接前一篇文章《TPM零知识学习九 —— tpm全安装流程复盘（上）》，链接为：

TPM零知识学习九 —— tpm全安装流程复盘_蓝天居士的博客-CSDN博客

四、tpm2-abrmd安装全流程

1. TPM文件夹下创建abrmd文件夹

penghao@Ding-Perlis-MP260S48:~/TPM$ mkdir abrmd
penghao@Ding-Perlis-MP260S48:~/TPM$ ls
abrmd  dependencies  ibmtpm  tss

2. 进入abrmd文件夹

penghao@Ding-Perlis-MP260S48:~/TPM$ cd abrmd/
penghao@Ding-Perlis-MP260S48:~/TPM/abrmd$ 

3. 下载tpm2-abrmd源码

运行以下命令下载tpm2-abrmd源码：

git clone https://github.com/tpm2-software/tpm2-abrmd.git

实际命令及结果如下：

penghao@Ding-Perlis-MP260S48:~/TPM/abrmd$ git clone https://github.com/tpm2-software/tpm2-abrmd.git
正克隆到 'tpm2-abrmd'...
remote: Enumerating objects: 7493, done.
remote: Counting objects: 100% (320/320), done.
remote: Compressing objects: 100% (154/154), done.
remote: Total 7493 (delta 155), reused 283 (delta 150), pack-reused 7173
接收对象中: 100% (7493/7493), 2.23 MiB | 48.00 KiB/s, 完成.
处理 delta 中: 100% (5732/5732), 完成.

查看下载内容：

penghao@Ding-Perlis-MP260S48:~/TPM/abrmd$ ls
tpm2-abrmd

4. 源码目录结构

tpm2-abrmd源码完整目录结构如下所示：

penghao@Ding-Perlis-MP260S48:~/TPM/abrmd$ tree
.
└── tpm2-abrmd├── bootstrap├── CHANGELOG.md├── CODE_OF_CONDUCT.md├── configure.ac├── CONTRIBUTING.md├── coverity│   └── coverity-model.c├── dist│   ├── com.intel.tss2.Tabrmd.service│   ├── tpm2-abrmd.conf│   ├── tpm2-abrmd.preset.in│   ├── tpm2-abrmd.service.in│   └── tss2-tcti-tabrmd.pc.in├── doc│   ├── coding_standard_c.md│   └── reference-counting.txt├── INSTALL.md├── LICENSE├── m4│   └── flags.m4├── MAINTAINERS├── Makefile.am├── man│   ├── colophon.in│   ├── tpm2-abrmd.8.in│   ├── tss2-tcti-tabrmd.7.in│   └── Tss2_Tcti_Tabrmd_Init.3.in├── README.md├── RELEASE.md├── scripts│   ├── int-test-funcs.sh│   ├── int-test-setup.sh│   └── unit-count.sh├── SECURITY.md├── selinux│   ├── tabrmd.fc│   ├── tabrmd.if│   └── tabrmd.te├── src│   ├── command-attrs.c│   ├── command-attrs.h│   ├── command-source.c│   ├── command-source.h│   ├── connection.c│   ├── connection.h│   ├── connection-manager.c│   ├── connection-manager.h│   ├── control-message.c│   ├── control-message.h│   ├── handle-map.c│   ├── handle-map-entry.c│   ├── handle-map-entry.h│   ├── handle-map.h│   ├── include│   │   └── tss2-tcti-tabrmd.h│   ├── ipc-frontend.c│   ├── ipc-frontend-dbus.c│   ├── ipc-frontend-dbus.h│   ├── ipc-frontend.h│   ├── logging.c│   ├── logging.h│   ├── message-queue.c│   ├── message-queue.h│   ├── random.c│   ├── random.h│   ├── resource-manager.c│   ├── resource-manager.h│   ├── resource-manager-session.c│   ├── resource-manager-session.h│   ├── response-sink.c│   ├── response-sink.h│   ├── session-entry.c│   ├── session-entry.h│   ├── session-entry-state-enum.c│   ├── session-entry-state-enum.h│   ├── session-list.c│   ├── session-list.h│   ├── sink-interface.c│   ├── sink-interface.h│   ├── source-interface.c│   ├── source-interface.h│   ├── tabrmd.c│   ├── tabrmd-defaults.h│   ├── tabrmd-error.c│   ├── tabrmd.h│   ├── tabrmd-init.c│   ├── tabrmd-init.h│   ├── tabrmd-options.c│   ├── tabrmd-options.h│   ├── tabrmd.xml│   ├── tcti.c│   ├── tcti.h│   ├── tcti-tabrmd.c│   ├── tcti-tabrmd.map│   ├── tcti-tabrmd-priv.h│   ├── thread.c│   ├── thread.h│   ├── tpm2.c│   ├── tpm2-command.c│   ├── tpm2-command.h│   ├── tpm2.h│   ├── tpm2-header.c│   ├── tpm2-header.h│   ├── tpm2-response.c│   ├── tpm2-response.h│   ├── util.c│   └── util.h└── test├── command-attrs_unit.c├── command-source_unit.c├── connection-manager_unit.c├── connection_unit.c├── handle-map-entry_unit.c├── handle-map_unit.c├── integration│   ├── auth-session-max.int.c│   ├── auth-session-start-flush.int.c│   ├── auth-session-start-save.int.c│   ├── auth-session-start-save-load.int.c│   ├── common.c│   ├── common.h│   ├── context-util.c│   ├── context-util.h│   ├── get-capability-handles-transient.int.c│   ├── get-capability-with-session.int.c│   ├── hash-sequence.int.c│   ├── main.c│   ├── manage-transient-keys.int.c│   ├── max-transient-upperbound.int.c│   ├── not-enough-handles-for-command.int.c│   ├── password-authorization.int.c│   ├── session-gap.int.c│   ├── session-load-from-closed-connection.int.c│   ├── session-load-from-closed-connections-lru.int.c│   ├── session-load-from-open-connection.int.c│   ├── start-auth-session.int.c│   ├── tcti-cancel.int.c│   ├── tcti-connections-max.int.c│   ├── tcti-connect-multiple.int.c│   ├── tcti-double-finalize.int.c│   ├── tcti-set-locality.int.c│   ├── test.h│   ├── test-options.c│   ├── test-options.h│   ├── tpm2-command-flush-no-handle.int.c│   ├── tpm2-struct-init.h│   └── util-buf-max-upper-bound.int.c├── ipc-frontend-dbus_unit.c├── ipc-frontend_unit.c├── logging_unit.c├── message-queue_unit.c├── mock-funcs.c├── mock-funcs.h├── mock-io-stream.c├── mock-io-stream.h├── random_unit.c├── resource-manager_unit.c├── response-sink_unit.c├── session-entry_unit.c├── session-list_unit.c├── tabrmd-init_unit.c├── tabrmd-options_unit.c├── tab_unit.c├── tcti-factory_unit.c├── tcti-mock.c├── tcti-mock.h├── tcti-tabrmd-receive_unit.c├── tcti_unit.c├── test-skeleton_unit.c├── thread_unit.c├── tpm2-command_unit.c├── tpm2-response_unit.c├── tpm2_unit.c├── tss2-tcti-tabrmd_unit.c└── util_unit.c12 directories, 164 files

5. 进入源码目录

penghao@Ding-Perlis-MP260S48:~/TPM/abrmd$ cd tpm2-abrmd/
penghao@Ding-Perlis-MP260S48:~/TPM/abrmd/tpm2-abrmd$

6. 构建——引导

运行bootstrap命令进行引导。命令及结果如下所示：

penghao@Ding-Perlis-MP260S48:~/TPM/abrmd/tpm2-abrmd$ ./bootstrap 
aclocal: installing 'm4/ax_ac_append_to_file.m4' from '/usr/share/aclocal/ax_ac_append_to_file.m4'
aclocal: installing 'm4/ax_ac_print_to_file.m4' from '/usr/share/aclocal/ax_ac_print_to_file.m4'
aclocal: installing 'm4/ax_add_am_macro_static.m4' from '/usr/share/aclocal/ax_add_am_macro_static.m4'
aclocal: installing 'm4/ax_add_fortify_source.m4' from '/usr/share/aclocal/ax_add_fortify_source.m4'
aclocal: installing 'm4/ax_am_macros_static.m4' from '/usr/share/aclocal/ax_am_macros_static.m4'
aclocal: installing 'm4/ax_check_compile_flag.m4' from '/usr/share/aclocal/ax_check_compile_flag.m4'
aclocal: installing 'm4/ax_check_enable_debug.m4' from '/usr/share/aclocal/ax_check_enable_debug.m4'
aclocal: installing 'm4/ax_check_link_flag.m4' from '/usr/share/aclocal/ax_check_link_flag.m4'
aclocal: installing 'm4/ax_code_coverage.m4' from '/usr/share/aclocal/ax_code_coverage.m4'
aclocal: installing 'm4/ax_file_escapes.m4' from '/usr/share/aclocal/ax_file_escapes.m4'
aclocal: installing 'm4/ax_is_release.m4' from '/usr/share/aclocal/ax_is_release.m4'
aclocal: installing 'm4/ax_normalize_path.m4' from '/usr/share/aclocal/ax_normalize_path.m4'
aclocal: installing 'm4/ax_pthread.m4' from '/usr/share/aclocal/ax_pthread.m4'
aclocal: installing 'm4/ax_recursive_eval.m4' from '/usr/share/aclocal/ax_recursive_eval.m4'
aclocal: installing 'm4/libtool.m4' from '/usr/share/aclocal/libtool.m4'
aclocal: installing 'm4/ltoptions.m4' from '/usr/share/aclocal/ltoptions.m4'
aclocal: installing 'm4/ltsugar.m4' from '/usr/share/aclocal/ltsugar.m4'
aclocal: installing 'm4/ltversion.m4' from '/usr/share/aclocal/ltversion.m4'
aclocal: installing 'm4/lt~obsolete.m4' from '/usr/share/aclocal/lt~obsolete.m4'
aclocal: installing 'm4/pkg.m4' from '/usr/share/aclocal/pkg.m4'
libtoolize: putting auxiliary files in '.'.
libtoolize: linking file './ltmain.sh'
configure.ac:27: warning: $as_echo is obsolete; use AS_ECHO(["message"]) instead
lib/m4sugar/m4sh.m4:692: _AS_IF_ELSE is expanded from...
lib/m4sugar/m4sh.m4:699: AS_IF is expanded from...
./lib/autoconf/general.m4:2249: AC_CACHE_VAL is expanded from...
./lib/autoconf/general.m4:2270: AC_CACHE_CHECK is expanded from...
m4/ax_pthread.m4:88: AX_PTHREAD is expanded from...
configure.ac:27: the top level
configure.ac:10: installing './compile'
configure.ac:13: installing './config.guess'
configure.ac:13: installing './config.sub'
configure.ac:15: installing './install-sh'
configure.ac:15: installing './missing'
Makefile.am: installing './depcomp'
parallel-tests: installing './test-driver'

