Hi,

Crates for 0.5.4:

https://crates.io/crates/tpm2_protocol
https://crates.io/crates/tpm2sh

As I said earlier tpm2_protocol is no_std, zero 3rd party dependence
crate that does not require a memory allocator, and its first priority
driver for design choices has been Linux kernel. However, given the
design, it could even power the actual chip itself orchestrated by a
microcontroller.

It's unipolar TPM 2.0 protocol implementation, which can power anything
from to actual chips given ability to build and parse both commands and
responsese.

This mean in English that if you take e.g., a command byte stream, parse
it and feed that to the builder you will get the exact same bytestream.
The same principle applies responses.

For upcoming release the rest of the work is basically just populate
rest of the TCG spec, which is easy given the declarative domain
language designed with `macro_rules!` construct.

"A demo video":

https://social.kernel.org/notice/Ax9FRqKTBL69UYMIW8

Some things we could do given someone has some driver to do so, which
we could not realistically do with the pre-existing C driver:

1. Super high-granularity configurable resource manager (perhaps with
   eBPF filtering)
2. Kernel driven vTPMs (as it is bidirectional).
3. Perhaps even offer vTPM implementations also for CoC VMs.
4. Not in kernel necessarily but if you have a keystore/crypto product
   you can use it for building interoperability layer.
5. Given extremely sophisticated building/parsing capabilities,
   implementing e.g., a tailord remote attestation server becomes super
   easy, given that server can use it (w/o TPM ofc) to to carve the data it
   wants from the protocol shenanigans.

Can rarely say this but it's the first ever unipolar and across the
board role agnostic TPM2 protocol implementation - first of its kind
:-)

BR, Jarkko

Re: tpm2_protocol/tpm2sh

[Jarkko Sakkinen]

On Thu, Aug 14, 2025 at 07:21:15AM +0300, Jarkko Sakkinen wrote:
> Hi,
> 
> Crates for 0.5.4:
> 
> https://crates.io/crates/tpm2_protocol
> https://crates.io/crates/tpm2sh
> 
> As I said earlier tpm2_protocol is no_std, zero 3rd party dependence
> crate that does not require a memory allocator, and its first priority
> driver for design choices has been Linux kernel. However, given the
> design, it could even power the actual chip itself orchestrated by a
> microcontroller.
> 
> It's unipolar TPM 2.0 protocol implementation, which can power anything
> from to actual chips given ability to build and parse both commands and
> responsese.
> 
> This mean in English that if you take e.g., a command byte stream, parse
> it and feed that to the builder you will get the exact same bytestream.
> The same principle applies responses.
> 
> For upcoming release the rest of the work is basically just populate
> rest of the TCG spec, which is easy given the declarative domain
> language designed with `macro_rules!` construct.
> 
> "A demo video":
> 
> https://social.kernel.org/notice/Ax9FRqKTBL69UYMIW8
> 
> Some things we could do given someone has some driver to do so, which
> we could not realistically do with the pre-existing C driver:
> 
> 1. Super high-granularity configurable resource manager (perhaps with
>    eBPF filtering)
> 2. Kernel driven vTPMs (as it is bidirectional).
> 3. Perhaps even offer vTPM implementations also for CoC VMs.
> 4. Not in kernel necessarily but if you have a keystore/crypto product
>    you can use it for building interoperability layer.
> 5. Given extremely sophisticated building/parsing capabilities,
>    implementing e.g., a tailord remote attestation server becomes super
>    easy, given that server can use it (w/o TPM ofc) to to carve the data it
>    wants from the protocol shenanigans.
> 
> Can rarely say this but it's the first ever unipolar and across the
> board role agnostic TPM2 protocol implementation - first of its kind
> :-)

****

BR, Jarkko