7. 构建——配置

运行configure命令（不带参数）进行配置。命令及结果如下所示：

penghao@Ding-Perlis-MP260S48:~/TPM/abrmd/tpm2-abrmd$ ./configure 
checking whether to enable debugging... info
checking for gcc... gcc
checking whether the C compiler works... yes
checking for C compiler default output file name... a.out
checking for suffix of executables... 
checking whether we are cross compiling... no
checking for suffix of object files... o
checking whether the compiler supports GNU C... yes
checking whether gcc accepts -g... yes
checking for gcc option to enable C11 features... none needed
checking whether gcc understands -c and -o together... yes
checking whether ln -s works... yes
checking for stdio.h... yes
checking for stdlib.h... yes
checking for string.h... yes
checking for inttypes.h... yes
checking for stdint.h... yes
checking for strings.h... yes
checking for sys/stat.h... yes
checking for sys/types.h... yes
checking for unistd.h... yes
checking for wchar.h... yes
checking for minix/config.h... no
checking whether it is safe to define __EXTENSIONS__... yes
checking whether _XOPEN_SOURCE should be defined... no
checking build system type... x86_64-pc-linux-gnu
checking host system type... x86_64-pc-linux-gnu
checking how to print strings... printf
checking for a sed that does not truncate output... /usr/bin/sed
checking for grep that handles long lines and -e... /usr/bin/grep
checking for egrep... /usr/bin/grep -E
checking for fgrep... /usr/bin/grep -F
checking for ld used by gcc... /usr/bin/ld
checking if the linker (/usr/bin/ld) is GNU ld... yes
checking for BSD- or MS-compatible name lister (nm)... /usr/bin/nm -B
checking the name lister (/usr/bin/nm -B) interface... BSD nm
checking the maximum length of command line arguments... 1572864
checking how to convert x86_64-pc-linux-gnu file names to x86_64-pc-linux-gnu format... func_convert_file_noop
checking how to convert x86_64-pc-linux-gnu file names to toolchain format... func_convert_file_noop
checking for /usr/bin/ld option to reload object files... -r
checking for file... file
checking for objdump... objdump
checking how to recognize dependent libraries... pass_all
checking for dlltool... no
checking how to associate runtime and link libraries... printf %s\n
checking for ar... ar
checking for archiver @FILE support... @
checking for strip... strip
checking for ranlib... ranlib
checking for gawk... gawk
checking command to parse /usr/bin/nm -B output from gcc object... ok
checking for sysroot... no
checking for a working dd... /usr/bin/dd
checking how to truncate binary pipes... /usr/bin/dd bs=4096 count=1
file: could not find any valid magic files! (No such file or directory)
checking for mt... mt
checking if mt is a manifest tool... no
checking for dlfcn.h... yes
checking for objdir... .libs
checking if gcc supports -fno-rtti -fno-exceptions... no
checking for gcc option to produce PIC... -fPIC -DPIC
checking if gcc PIC flag -fPIC -DPIC works... yes
checking if gcc static flag -static works... yes
checking if gcc supports -c -o file.o... yes
checking if gcc supports -c -o file.o... (cached) yes
checking whether the gcc linker (/usr/bin/ld) supports shared libraries... yes
checking whether -lc should be explicitly linked in... no
checking dynamic linker characteristics... GNU/Linux ld.so
checking how to hardcode library paths into programs... immediate
checking whether stripping libraries is possible... yes
checking if libtool supports shared libraries... yes
checking whether to build shared libraries... yes
checking whether to build static libraries... yes
checking for a BSD-compatible install... /usr/bin/install -c
checking whether build environment is sane... yes
checking for a race-free mkdir -p... /usr/bin/mkdir -p
checking whether make sets $(MAKE)... yes
checking whether make supports the include directive... yes (GNU style)
checking whether make supports nested variables... yes
checking dependency style of gcc... gcc3
checking whether make supports nested variables... (cached) yes
checking how to run the C preprocessor... gcc -E
checking whether gcc is Clang... no
checking whether pthreads work with -pthread... yes
checking for joinable pthread attribute... PTHREAD_CREATE_JOINABLE
checking whether more special flags are required for pthreads... no
checking for PTHREAD_PRIO_INHERIT... yes
checking for pkg-config... /usr/bin/pkg-config
checking pkg-config is at least version 0.9.0... yes
checking for library containing dlopen... none required
checking for gio-unix-2.0... yes
checking for glib-2.0... yes
checking for gobject-2.0... yes
checking for tss2-sys >= 2.4.0... yes
checking for tss2-mu... yes
checking for tss2-tctildr... yes
checking for tss2-rc... yes
checking for gdbus-codegen... gdbus-codegen
checking whether to build with code coverage support... no
checking whether C compiler accepts -Wall... yes
checking whether C compiler accepts -Wextra... yes
checking whether C compiler accepts -Werror... yes
checking whether C compiler accepts -std=gnu99... yes
checking whether C compiler accepts -Wformat... yes
checking whether C compiler accepts -Wformat-security... yes
checking whether C compiler accepts -Wno-missing-braces... yes
checking whether C compiler accepts -fdata-sections... yes
checking whether C compiler accepts -ffunction-sections... yes
checking whether the linker accepts -fstack-protector-all... yes
checking whether C compiler accepts -fpic... yes
checking whether C compiler accepts -fPIC... yes
checking whether C compiler accepts -Wstrict-overflow=5... yes
checking whether the linker accepts -Wl,--gc-sections... yes
checking whether the linker accepts -Wl,--no-undefined... yes
checking whether the linker accepts -Wl,-z,noexecstack... yes
checking whether the linker accepts -Wl,-z,now... yes
checking whether the linker accepts -Wl,-z,relro... yes
checking that generated files are newer than configure... done
configure: creating ./config.status
config.status: creating Makefile
config.status: creating dist/tss2-tcti-tabrmd.pc
config.status: creating dist/tpm2-abrmd.service
config.status: creating dist/tpm2-abrmd.preset
config.status: executing libtool commands
config.status: executing depfiles commands

运行configure命令（带参数）进行配置。命令及结果如下所示：

penghao@Ding-Perlis-MP260S48:~/TPM/abrmd/tpm2-abrmd$ ./configure --with-dbuspolicydir=/etc/dbus-1/system.d --with-systemdsystemunitdir=/lib/systemd/system
checking whether to enable debugging... info
checking for gcc... gcc
checking whether the C compiler works... yes
checking for C compiler default output file name... a.out
checking for suffix of executables... 
checking whether we are cross compiling... no
checking for suffix of object files... o
checking whether the compiler supports GNU C... yes
checking whether gcc accepts -g... yes
checking for gcc option to enable C11 features... none needed
checking whether gcc understands -c and -o together... yes
checking whether ln -s works... yes
checking for stdio.h... yes
checking for stdlib.h... yes
checking for string.h... yes
checking for inttypes.h... yes
checking for stdint.h... yes
checking for strings.h... yes
checking for sys/stat.h... yes
checking for sys/types.h... yes
checking for unistd.h... yes
checking for wchar.h... yes
checking for minix/config.h... no
checking whether it is safe to define __EXTENSIONS__... yes
checking whether _XOPEN_SOURCE should be defined... no
checking build system type... x86_64-pc-linux-gnu
checking host system type... x86_64-pc-linux-gnu
checking how to print strings... printf
checking for a sed that does not truncate output... /usr/bin/sed
checking for grep that handles long lines and -e... /usr/bin/grep
checking for egrep... /usr/bin/grep -E
checking for fgrep... /usr/bin/grep -F
checking for ld used by gcc... /usr/bin/ld
checking if the linker (/usr/bin/ld) is GNU ld... yes
checking for BSD- or MS-compatible name lister (nm)... /usr/bin/nm -B
checking the name lister (/usr/bin/nm -B) interface... BSD nm
checking the maximum length of command line arguments... 1572864
checking how to convert x86_64-pc-linux-gnu file names to x86_64-pc-linux-gnu format... func_convert_file_noop
checking how to convert x86_64-pc-linux-gnu file names to toolchain format... func_convert_file_noop
checking for /usr/bin/ld option to reload object files... -r
checking for file... file
checking for objdump... objdump
checking how to recognize dependent libraries... pass_all
checking for dlltool... no
checking how to associate runtime and link libraries... printf %s\n
checking for ar... ar
checking for archiver @FILE support... @
checking for strip... strip
checking for ranlib... ranlib
checking for gawk... gawk
checking command to parse /usr/bin/nm -B output from gcc object... ok
checking for sysroot... no
checking for a working dd... /usr/bin/dd
checking how to truncate binary pipes... /usr/bin/dd bs=4096 count=1
file: could not find any valid magic files! (No such file or directory)
checking for mt... mt
checking if mt is a manifest tool... no
checking for dlfcn.h... yes
checking for objdir... .libs
checking if gcc supports -fno-rtti -fno-exceptions... no
checking for gcc option to produce PIC... -fPIC -DPIC
checking if gcc PIC flag -fPIC -DPIC works... yes
checking if gcc static flag -static works... yes
checking if gcc supports -c -o file.o... yes
checking if gcc supports -c -o file.o... (cached) yes
checking whether the gcc linker (/usr/bin/ld) supports shared libraries... yes
checking whether -lc should be explicitly linked in... no
checking dynamic linker characteristics... GNU/Linux ld.so
checking how to hardcode library paths into programs... immediate
checking whether stripping libraries is possible... yes
checking if libtool supports shared libraries... yes
checking whether to build shared libraries... yes
checking whether to build static libraries... yes
checking for a BSD-compatible install... /usr/bin/install -c
checking whether build environment is sane... yes
checking for a race-free mkdir -p... /usr/bin/mkdir -p
checking whether make sets $(MAKE)... yes
checking whether make supports the include directive... yes (GNU style)
checking whether make supports nested variables... yes
checking dependency style of gcc... gcc3
checking whether make supports nested variables... (cached) yes
checking how to run the C preprocessor... gcc -E
checking whether gcc is Clang... no
checking whether pthreads work with -pthread... yes
checking for joinable pthread attribute... PTHREAD_CREATE_JOINABLE
checking whether more special flags are required for pthreads... no
checking for PTHREAD_PRIO_INHERIT... yes
checking for pkg-config... /usr/bin/pkg-config
checking pkg-config is at least version 0.9.0... yes
checking for library containing dlopen... none required
checking for gio-unix-2.0... yes
checking for glib-2.0... yes
checking for gobject-2.0... yes
checking for tss2-sys >= 2.4.0... yes
checking for tss2-mu... yes
checking for tss2-tctildr... yes
checking for tss2-rc... yes
checking for gdbus-codegen... gdbus-codegen
checking whether to build with code coverage support... no
checking whether C compiler accepts -Wall... yes
checking whether C compiler accepts -Wextra... yes
checking whether C compiler accepts -Werror... yes
checking whether C compiler accepts -std=gnu99... yes
checking whether C compiler accepts -Wformat... yes
checking whether C compiler accepts -Wformat-security... yes
checking whether C compiler accepts -Wno-missing-braces... yes
checking whether C compiler accepts -fdata-sections... yes
checking whether C compiler accepts -ffunction-sections... yes
checking whether the linker accepts -fstack-protector-all... yes
checking whether C compiler accepts -fpic... yes
checking whether C compiler accepts -fPIC... yes
checking whether C compiler accepts -Wstrict-overflow=5... yes
checking whether the linker accepts -Wl,--gc-sections... yes
checking whether the linker accepts -Wl,--no-undefined... yes
checking whether the linker accepts -Wl,-z,noexecstack... yes
checking whether the linker accepts -Wl,-z,now... yes
checking whether the linker accepts -Wl,-z,relro... yes
checking that generated files are newer than configure... done
configure: creating ./config.status
config.status: creating Makefile
config.status: creating dist/tss2-tcti-tabrmd.pc
config.status: creating dist/tpm2-abrmd.service
config.status: creating dist/tpm2-abrmd.preset
config.status: executing libtool commands
config.status: executing depfiles commands

8. 构建——编译

运行make命令进行编译。命令及结果如下所示：

penghao@Ding-Perlis-MP260S48:~/TPM/abrmd/tpm2-abrmd$ makeGEN      src/tabrmd-generated.h
make  all-am
make[1]: 进入目录“/home/penghao/TPM/abrmd/tpm2-abrmd”CC       src/tabrmd.oCC       src/libutil_la-tpm2.loCC       src/libutil_la-command-attrs.loCC       src/libutil_la-command-source.loCC       src/libutil_la-connection.loCC       src/libutil_la-connection-manager.loCC       src/libutil_la-control-message.loCC       src/libutil_la-handle-map-entry.loCC       src/libutil_la-handle-map.loCC       src/libutil_la-ipc-frontend.loCC       src/libutil_la-ipc-frontend-dbus.loCC       src/libutil_la-logging.loCC       src/libutil_la-message-queue.loCC       src/libutil_la-random.loCC       src/libutil_la-resource-manager-session.loCC       src/libutil_la-resource-manager.loCC       src/libutil_la-response-sink.loCC       src/libutil_la-session-entry-state-enum.loCC       src/libutil_la-session-entry.loCC       src/libutil_la-session-list.loCC       src/libutil_la-sink-interface.loCC       src/libutil_la-source-interface.loCC       src/libutil_la-tabrmd-error.loCC       src/libutil_la-tabrmd-generated.loCC       src/libutil_la-tabrmd-init.loCC       src/libutil_la-tabrmd-options.loCC       src/libutil_la-tcti.loCC       src/libutil_la-thread.loCC       src/libutil_la-tpm2-command.loCC       src/libutil_la-tpm2-header.loCC       src/libutil_la-tpm2-response.loCC       src/libutil_la-util.loCCLD     src/libutil.laCCLD     src/tpm2-abrmdCC       src/tcti-tabrmd.loCCLD     src/libtss2-tcti-tabrmd.laGEN      man/man3/Tss2_Tcti_Tabrmd_Init.3GEN      man/man3/Tss2_Tcti_Tabrmd_Init.3GEN      man/man7/tss2-tcti-tabrmd.7GEN      man/man7/tss2-tcti-tabrmd.7GEN      man/man8/tpm2-abrmd.8GEN      man/man8/tpm2-abrmd.8
make[1]: 离开目录“/home/penghao/TPM/abrmd/tpm2-abrmd”

9. 安装

运行make install命令进行安装。命令及结果如下所示：

penghao@Ding-Perlis-MP260S48:~/TPM/abrmd/tpm2-abrmd$ sudo make install
[sudo] penghao 的密码：make  install-am
make[1]: 进入目录“/home/penghao/TPM/abrmd/tpm2-abrmd”
make[2]: 进入目录“/home/penghao/TPM/abrmd/tpm2-abrmd”/usr/bin/mkdir -p '/usr/local/lib'/bin/sh ./libtool   --mode=install /usr/bin/install -c   src/libtss2-tcti-tabrmd.la '/usr/local/lib'
libtool: install: /usr/bin/install -c src/.libs/libtss2-tcti-tabrmd.so.0.0.0 /usr/local/lib/libtss2-tcti-tabrmd.so.0.0.0
libtool: install: (cd /usr/local/lib && { ln -s -f libtss2-tcti-tabrmd.so.0.0.0 libtss2-tcti-tabrmd.so.0 || { rm -f libtss2-tcti-tabrmd.so.0 && ln -s libtss2-tcti-tabrmd.so.0.0.0 libtss2-tcti-tabrmd.so.0; }; })
libtool: install: (cd /usr/local/lib && { ln -s -f libtss2-tcti-tabrmd.so.0.0.0 libtss2-tcti-tabrmd.so || { rm -f libtss2-tcti-tabrmd.so && ln -s libtss2-tcti-tabrmd.so.0.0.0 libtss2-tcti-tabrmd.so; }; })
libtool: install: /usr/bin/install -c src/.libs/libtss2-tcti-tabrmd.lai /usr/local/lib/libtss2-tcti-tabrmd.la
libtool: install: /usr/bin/install -c src/.libs/libtss2-tcti-tabrmd.a /usr/local/lib/libtss2-tcti-tabrmd.a
libtool: install: chmod 644 /usr/local/lib/libtss2-tcti-tabrmd.a
libtool: install: ranlib /usr/local/lib/libtss2-tcti-tabrmd.a
libtool: finish: PATH="/usr/local/sbin:/usr/local/bin:/usr/bin:/usr/sbin:/usr/jdk/bin:/usr/rustc/bin/:/usr/go/bin:/sbin" ldconfig -n /usr/local/lib
----------------------------------------------------------------------
Libraries have been installed in:/usr/local/libIf you ever happen to want to link against installed libraries
in a given directory, LIBDIR, you must either use libtool, and
specify the full pathname of the library, or use the '-LLIBDIR'
flag during linking and do at least one of the following:- add LIBDIR to the 'LD_LIBRARY_PATH' environment variableduring execution- add LIBDIR to the 'LD_RUN_PATH' environment variableduring linking- use the '-Wl,-rpath -Wl,LIBDIR' linker flag- have your system administrator add LIBDIR to '/etc/ld.so.conf'See any operating system documentation about shared libraries for
more information, such as the ld(1) and ld.so(8) manual pages.
----------------------------------------------------------------------/usr/bin/mkdir -p '/usr/local/sbin'/bin/sh ./libtool   --mode=install /usr/bin/install -c src/tpm2-abrmd '/usr/local/sbin'
libtool: install: /usr/bin/install -c src/tpm2-abrmd /usr/local/sbin/tpm2-abrmd/usr/bin/mkdir -p '/usr/local/etc/dbus-1/system.d'/usr/bin/install -c -m 644 dist/tpm2-abrmd.conf '/usr/local/etc/dbus-1/system.d'/usr/bin/mkdir -p '/usr/local/share/dbus-1/system-services'/usr/bin/install -c -m 644 dist/com.intel.tss2.Tabrmd.service '/usr/local/share/dbus-1/system-services'/usr/bin/mkdir -p '/usr/local/include/tss2'/usr/bin/install -c -m 644 ./src/include/tss2-tcti-tabrmd.h '/usr/local/include/tss2'/usr/bin/mkdir -p '/usr/local/share/man/man3'/usr/bin/install -c -m 644 man/man3/Tss2_Tcti_Tabrmd_Init.3 '/usr/local/share/man/man3'/usr/bin/mkdir -p '/usr/local/share/man/man7'/usr/bin/install -c -m 644 man/man7/tss2-tcti-tabrmd.7 '/usr/local/share/man/man7'/usr/bin/mkdir -p '/usr/local/share/man/man8'/usr/bin/install -c -m 644 man/man8/tpm2-abrmd.8 '/usr/local/share/man/man8'/usr/bin/mkdir -p '/usr/local/lib/pkgconfig'/usr/bin/install -c -m 644 dist/tss2-tcti-tabrmd.pc '/usr/local/lib/pkgconfig'/usr/bin/mkdir -p '/usr/local/lib/systemd/system-preset'/usr/bin/install -c -m 644 dist/tpm2-abrmd.preset '/usr/local/lib/systemd/system-preset'/usr/bin/mkdir -p '/usr/local/lib/systemd/system'/usr/bin/install -c -m 644 dist/tpm2-abrmd.service '/usr/local/lib/systemd/system'
make[2]: 离开目录“/home/penghao/TPM/abrmd/tpm2-abrmd”
make[1]: 离开目录“/home/penghao/TPM/abrmd/tpm2-abrmd”

penghao@Ding-Perlis-MP260S48:~/TPM/abrmd/tpm2-abrmd$ sudo make install
[sudo] penghao 的密码：make  install-am
make[1]: 进入目录“/home/penghao/TPM/abrmd/tpm2-abrmd”
make[2]: 进入目录“/home/penghao/TPM/abrmd/tpm2-abrmd”/usr/bin/mkdir -p '/usr/local/lib'/bin/sh ./libtool   --mode=install /usr/bin/install -c   src/libtss2-tcti-tabrmd.la '/usr/local/lib'
libtool: install: /usr/bin/install -c src/.libs/libtss2-tcti-tabrmd.so.0.0.0 /usr/local/lib/libtss2-tcti-tabrmd.so.0.0.0
libtool: install: (cd /usr/local/lib && { ln -s -f libtss2-tcti-tabrmd.so.0.0.0 libtss2-tcti-tabrmd.so.0 || { rm -f libtss2-tcti-tabrmd.so.0 && ln -s libtss2-tcti-tabrmd.so.0.0.0 libtss2-tcti-tabrmd.so.0; }; })
libtool: install: (cd /usr/local/lib && { ln -s -f libtss2-tcti-tabrmd.so.0.0.0 libtss2-tcti-tabrmd.so || { rm -f libtss2-tcti-tabrmd.so && ln -s libtss2-tcti-tabrmd.so.0.0.0 libtss2-tcti-tabrmd.so; }; })
libtool: install: /usr/bin/install -c src/.libs/libtss2-tcti-tabrmd.lai /usr/local/lib/libtss2-tcti-tabrmd.la
libtool: install: /usr/bin/install -c src/.libs/libtss2-tcti-tabrmd.a /usr/local/lib/libtss2-tcti-tabrmd.a
libtool: install: chmod 644 /usr/local/lib/libtss2-tcti-tabrmd.a
libtool: install: ranlib /usr/local/lib/libtss2-tcti-tabrmd.a
libtool: finish: PATH="/usr/local/sbin:/usr/local/bin:/usr/bin:/usr/sbin:/usr/jdk/bin:/usr/rustc/bin/:/usr/go/bin:/sbin" ldconfig -n /usr/local/lib
----------------------------------------------------------------------
Libraries have been installed in:/usr/local/libIf you ever happen to want to link against installed libraries
in a given directory, LIBDIR, you must either use libtool, and
specify the full pathname of the library, or use the '-LLIBDIR'
flag during linking and do at least one of the following:- add LIBDIR to the 'LD_LIBRARY_PATH' environment variableduring execution- add LIBDIR to the 'LD_RUN_PATH' environment variableduring linking- use the '-Wl,-rpath -Wl,LIBDIR' linker flag- have your system administrator add LIBDIR to '/etc/ld.so.conf'See any operating system documentation about shared libraries for
more information, such as the ld(1) and ld.so(8) manual pages.
----------------------------------------------------------------------/usr/bin/mkdir -p '/usr/local/sbin'/bin/sh ./libtool   --mode=install /usr/bin/install -c src/tpm2-abrmd '/usr/local/sbin'
libtool: install: /usr/bin/install -c src/tpm2-abrmd /usr/local/sbin/tpm2-abrmd/usr/bin/mkdir -p '/etc/dbus-1/system.d'/usr/bin/install -c -m 644 dist/tpm2-abrmd.conf '/etc/dbus-1/system.d'/usr/bin/mkdir -p '/usr/local/share/dbus-1/system-services'/usr/bin/install -c -m 644 dist/com.intel.tss2.Tabrmd.service '/usr/local/share/dbus-1/system-services'/usr/bin/mkdir -p '/usr/local/include/tss2'/usr/bin/install -c -m 644 ./src/include/tss2-tcti-tabrmd.h '/usr/local/include/tss2'/usr/bin/mkdir -p '/usr/local/share/man/man3'/usr/bin/install -c -m 644 man/man3/Tss2_Tcti_Tabrmd_Init.3 '/usr/local/share/man/man3'/usr/bin/mkdir -p '/usr/local/share/man/man7'/usr/bin/install -c -m 644 man/man7/tss2-tcti-tabrmd.7 '/usr/local/share/man/man7'/usr/bin/mkdir -p '/usr/local/share/man/man8'/usr/bin/install -c -m 644 man/man8/tpm2-abrmd.8 '/usr/local/share/man/man8'/usr/bin/mkdir -p '/usr/local/lib/pkgconfig'/usr/bin/install -c -m 644 dist/tss2-tcti-tabrmd.pc '/usr/local/lib/pkgconfig'/usr/bin/mkdir -p '/usr/local/lib/systemd/system-preset'/usr/bin/install -c -m 644 dist/tpm2-abrmd.preset '/usr/local/lib/systemd/system-preset'/usr/bin/mkdir -p '/lib/systemd/system'/usr/bin/install -c -m 644 dist/tpm2-abrmd.service '/lib/systemd/system'
make[2]: 离开目录“/home/penghao/TPM/abrmd/tpm2-abrmd”
make[1]: 离开目录“/home/penghao/TPM/abrmd/tpm2-abrmd”

10. 配置动态链接

运行ldconfig命令使动态链接库为系统所共享。

penghao@Ding-Perlis-MP260S48:~/TPM/abrmd/tpm2-abrmd$ sudo ldconfig
penghao@Ding-Perlis-MP260S48:~/TPM/abrmd/tpm2-abrmd$ 

11. 添加tpm2-abrmd进入系统服务

penghao@Ding-Perlis-MP260S48:~/TPM/abrmd/tpm2-abrmd$ sudo cp /usr/local/share/dbus-1/system-services/com.intel.tss2.Tabrmd.service /usr/share/dbus-1/system-services/

12. 重启DBus

运行pkill命令重启dbus。

penghao@Ding-Perlis-MP260S48:~/TPM/abrmd/tpm2-abrmd$ sudo pkill -HUP dbus-daemon
penghao@Ding-Perlis-MP260S48:~/TPM/abrmd/tpm2-abrmd$ 

13. 运行测试

运行tpm2_abrmd命令。命令及结果如下所示：

penghao@Ding-Perlis-MP260S48:~$ sudo /usr/local/sbin/tpm2-abrmd --allow-root
[sudo] penghao 的密码：
** (tpm2-abrmd:2140): CRITICAL **: 19:35:39.655: Failed to acquire DBus name com.intel.tss2.Tabrmd. UID 0 must be allowed to "own" this name. Check DBus config and check that this is running as user tss or root.

出现了错误。此问题出自于“7. 构建——配置”中。不应使用默认的configure命令，而是应该带参数--with-dbuspolicydir=/etc/dbus-1/system.d（将tpm2-abrmd声明到系统总线上）和--with-systemdsystemunitdir=/lib/systemd/system（将tpm2-abrmd添加进系统引导）。

重新执行第7步。第7步以后的步骤都再执行一次，步骤内容不变。

五、tpm2-tools安装全流程

1. TPM文件夹下创建tools文件夹

penghao@Ding-Perlis-MP260S48:~/TPM$ mkdir tools
penghao@Ding-Perlis-MP260S48:~/TPM$ ls
abrmd  dependencies  ibmtpm  tools  tss

2. 进入tools文件夹

penghao@Ding-Perlis-MP260S48:~/TPM$ cd tools/
penghao@Ding-Perlis-MP260S48:~/TPM/tools$ 

3. 下载tpm2-tools源码

运行以下命令下载tpm2-tools源码：

git clone https://github.com/tpm2-software/tpm2-tools

实际命令及结果如下：

penghao@Ding-Perlis-MP260S48:~/TPM/tools$ git clone https://github.com/tpm2-software/tpm2-tools
正克隆到 'tpm2-tools'...
remote: Enumerating objects: 30765, done.
remote: Counting objects: 100% (473/473), done.
remote: Compressing objects: 100% (227/227), done.
remote: Total 30765 (delta 279), reused 369 (delta 238), pack-reused 30292
接收对象中: 100% (30765/30765), 9.80 MiB | 1.46 MiB/s, 完成.
处理 delta 中: 100% (24586/24586), 完成.

查看下载内容：

penghao@Ding-Perlis-MP260S48:~/TPM/tools$ ls
tpm2-tools

4. 源码目录结构

tpm2-tools源码完整目录结构如下所示：

penghao@Ding-Perlis-MP260S48:~/TPM/tools$ tree
.
└── tpm2-tools├── bootstrap├── configure.ac├── dist│   └── bash-completion│       └── tpm2-tools│           ├── tpm2_completion.bash│           ├── tss2│           ├── tss2_authorizepolicy│           ├── tss2_changeauth│           ├── tss2_createkey│           ├── tss2_createnv│           ├── tss2_createseal│           ├── tss2_decrypt│           ├── tss2_delete│           ├── tss2_encrypt│           ├── tss2_exportkey│           ├── tss2_exportpolicy│           ├── tss2_getappdata│           ├── tss2_getcertificate│           ├── tss2_getdescription│           ├── tss2_getinfo│           ├── tss2_getplatformcertificates│           ├── tss2_getrandom│           ├── tss2_gettpm2object│           ├── tss2_gettpmblobs│           ├── tss2_import│           ├── tss2_list│           ├── tss2_nvextend│           ├── tss2_nvincrement│           ├── tss2_nvread│           ├── tss2_nvsetbits│           ├── tss2_nvwrite│           ├── tss2_pcrextend│           ├── tss2_pcrread│           ├── tss2_provision│           ├── tss2_quote│           ├── tss2_setappdata│           ├── tss2_setcertificate│           ├── tss2_setdescription│           ├── tss2_sign│           ├── tss2_unseal│           ├── tss2_verifyquote│           ├── tss2_verifysignature│           └── tss2_writeauthorizenv├── docs│   ├── AUTHORS.md│   ├── CHANGELOG.md│   ├── CODE_OF_CONDUCT.md│   ├── CONTRIBUTING.md│   ├── INSTALL.md│   ├── LICENSE│   ├── MAINTAINERS.md│   ├── man -> ../man│   ├── README.md│   ├── RELEASE.md│   └── SECURITY.md├── lib│   ├── efi_event.h│   ├── files.c│   ├── files.h│   ├── log.c│   ├── log.h│   ├── object.c│   ├── object.h│   ├── pcr.c│   ├── pcr.h│   ├── tool_rc.c│   ├── tool_rc.h│   ├── tpm2_alg_util.c│   ├── tpm2_alg_util.h│   ├── tpm2_attr_util.c│   ├── tpm2_attr_util.h│   ├── tpm2_auth_util.c│   ├── tpm2_auth_util.h│   ├── tpm2.c│   ├── tpm2_capability.c│   ├── tpm2_capability.h│   ├── tpm2_cc_util.c│   ├── tpm2_cc_util.h│   ├── tpm2_convert.c│   ├── tpm2_convert.h│   ├── tpm2_ctx_mgmt.c│   ├── tpm2_ctx_mgmt.h│   ├── tpm2_errata.c│   ├── tpm2_errata.h│   ├── tpm2_eventlog.c│   ├── tpm2_eventlog.h│   ├── tpm2_eventlog_yaml.c│   ├── tpm2_eventlog_yaml.h│   ├── tpm2.h│   ├── tpm2_hash.c│   ├── tpm2_hash.h│   ├── tpm2_header.h│   ├── tpm2_hierarchy.c│   ├── tpm2_hierarchy.h│   ├── tpm2_identity_util.c│   ├── tpm2_identity_util.h│   ├── tpm2_kdfa.c│   ├── tpm2_kdfa.h│   ├── tpm2_kdfe.c│   ├── tpm2_kdfe.h│   ├── tpm2_nv_util.h│   ├── tpm2_openssl.c│   ├── tpm2_openssl.h│   ├── tpm2_options.c│   ├── tpm2_options.h│   ├── tpm2_policy.c│   ├── tpm2_policy.h│   ├── tpm2_session.c│   ├── tpm2_session.h│   ├── tpm2_systemdeps.h│   ├── tpm2_tool_output.c│   ├── tpm2_tool_output.h│   ├── tpm2_util.c│   └── tpm2_util.h├── Makefile.am├── man│   ├── common│   │   ├── alg.md│   │   ├── authorizations.md│   │   ├── ctxobj.md│   │   ├── footer.md│   │   ├── hash.md│   │   ├── nv-attrs.md│   │   ├── obj-attrs.md│   │   ├── object-alg.md│   │   ├── options.md│   │   ├── pcr.md│   │   ├── pcrs_format.md│   │   ├── policy-limitations.md│   │   ├── protection-details.md│   │   ├── pubkey.md│   │   ├── returns.md│   │   ├── signature.md│   │   ├── signschemes.md│   │   ├── tcti.md│   │   ├── tss2-fapi-references.md│   │   └── tss2-options.md│   ├── tpm2.1.md│   ├── tpm2_activatecredential.1.md│   ├── tpm2_certify.1.md│   ├── tpm2_certifycreation.1.md│   ├── tpm2_certifyX509certutil.1.md│   ├── tpm2_changeauth.1.md│   ├── tpm2_changeeps.1.md│   ├── tpm2_changepps.1.md│   ├── tpm2_checkquote.1.md│   ├── tpm2_clear.1.md│   ├── tpm2_clearcontrol.1.md│   ├── tpm2_clockrateadjust.1.md│   ├── tpm2_commit.1.md│   ├── tpm2_create.1.md│   ├── tpm2_createak.1.md│   ├── tpm2_createek.1.md│   ├── tpm2_createpolicy.1.md│   ├── tpm2_createprimary.1.md│   ├── tpm2_dictionarylockout.1.md│   ├── tpm2_duplicate.1.md│   ├── tpm2_ecdhkeygen.1.md│   ├── tpm2_ecdhzgen.1.md│   ├── tpm2_ecephemeral.1.md│   ├── tpm2_encodeobject.1.md│   ├── tpm2_encryptdecrypt.1.md│   ├── tpm2_eventlog.1.md│   ├── tpm2_evictcontrol.1.md│   ├── tpm2_flushcontext.1.md│   ├── tpm2_getcap.1.md│   ├── tpm2_getcommandauditdigest.1.md│   ├── tpm2_geteccparameters.1.md│   ├── tpm2_getekcertificate.1.md│   ├── tpm2_getpolicydigest.1.md│   ├── tpm2_getrandom.1.md│   ├── tpm2_getsessionauditdigest.1.md│   ├── tpm2_gettestresult.1.md│   ├── tpm2_gettime.1.md│   ├── tpm2_hash.1.md│   ├── tpm2_hierarchycontrol.1.md│   ├── tpm2_hmac.1.md│   ├── tpm2_import.1.md│   ├── tpm2_incrementalselftest.1.md│   ├── tpm2_load.1.md│   ├── tpm2_loadexternal.1.md│   ├── tpm2_makecredential.1.md│   ├── tpm2_nvcertify.1.md│   ├── tpm2_nvdefine.1.md│   ├── tpm2_nvextend.1.md│   ├── tpm2_nvincrement.1.md│   ├── tpm2_nvread.1.md│   ├── tpm2_nvreadlock.1.md│   ├── tpm2_nvreadpublic.1.md│   ├── tpm2_nvsetbits.1.md│   ├── tpm2_nvundefine.1.md│   ├── tpm2_nvwrite.1.md│   ├── tpm2_nvwritelock.1.md│   ├── tpm2_pcrallocate.1.md│   ├── tpm2_pcrevent.1.md│   ├── tpm2_pcrextend.1.md│   ├── tpm2_pcrread.1.md│   ├── tpm2_pcrreset.1.md│   ├── tpm2_policyauthorize.1.md│   ├── tpm2_policyauthorizenv.1.md│   ├── tpm2_policyauthvalue.1.md│   ├── tpm2_policycommandcode.1.md│   ├── tpm2_policycountertimer.1.md│   ├── tpm2_policycphash.1.md│   ├── tpm2_policyduplicationselect.1.md│   ├── tpm2_policylocality.1.md│   ├── tpm2_policynamehash.1.md│   ├── tpm2_policynv.1.md│   ├── tpm2_policynvwritten.1.md│   ├── tpm2_policyor.1.md│   ├── tpm2_policypassword.1.md│   ├── tpm2_policypcr.1.md│   ├── tpm2_policyrestart.1.md│   ├── tpm2_policysecret.1.md│   ├── tpm2_policysigned.1.md│   ├── tpm2_policytemplate.1.md│   ├── tpm2_policyticket.1.md│   ├── tpm2_print.1.md│   ├── tpm2_quote.1.md│   ├── tpm2_rc_decode.1.md│   ├── tpm2_readclock.1.md│   ├── tpm2_readpublic.1.md│   ├── tpm2_rsadecrypt.1.md│   ├── tpm2_rsaencrypt.1.md│   ├── tpm2_selftest.1.md│   ├── tpm2_send.1.md│   ├── tpm2_sessionconfig.1.md│   ├── tpm2_setclock.1.md│   ├── tpm2_setcommandauditstatus.1.md│   ├── tpm2_setprimarypolicy.1.md│   ├── tpm2_shutdown.1.md│   ├── tpm2_sign.1.md│   ├── tpm2_startauthsession.1.md│   ├── tpm2_startup.1.md│   ├── tpm2_stirrandom.1.md│   ├── tpm2_testparms.1.md│   ├── tpm2_unseal.1.md│   ├── tpm2_verifysignature.1.md│   ├── tpm2_zgen2phase.1.md│   ├── tss2_authorizepolicy.1.md│   ├── tss2_changeauth.1.md│   ├── tss2_createkey.1.md│   ├── tss2_createnv.1.md│   ├── tss2_createseal.1.md│   ├── tss2_decrypt.1.md│   ├── tss2_delete.1.md│   ├── tss2_encrypt.1.md│   ├── tss2_exportkey.1.md│   ├── tss2_exportpolicy.1.md│   ├── tss2_getappdata.1.md│   ├── tss2_getcertificate.1.md│   ├── tss2_getdescription.1.md│   ├── tss2_getinfo.1.md│   ├── tss2_getplatformcertificates.1.md│   ├── tss2_getrandom.1.md│   ├── tss2_gettpm2object.1.md│   ├── tss2_gettpmblobs.1.md│   ├── tss2_import.1.md│   ├── tss2_list.1.md│   ├── tss2_nvextend.1.md│   ├── tss2_nvincrement.1.md│   ├── tss2_nvread.1.md│   ├── tss2_nvsetbits.1.md│   ├── tss2_nvwrite.1.md│   ├── tss2_pcrextend.1.md│   ├── tss2_pcrread.1.md│   ├── tss2_provision.1.md│   ├── tss2_quote.1.md│   ├── tss2_setappdata.1.md│   ├── tss2_setcertificate.1.md│   ├── tss2_setdescription.1.md│   ├── tss2_sign.1.md│   ├── tss2_unseal.1.md│   ├── tss2_verifyquote.1.md│   ├── tss2_verifysignature.1.md│   └── tss2_writeauthorizenv.1.md├── misc│   ├── coding_standard_c.md│   └── formatters│       └── tpm2.0-eclipse-cdt-formatter.xml├── mkdocs.yml├── README.md├── scripts│   └── utils│       ├── check_endorsement_cert.sh│       ├── icert2pem.sh│       ├── icert_ondie_ca.sh│       ├── man_to_bashcompletion.sh│       ├── sm_algorithm_test.sh│       └── tcgRSApub2PemDer.sh├── test│   ├── integration│   │   ├── fapi│   │   │   ├── fapi-authorize-policy.sh│   │   │   ├── fapi-branch-select.sh│   │   │   ├── fapi-encrypt-decrypt.sh│   │   │   ├── fapi-export-key.sh│   │   │   ├── fapi-export-policy.sh│   │   │   ├── fapi-get-info.sh│   │   │   ├── fapi-get-platform-certificates.sh│   │   │   ├── fapi-get-random.sh│   │   │   ├── fapi-gettpm2object.sh│   │   │   ├── fapi-get-tpm-blobs.sh│   │   │   ├── fapi-key-change-auth.sh│   │   │   ├── fapi-list.sh│   │   │   ├── fapi-nv-extend.sh│   │   │   ├── fapi-nv-increment.sh│   │   │   ├── fapi-nv-set-bits.sh│   │   │   ├── fapi-nv-write-authorize.sh│   │   │   ├── fapi-nv-write-read-policy-or2.sh│   │   │   ├── fapi-nv-write-read-policy-or.sh│   │   │   ├── fapi-nv-write-read.sh│   │   │   ├── fapi-pcr-extend-read.sh│   │   │   ├── fapi-policy_signed_delegation.sh│   │   │   ├── fapi-policy_signed.sh│   │   │   ├── fapi-provision.sh│   │   │   ├── fapi-quote-verify.sh│   │   │   ├── fapi-seal-unseal.sh│   │   │   ├── fapi-set-get-app-data.sh│   │   │   ├── fapi-set-get-certificate.sh│   │   │   ├── fapi-set-get-description.sh│   │   │   ├── fapi-sign-verify.sh│   │   │   └── fapi-testing-template.sh│   │   ├── fixtures│   │   │   ├── ek-template-default.bin│   │   │   ├── event-arch-linux.bin│   │   │   ├── event-arch-linux.bin.warn│   │   │   ├── event-arch-linux.bin.yaml│   │   │   ├── event.bin│   │   │   ├── event.bin.yaml│   │   │   ├── event-bootorder.bin│   │   │   ├── event-bootorder.bin.yaml│   │   │   ├── event-gce-ubuntu-2104-log.bin│   │   │   ├── event-gce-ubuntu-2104-log.bin.yaml│   │   │   ├── event-moklisttrusted.bin│   │   │   ├── event-moklisttrusted.bin.yaml│   │   │   ├── event-postcode.bin│   │   │   ├── event-postcode.bin.yaml│   │   │   ├── event-sd-boot-fedora37.bin│   │   │   ├── event-sd-boot-fedora37.bin.yaml│   │   │   ├── event-uefiaction.bin│   │   │   ├── event-uefiaction.bin.yaml│   │   │   ├── event-uefiservices.bin│   │   │   ├── event-uefiservices.bin.yaml│   │   │   ├── event-uefi-sha1-log.bin│   │   │   ├── event-uefi-sha1-log.bin.yaml│   │   │   ├── event-uefivar.bin│   │   │   ├── event-uefivar.bin.yaml│   │   │   ├── get-capability-tpm-prop-fixed.bin│   │   │   ├── specid-vendordata.bin│   │   │   └── specid-vendordata.bin.yaml│   │   ├── helpers.sh│   │   ├── README.md│   │   └── tests│   │       ├── abrmd_extended-sessions.sh│   │       ├── abrmd_nvundefinespecial.sh│   │       ├── abrmd_policyauthorizenv.sh│   │       ├── abrmd_policyauthorize.sh│   │       ├── abrmd_policyauthvalue.sh│   │       ├── abrmd_policycommandcode.sh│   │       ├── abrmd_policycountertimer.sh│   │       ├── abrmd_policycphash.sh│   │       ├── abrmd_policyduplicationselect.sh│   │       ├── abrmd_policynamehash.sh│   │       ├── abrmd_policynv.sh│   │       ├── abrmd_policynvwritten.sh│   │       ├── abrmd_policyor.sh│   │       ├── abrmd_policypassword.sh│   │       ├── abrmd_policypcr.sh│   │       ├── abrmd_policysecret.sh│   │       ├── abrmd_policysigned.sh│   │       ├── abrmd_policytemplate.sh│   │       ├── abrmd_policyticket.sh│   │       ├── activecredential.sh│   │       ├── attestation.sh│   │       ├── certifycreation.sh│   │       ├── certify.sh│   │       ├── changeauth.sh│   │       ├── changeeps.sh│   │       ├── changepps.sh│   │       ├── checkquote.sh│   │       ├── clearcontrol.sh│   │       ├── clear.sh│   │       ├── clockrateadjust.sh│   │       ├── commandaudit.sh│   │       ├── createak.sh│   │       ├── createek.sh│   │       ├── createpolicy.sh│   │       ├── createprimary.sh│   │       ├── create.sh│   │       ├── dictionarylockout.sh│   │       ├── duplicate.sh│   │       ├── ecc.sh│   │       ├── encodeobject.sh│   │       ├── encryptdecrypt.sh│   │       ├── eventlog.sh│   │       ├── evictcontrol.sh│   │       ├── flushcontext.sh│   │       ├── getcap.sh│   │       ├── getekcertificate.sh│   │       ├── getpolicydigest.sh│   │       ├── getrandom.sh│   │       ├── gettestresult.sh│   │       ├── gettime.sh│   │       ├── hash.sh│   │       ├── hierarchycontrol.sh│   │       ├── hmac.sh│   │       ├── import.sh│   │       ├── import_tpm.sh│   │       ├── incrementalselftest.sh│   │       ├── loadexternal.sh│   │       ├── load.sh│   │       ├── makecredential.sh│   │       ├── nvcertify.sh│   │       ├── nvinc.sh│   │       ├── nv.sh│   │       ├── output_formats.sh│   │       ├── pcrallocate.sh│   │       ├── pcrevent.sh│   │       ├── pcrextend.sh│   │       ├── pcrlist.sh│   │       ├── pcrreset.sh│   │       ├── pcrs_format.sh│   │       ├── print.sh│   │       ├── quote.sh│   │       ├── rc_decode.sh│   │       ├── readclock.sh│   │       ├── readpublic.sh│   │       ├── rsadecrypt.sh│   │       ├── rsaencrypt.sh│   │       ├── selftest.sh│   │       ├── send.sh│   │       ├── send-tcti-cmd.sh│   │       ├── sessionaudit.sh│   │       ├── sessionconfig.sh│   │       ├── setclock.sh│   │       ├── setprimarypolicy.sh│   │       ├── sign.sh│   │       ├── startup.sh│   │       ├── stirrandom.sh│   │       ├── symlink.sh│   │       ├── testparms.sh│   │       ├── toggle_options.sh│   │       ├── unseal.sh│   │       ├── verifysignature.sh│   │       └── X509certutil.sh│   ├── scripts│   │   └── echo_tcti.py│   └── unit│       ├── esys_stubs.h│       ├── test_cc_util.c│       ├── test_files.c│       ├── test_object.c│       ├── test_options.c│       ├── test_pcr.c│       ├── test_session_common.h│       ├── test_string_bytes.c│       ├── test_tpm2_alg_util.c│       ├── test_tpm2_attr_util.c│       ├── test_tpm2_auth_util.c│       ├── test_tpm2_errata.c│       ├── test_tpm2_eventlog.c│       ├── test_tpm2_eventlog_yaml.c│       ├── test_tpm2_header.c│       ├── test_tpm2_policy.c│       ├── test_tpm2_session.c│       ├── test_tpm2_util.c│       └── vendor_tests.sh└── tools├── fapi│   ├── tss2_authorizepolicy.c│   ├── tss2_changeauth.c│   ├── tss2_createkey.c│   ├── tss2_createnv.c│   ├── tss2_createseal.c│   ├── tss2_decrypt.c│   ├── tss2_delete.c│   ├── tss2_encrypt.c│   ├── tss2_exportkey.c│   ├── tss2_exportpolicy.c│   ├── tss2_getappdata.c│   ├── tss2_getcertificate.c│   ├── tss2_getdescription.c│   ├── tss2_getinfo.c│   ├── tss2_getplatformcertificates.c│   ├── tss2_getrandom.c│   ├── tss2_gettpm2object.c│   ├── tss2_gettpmblobs.c│   ├── tss2_import.c│   ├── tss2_list.c│   ├── tss2_nvextend.c│   ├── tss2_nvincrement.c│   ├── tss2_nvread.c│   ├── tss2_nvsetbits.c│   ├── tss2_nvwrite.c│   ├── tss2_pcrextend.c│   ├── tss2_pcrread.c│   ├── tss2_provision.c│   ├── tss2_quote.c│   ├── tss2_setappdata.c│   ├── tss2_setcertificate.c│   ├── tss2_setdescription.c│   ├── tss2_sign.c│   ├── tss2_template.c│   ├── tss2_template.h│   ├── tss2_unseal.c│   ├── tss2_verifyquote.c│   ├── tss2_verifysignature.c│   └── tss2_writeauthorizenv.c├── misc│   ├── tpm2_certifyX509certutil.c│   ├── tpm2_checkquote.c│   ├── tpm2_encodeobject.c│   ├── tpm2_eventlog.c│   ├── tpm2_print.c│   └── tpm2_rc_decode.c├── tpm2_activatecredential.c├── tpm2_certify.c├── tpm2_certifycreation.c├── tpm2_changeauth.c├── tpm2_changeeps.c├── tpm2_changepps.c├── tpm2_clear.c├── tpm2_clearcontrol.c├── tpm2_clockrateadjust.c├── tpm2_commit.c├── tpm2_createak.c├── tpm2_create.c├── tpm2_createek.c├── tpm2_createpolicy.c├── tpm2_createprimary.c├── tpm2_dictionarylockout.c├── tpm2_duplicate.c├── tpm2_ecdhkeygen.c├── tpm2_ecdhzgen.c├── tpm2_ecephemeral.c├── tpm2_encryptdecrypt.c├── tpm2_evictcontrol.c├── tpm2_flushcontext.c├── tpm2_getcap.c├── tpm2_getcommandauditdigest.c├── tpm2_geteccparameters.c├── tpm2_getekcertificate.c├── tpm2_getpolicydigest.c├── tpm2_getrandom.c├── tpm2_getsessionauditdigest.c├── tpm2_gettestresult.c├── tpm2_gettime.c├── tpm2_hash.c├── tpm2_hierarchycontrol.c├── tpm2_hmac.c├── tpm2_import.c├── tpm2_incrementalselftest.c├── tpm2_load.c├── tpm2_loadexternal.c├── tpm2_makecredential.c├── tpm2_nvcertify.c├── tpm2_nvdefine.c├── tpm2_nvextend.c├── tpm2_nvincrement.c├── tpm2_nvread.c├── tpm2_nvreadlock.c├── tpm2_nvreadpublic.c├── tpm2_nvsetbits.c├── tpm2_nvundefine.c├── tpm2_nvwrite.c├── tpm2_nvwritelock.c├── tpm2_pcrallocate.c├── tpm2_pcrevent.c├── tpm2_pcrextend.c├── tpm2_pcrread.c├── tpm2_pcrreset.c├── tpm2_policyauthorize.c├── tpm2_policyauthorizenv.c├── tpm2_policyauthvalue.c├── tpm2_policycommandcode.c├── tpm2_policycountertimer.c├── tpm2_policycphash.c├── tpm2_policyduplicationselect.c├── tpm2_policylocality.c├── tpm2_policynamehash.c├── tpm2_policynv.c├── tpm2_policynvwritten.c├── tpm2_policyor.c├── tpm2_policypassword.c├── tpm2_policypcr.c├── tpm2_policyrestart.c├── tpm2_policysecret.c├── tpm2_policysigned.c├── tpm2_policytemplate.c├── tpm2_policyticket.c├── tpm2_quote.c├── tpm2_readclock.c├── tpm2_readpublic.c├── tpm2_rsadecrypt.c├── tpm2_rsaencrypt.c├── tpm2_selftest.c├── tpm2_send.c├── tpm2_sessionconfig.c├── tpm2_setclock.c├── tpm2_setcommandauditstatus.c├── tpm2_setprimarypolicy.c├── tpm2_shutdown.c├── tpm2_sign.c├── tpm2_startauthsession.c├── tpm2_startup.c├── tpm2_stirrandom.c├── tpm2_testparms.c├── tpm2_tool.c├── tpm2_tool.h├── tpm2_unseal.c├── tpm2_verifysignature.c└── tpm2_zgen2phase.c23 directories, 592 files

5. 进入源码目录

penghao@Ding-Perlis-MP260S48:~/TPM/tools$ cd tpm2-tools/
penghao@Ding-Perlis-MP260S48:~/TPM/tools/tpm2-tools$ 

6. 构建——引导

运行bootstrap命令进行引导。命令及结果如下所示：

penghao@Ding-Perlis-MP260S48:~/TPM/tools/tpm2-tools$ ./bootstrap 
Generating file lists: src_vars.mk
aclocal: installing 'm4/ax_ac_append_to_file.m4' from '/usr/share/aclocal/ax_ac_append_to_file.m4'
aclocal: installing 'm4/ax_ac_print_to_file.m4' from '/usr/share/aclocal/ax_ac_print_to_file.m4'
aclocal: installing 'm4/ax_add_am_macro_static.m4' from '/usr/share/aclocal/ax_add_am_macro_static.m4'
aclocal: installing 'm4/ax_add_fortify_source.m4' from '/usr/share/aclocal/ax_add_fortify_source.m4'
aclocal: installing 'm4/ax_am_macros_static.m4' from '/usr/share/aclocal/ax_am_macros_static.m4'
aclocal: installing 'm4/ax_check_compile_flag.m4' from '/usr/share/aclocal/ax_check_compile_flag.m4'
aclocal: installing 'm4/ax_check_enable_debug.m4' from '/usr/share/aclocal/ax_check_enable_debug.m4'
aclocal: installing 'm4/ax_check_link_flag.m4' from '/usr/share/aclocal/ax_check_link_flag.m4'
aclocal: installing 'm4/ax_code_coverage.m4' from '/usr/share/aclocal/ax_code_coverage.m4'
aclocal: installing 'm4/ax_file_escapes.m4' from '/usr/share/aclocal/ax_file_escapes.m4'
aclocal: installing 'm4/ax_is_release.m4' from '/usr/share/aclocal/ax_is_release.m4'
aclocal: installing 'm4/libtool.m4' from '/usr/share/aclocal/libtool.m4'
aclocal: installing 'm4/ltoptions.m4' from '/usr/share/aclocal/ltoptions.m4'
aclocal: installing 'm4/ltsugar.m4' from '/usr/share/aclocal/ltsugar.m4'
aclocal: installing 'm4/ltversion.m4' from '/usr/share/aclocal/ltversion.m4'
aclocal: installing 'm4/lt~obsolete.m4' from '/usr/share/aclocal/lt~obsolete.m4'
aclocal: installing 'm4/pkg.m4' from '/usr/share/aclocal/pkg.m4'
libtoolize: putting auxiliary files in '.'.
libtoolize: linking file './ltmain.sh'
configure.ac:8: installing './compile'
configure.ac:10: installing './config.guess'
configure.ac:10: installing './config.sub'
configure.ac:11: installing './install-sh'
configure.ac:11: installing './missing'
Makefile.am: installing './depcomp'
parallel-tests: installing './test-driver'

7. 构建——配置

运行configure命令（不带参数）进行配置。命令及结果如下所示：

penghao@Ding-Perlis-MP260S48:~/TPM/tools/tpm2-tools$ ./configure 
checking whether to enable debugging... info
checking for gcc... gcc
checking whether the C compiler works... yes
checking for C compiler default output file name... a.out
checking for suffix of executables... 
checking whether we are cross compiling... no
checking for suffix of object files... o
checking whether the compiler supports GNU C... yes
checking whether gcc accepts -g... yes
checking for gcc option to enable C11 features... none needed
checking whether gcc understands -c and -o together... yes
checking whether ln -s works... yes
checking build system type... x86_64-pc-linux-gnu
checking host system type... x86_64-pc-linux-gnu
checking how to print strings... printf
checking for a sed that does not truncate output... /usr/bin/sed
checking for grep that handles long lines and -e... /usr/bin/grep
checking for egrep... /usr/bin/grep -E
checking for fgrep... /usr/bin/grep -F
checking for ld used by gcc... /usr/bin/ld
checking if the linker (/usr/bin/ld) is GNU ld... yes
checking for BSD- or MS-compatible name lister (nm)... /usr/bin/nm -B
checking the name lister (/usr/bin/nm -B) interface... BSD nm
checking the maximum length of command line arguments... 1572864
checking how to convert x86_64-pc-linux-gnu file names to x86_64-pc-linux-gnu format... func_convert_file_noop
checking how to convert x86_64-pc-linux-gnu file names to toolchain format... func_convert_file_noop
checking for /usr/bin/ld option to reload object files... -r
checking for file... file
checking for objdump... objdump
checking how to recognize dependent libraries... pass_all
checking for dlltool... no
checking how to associate runtime and link libraries... printf %s\n
checking for ar... ar
checking for archiver @FILE support... @
checking for strip... strip
checking for ranlib... ranlib
checking for gawk... gawk
checking command to parse /usr/bin/nm -B output from gcc object... ok
checking for sysroot... no
checking for a working dd... /usr/bin/dd
checking how to truncate binary pipes... /usr/bin/dd bs=4096 count=1
file: could not find any valid magic files! (No such file or directory)
checking for mt... mt
checking if mt is a manifest tool... no
checking for stdio.h... yes
checking for stdlib.h... yes
checking for string.h... yes
checking for inttypes.h... yes
checking for stdint.h... yes
checking for strings.h... yes
checking for sys/stat.h... yes
checking for sys/types.h... yes
checking for unistd.h... yes
checking for dlfcn.h... yes
checking for objdir... .libs
checking if gcc supports -fno-rtti -fno-exceptions... no
checking for gcc option to produce PIC... -fPIC -DPIC
checking if gcc PIC flag -fPIC -DPIC works... yes
checking if gcc static flag -static works... yes
checking if gcc supports -c -o file.o... yes
checking if gcc supports -c -o file.o... (cached) yes
checking whether the gcc linker (/usr/bin/ld) supports shared libraries... yes
checking whether -lc should be explicitly linked in... no
checking dynamic linker characteristics... GNU/Linux ld.so
checking how to hardcode library paths into programs... immediate
checking whether stripping libraries is possible... yes
checking if libtool supports shared libraries... yes
checking whether to build shared libraries... yes
checking whether to build static libraries... yes
checking for a BSD-compatible install... /usr/bin/install -c
checking whether build environment is sane... yes
checking for a race-free mkdir -p... /usr/bin/mkdir -p
checking whether make sets $(MAKE)... yes
checking whether make supports the include directive... yes (GNU style)
checking whether make supports nested variables... yes
checking dependency style of gcc... gcc3
checking whether make supports nested variables... (cached) yes
checking whether to build with code coverage support... no
checking for pandoc... no
configure: WARNING: Required executable pandoc not found, man pages will not be built
checking for pkg-config... /usr/bin/pkg-config
checking pkg-config is at least version 0.9.0... yes
checking for tss2-fapi... yes
checking for tss2-fapi >= 3.0... yes
checking for tss2-esys >= 4.0.0... yes
checking for tss2-tctildr... yes
checking for tss2-mu... yes
checking for tss2-rc... yes
checking for tss2-sys... yes
checking for libcrypto >= 1.1.0... yes
checking for EVP_sm3 in -lcrypto... yes
checking for EVP_sm4_cfb128 in -lcrypto... yes
checking for libcurl... yes
checking for efivar... yes
checking whether C compiler accepts -Wall... yes
checking whether C compiler accepts -Wextra... yes
checking whether C compiler accepts -Werror... yes
checking whether C compiler accepts -Wformat... yes
checking whether C compiler accepts -Wformat-security... yes
checking whether C compiler accepts -Wstack-protector... yes
checking whether C compiler accepts -fstack-protector-all... yes
checking whether C compiler accepts -Wstrict-overflow=5... yes
checking whether C compiler accepts -O2... yes
checking whether to add -D_FORTIFY_SOURCE=2 to CPPFLAGS... yes
checking whether C compiler accepts -fPIC... yes
checking whether the linker accepts -shared... yes
checking whether C compiler accepts -fPIE... yes
checking whether the linker accepts -pie... yes
checking whether the linker accepts -Wl,-z,relro... yes
checking whether the linker accepts -Wl,-z,now... yes
checking whether C compiler accepts -D_GNU_SOURCE... yes
checking whether C compiler accepts -std=gnu99... yes
checking whether C compiler accepts -Wstringop-overflow=4... yes
checking whether C compiler accepts -Wstringop-truncation... yes
checking whether C compiler accepts -Wduplicated-branches... yes
checking whether C compiler accepts -Wduplicated-cond... yes
checking whether C compiler accepts -Wbool-compare... yes
checking whether C compiler accepts -fdata-sections... yes
checking whether C compiler accepts -ffunction-sections... yes
checking whether the linker accepts -Wl,--gc-sections... yes
checking that generated files are newer than configure... done
configure: creating ./config.status
config.status: creating Makefile
config.status: creating lib/config.h
config.status: executing libtool commands
config.status: executing depfiles commands- tpm2-tools: 5.5-rc1-1-g8cbc4bba- Man pages: no- Unit tests: no

8. 构建——编译

运行make命令进行编译。命令及结果如下所示：

penghao@Ding-Perlis-MP260S48:~/TPM/tools/tpm2-tools$ makeCC       tools/fapi/tss2-tss2_template.oCC       tools/fapi/tss2-tss2_decrypt.oCC       tools/fapi/tss2-tss2_encrypt.oCC       tools/fapi/tss2-tss2_list.oCC       tools/fapi/tss2-tss2_changeauth.oCC       tools/fapi/tss2-tss2_delete.oCC       tools/fapi/tss2-tss2_import.oCC       tools/fapi/tss2-tss2_getinfo.oCC       tools/fapi/tss2-tss2_createkey.oCC       tools/fapi/tss2-tss2_createseal.oCC       tools/fapi/tss2-tss2_exportkey.oCC       tools/fapi/tss2-tss2_getcertificate.oCC       tools/fapi/tss2-tss2_getplatformcertificates.oCC       tools/fapi/tss2-tss2_gettpmblobs.oCC       tools/fapi/tss2-tss2_getappdata.oCC       tools/fapi/tss2-tss2_gettpm2object.oCC       tools/fapi/tss2-tss2_setappdata.oCC       tools/fapi/tss2-tss2_setcertificate.oCC       tools/fapi/tss2-tss2_sign.oCC       tools/fapi/tss2-tss2_verifysignature.oCC       tools/fapi/tss2-tss2_verifyquote.oCC       tools/fapi/tss2-tss2_createnv.oCC       tools/fapi/tss2-tss2_nvextend.oCC       tools/fapi/tss2-tss2_nvincrement.oCC       tools/fapi/tss2-tss2_nvread.oCC       tools/fapi/tss2-tss2_nvsetbits.oCC       tools/fapi/tss2-tss2_nvwrite.oCC       tools/fapi/tss2-tss2_getdescription.oCC       tools/fapi/tss2-tss2_setdescription.oCC       tools/fapi/tss2-tss2_pcrextend.oCC       tools/fapi/tss2-tss2_quote.oCC       tools/fapi/tss2-tss2_pcrread.oCC       tools/fapi/tss2-tss2_authorizepolicy.oCC       tools/fapi/tss2-tss2_exportpolicy.oCC       tools/fapi/tss2-tss2_provision.oCC       tools/fapi/tss2-tss2_getrandom.oCC       tools/fapi/tss2-tss2_unseal.oCC       tools/fapi/tss2-tss2_writeauthorizenv.oCC       lib/libcommon_a-files.oCC       lib/libcommon_a-log.oCC       lib/libcommon_a-object.oCC       lib/libcommon_a-pcr.oCC       lib/libcommon_a-tool_rc.oCC       lib/libcommon_a-tpm2.oCC       lib/libcommon_a-tpm2_alg_util.oCC       lib/libcommon_a-tpm2_attr_util.oCC       lib/libcommon_a-tpm2_auth_util.oCC       lib/libcommon_a-tpm2_capability.oCC       lib/libcommon_a-tpm2_cc_util.oCC       lib/libcommon_a-tpm2_convert.oCC       lib/libcommon_a-tpm2_ctx_mgmt.oCC       lib/libcommon_a-tpm2_errata.oCC       lib/libcommon_a-tpm2_eventlog.oCC       lib/libcommon_a-tpm2_eventlog_yaml.oCC       lib/libcommon_a-tpm2_hash.oCC       lib/libcommon_a-tpm2_hierarchy.oCC       lib/libcommon_a-tpm2_identity_util.oCC       lib/libcommon_a-tpm2_kdfa.oCC       lib/libcommon_a-tpm2_kdfe.oCC       lib/libcommon_a-tpm2_openssl.oCC       lib/libcommon_a-tpm2_options.oCC       lib/libcommon_a-tpm2_policy.oCC       lib/libcommon_a-tpm2_session.oCC       lib/libcommon_a-tpm2_tool_output.oCC       lib/libcommon_a-tpm2_util.oAR       lib/libcommon.aCCLD     tools/fapi/tss2CC       tools/tpm2-tpm2_tool.oCC       tools/misc/tpm2-tpm2_certifyX509certutil.oCC       tools/misc/tpm2-tpm2_checkquote.oCC       tools/misc/tpm2-tpm2_encodeobject.oCC       tools/misc/tpm2-tpm2_eventlog.oCC       tools/misc/tpm2-tpm2_print.oCC       tools/misc/tpm2-tpm2_rc_decode.oCC       tools/tpm2-tpm2_activatecredential.oCC       tools/tpm2-tpm2_certify.oCC       tools/tpm2-tpm2_changeauth.oCC       tools/tpm2-tpm2_changeeps.oCC       tools/tpm2-tpm2_changepps.oCC       tools/tpm2-tpm2_clear.oCC       tools/tpm2-tpm2_clearcontrol.oCC       tools/tpm2-tpm2_clockrateadjust.oCC       tools/tpm2-tpm2_create.oCC       tools/tpm2-tpm2_createak.oCC       tools/tpm2-tpm2_createek.oCC       tools/tpm2-tpm2_createpolicy.oCC       tools/tpm2-tpm2_setprimarypolicy.oCC       tools/tpm2-tpm2_createprimary.oCC       tools/tpm2-tpm2_dictionarylockout.oCC       tools/tpm2-tpm2_duplicate.oCC       tools/tpm2-tpm2_getcap.oCC       tools/tpm2-tpm2_gettestresult.oCC       tools/tpm2-tpm2_encryptdecrypt.oCC       tools/tpm2-tpm2_evictcontrol.oCC       tools/tpm2-tpm2_flushcontext.oCC       tools/tpm2-tpm2_getekcertificate.oCC       tools/tpm2-tpm2_getrandom.oCC       tools/tpm2-tpm2_gettime.oCC       tools/tpm2-tpm2_hash.oCC       tools/tpm2-tpm2_hierarchycontrol.oCC       tools/tpm2-tpm2_hmac.oCC       tools/tpm2-tpm2_import.oCC       tools/tpm2-tpm2_incrementalselftest.oCC       tools/tpm2-tpm2_load.oCC       tools/tpm2-tpm2_loadexternal.oCC       tools/tpm2-tpm2_makecredential.oCC       tools/tpm2-tpm2_nvdefine.oCC       tools/tpm2-tpm2_nvextend.oCC       tools/tpm2-tpm2_nvincrement.oCC       tools/tpm2-tpm2_nvreadpublic.oCC       tools/tpm2-tpm2_nvread.oCC       tools/tpm2-tpm2_nvreadlock.oCC       tools/tpm2-tpm2_nvundefine.oCC       tools/tpm2-tpm2_nvwrite.oCC       tools/tpm2-tpm2_nvwritelock.oCC       tools/tpm2-tpm2_nvsetbits.oCC       tools/tpm2-tpm2_pcrallocate.oCC       tools/tpm2-tpm2_pcrevent.oCC       tools/tpm2-tpm2_pcrextend.oCC       tools/tpm2-tpm2_pcrread.oCC       tools/tpm2-tpm2_pcrreset.oCC       tools/tpm2-tpm2_policypcr.oCC       tools/tpm2-tpm2_policyauthorize.oCC       tools/tpm2-tpm2_policyauthorizenv.oCC       tools/tpm2-tpm2_policynv.oCC       tools/tpm2-tpm2_policycountertimer.oCC       tools/tpm2-tpm2_policyor.oCC       tools/tpm2-tpm2_policynamehash.oCC       tools/tpm2-tpm2_policytemplate.oCC       tools/tpm2-tpm2_policycphash.oCC       tools/tpm2-tpm2_policypassword.oCC       tools/tpm2-tpm2_policysigned.oCC       tools/tpm2-tpm2_policyticket.oCC       tools/tpm2-tpm2_policyauthvalue.oCC       tools/tpm2-tpm2_policysecret.oCC       tools/tpm2-tpm2_policyrestart.oCC       tools/tpm2-tpm2_policycommandcode.oCC       tools/tpm2-tpm2_policynvwritten.oCC       tools/tpm2-tpm2_policyduplicationselect.oCC       tools/tpm2-tpm2_policylocality.oCC       tools/tpm2-tpm2_quote.oCC       tools/tpm2-tpm2_readclock.oCC       tools/tpm2-tpm2_readpublic.oCC       tools/tpm2-tpm2_rsadecrypt.oCC       tools/tpm2-tpm2_rsaencrypt.oCC       tools/tpm2-tpm2_send.oCC       tools/tpm2-tpm2_selftest.oCC       tools/tpm2-tpm2_setclock.oCC       tools/tpm2-tpm2_shutdown.oCC       tools/tpm2-tpm2_sign.oCC       tools/tpm2-tpm2_certifycreation.oCC       tools/tpm2-tpm2_nvcertify.oCC       tools/tpm2-tpm2_startauthsession.oCC       tools/tpm2-tpm2_startup.oCC       tools/tpm2-tpm2_stirrandom.oCC       tools/tpm2-tpm2_testparms.oCC       tools/tpm2-tpm2_unseal.oCC       tools/tpm2-tpm2_verifysignature.oCC       tools/tpm2-tpm2_setcommandauditstatus.oCC       tools/tpm2-tpm2_getcommandauditdigest.oCC       tools/tpm2-tpm2_getsessionauditdigest.oCC       tools/tpm2-tpm2_geteccparameters.oCC       tools/tpm2-tpm2_ecephemeral.oCC       tools/tpm2-tpm2_commit.oCC       tools/tpm2-tpm2_ecdhkeygen.oCC       tools/tpm2-tpm2_ecdhzgen.oCC       tools/tpm2-tpm2_zgen2phase.oCC       tools/tpm2-tpm2_sessionconfig.oCC       tools/tpm2-tpm2_getpolicydigest.oCCLD     tools/tpm2

9. 安装

运行make install命令进行安装。命令及结果如下所示：

penghao@Ding-Perlis-MP260S48:~/TPM/tools/tpm2-tools$ sudo make install
[sudo] penghao 的密码：make[1]: 进入目录“/home/penghao/TPM/tools/tpm2-tools”/usr/bin/mkdir -p '/usr/local/bin'/bin/sh ./libtool   --mode=install /usr/bin/install -c tools/fapi/tss2 tools/tpm2 '/usr/local/bin'
libtool: install: /usr/bin/install -c tools/fapi/tss2 /usr/local/bin/tss2
libtool: install: /usr/bin/install -c tools/tpm2 /usr/local/bin/tpm2
make  install-exec-hook
make[2]: 进入目录“/home/penghao/TPM/tools/tpm2-tools”
for tool in tpm2_certifyX509certutil tpm2_checkquote tpm2_encodeobject tpm2_eventlog tpm2_print tpm2_rc_decode tpm2_activatecredential tpm2_certify tpm2_changeauth tpm2_changeeps tpm2_changepps tpm2_clear tpm2_clearcontrol tpm2_clockrateadjust tpm2_create tpm2_createak tpm2_createek tpm2_createpolicy tpm2_setprimarypolicy tpm2_createprimary tpm2_dictionarylockout tpm2_duplicate tpm2_getcap tpm2_gettestresult tpm2_encryptdecrypt tpm2_evictcontrol tpm2_flushcontext tpm2_getekcertificate tpm2_getrandom tpm2_gettime tpm2_hash tpm2_hierarchycontrol tpm2_hmac tpm2_import tpm2_incrementalselftest tpm2_load tpm2_loadexternal tpm2_makecredential tpm2_nvdefine tpm2_nvextend tpm2_nvincrement tpm2_nvreadpublic tpm2_nvread tpm2_nvreadlock tpm2_nvundefine tpm2_nvwrite tpm2_nvwritelock tpm2_nvsetbits tpm2_pcrallocate tpm2_pcrevent tpm2_pcrextend tpm2_pcrread tpm2_pcrreset tpm2_policypcr tpm2_policyauthorize tpm2_policyauthorizenv tpm2_policynv tpm2_policycountertimer tpm2_policyor tpm2_policynamehash tpm2_policytemplate tpm2_policycphash tpm2_policypassword tpm2_policysigned tpm2_policyticket tpm2_policyauthvalue tpm2_policysecret tpm2_policyrestart tpm2_policycommandcode tpm2_policynvwritten tpm2_policyduplicationselect tpm2_policylocality tpm2_quote tpm2_readclock tpm2_readpublic tpm2_rsadecrypt tpm2_rsaencrypt tpm2_send tpm2_selftest tpm2_setclock tpm2_shutdown tpm2_sign tpm2_certifycreation tpm2_nvcertify tpm2_startauthsession tpm2_startup tpm2_stirrandom tpm2_testparms tpm2_unseal tpm2_verifysignature tpm2_setcommandauditstatus tpm2_getcommandauditdigest tpm2_getsessionauditdigest tpm2_geteccparameters tpm2_ecephemeral tpm2_commit tpm2_ecdhkeygen tpm2_ecdhzgen tpm2_zgen2phase tpm2_sessionconfig tpm2_getpolicydigest ; do \ln -s -f \"tpm2" \"/usr/local/bin/$tool" ; \
done
for tool in tss2_decrypt tss2_encrypt tss2_list tss2_changeauth tss2_delete tss2_import tss2_getinfo tss2_createkey tss2_createseal tss2_exportkey tss2_getcertificate tss2_getplatformcertificates tss2_gettpmblobs tss2_getappdata tss2_gettpm2object tss2_setappdata tss2_setcertificate tss2_sign tss2_verifysignature tss2_verifyquote tss2_createnv tss2_nvextend tss2_nvincrement tss2_nvread tss2_nvsetbits tss2_nvwrite tss2_getdescription tss2_setdescription tss2_pcrextend tss2_quote tss2_pcrread tss2_authorizepolicy tss2_exportpolicy tss2_import tss2_provision tss2_getrandom tss2_unseal tss2_writeauthorizenv ; do \ln -s -f \"tss2" \"/usr/local/bin/$tool" ; \
done
make[2]: 离开目录“/home/penghao/TPM/tools/tpm2-tools”/usr/bin/mkdir -p '/usr/share/bash-completion/completions'/usr/bin/install -c -m 644 dist/bash-completion/tpm2-tools/tpm2_completion.bash dist/bash-completion/tpm2-tools/tss2_decrypt dist/bash-completion/tpm2-tools/tss2_encrypt dist/bash-completion/tpm2-tools/tss2_list dist/bash-completion/tpm2-tools/tss2_changeauth dist/bash-completion/tpm2-tools/tss2_delete dist/bash-completion/tpm2-tools/tss2_import dist/bash-completion/tpm2-tools/tss2_getinfo dist/bash-completion/tpm2-tools/tss2_createkey dist/bash-completion/tpm2-tools/tss2_createseal dist/bash-completion/tpm2-tools/tss2_exportkey dist/bash-completion/tpm2-tools/tss2_getcertificate dist/bash-completion/tpm2-tools/tss2_getplatformcertificates dist/bash-completion/tpm2-tools/tss2_gettpmblobs dist/bash-completion/tpm2-tools/tss2_setcertificate dist/bash-completion/tpm2-tools/tss2_getappdata dist/bash-completion/tpm2-tools/tss2_gettpm2object dist/bash-completion/tpm2-tools/tss2_setappdata dist/bash-completion/tpm2-tools/tss2_sign dist/bash-completion/tpm2-tools/tss2_verifysignature dist/bash-completion/tpm2-tools/tss2_verifyquote dist/bash-completion/tpm2-tools/tss2_createnv dist/bash-completion/tpm2-tools/tss2_nvextend dist/bash-completion/tpm2-tools/tss2_nvincrement dist/bash-completion/tpm2-tools/tss2_nvread dist/bash-completion/tpm2-tools/tss2_nvsetbits dist/bash-completion/tpm2-tools/tss2_nvwrite dist/bash-completion/tpm2-tools/tss2_getdescription dist/bash-completion/tpm2-tools/tss2_setdescription dist/bash-completion/tpm2-tools/tss2_pcrextend dist/bash-completion/tpm2-tools/tss2_quote dist/bash-completion/tpm2-tools/tss2_pcrread dist/bash-completion/tpm2-tools/tss2_authorizepolicy dist/bash-completion/tpm2-tools/tss2_exportpolicy dist/bash-completion/tpm2-tools/tss2_provision dist/bash-completion/tpm2-tools/tss2_getrandom dist/bash-completion/tpm2-tools/tss2_unseal dist/bash-completion/tpm2-tools/tss2_writeauthorizenv dist/bash-completion/tpm2-tools/tss2 '/usr/share/bash-completion/completions'
make  install-data-hook
make[2]: 进入目录“/home/penghao/TPM/tools/tpm2-tools”
cd /usr/share/bash-completion/completions && \
for tool in tools/fapi/tss2 tools/tpm2; do \[ "${tool}" = "${tool#tools/fapi/*}" ] && ln -s -f tpm2_completion.bash ${tool##*/}; \
done
make[2]: 离开目录“/home/penghao/TPM/tools/tpm2-tools”
make[1]: 离开目录“/home/penghao/TPM/tools/tpm2-tools”

10. 运行测试

运行tpm2_tools中的tpm2_getrandom命令。实际命令及结果如下所示：

penghao@Ding-Perlis-MP260S48:~/TPM/tools/tpm2-tools$ tpm2_getrandom 4** (process:131441): WARNING **: 17:19:59.604: Failed to create connection with service: GDBus.Error:org.freedesktop.DBus.Error.AccessDenied: Rejected send message, 1 matched rules; type="method_call", sender=":1.480" (uid=1000 pid=131441 comm="tpm2_getrandom 4") interface="com.intel.tss2.TctiTabrmd" member="CreateConnection" error name="(unset)" requested_reply="0" destination=":1.207" (uid=0 pid=37166 comm="/usr/local/sbin/tpm2-abrmd --allow-root --tcti=mss")
ERROR:tcti:src/tss2-tcti/tctildr-dl.c:169:tcti_from_file() Could not initialize TCTI file: libtss2-tcti-tabrmd.so.0 
ERROR:tcti:src/tss2-tcti/tcti-device.c:451:Tss2_Tcti_Device_Init() Failed to open specified TCTI device file /dev/tpmrm0: Permission denied 
ERROR:tcti:src/tss2-tcti/tctildr-dl.c:169:tcti_from_file() Could not initialize TCTI file: libtss2-tcti-device.so.0 
ERROR:tcti:src/tss2-tcti/tcti-device.c:451:Tss2_Tcti_Device_Init() Failed to open specified TCTI device file /dev/tpm0: Permission denied 
ERROR:tcti:src/tss2-tcti/tctildr-dl.c:169:tcti_from_file() Could not initialize TCTI file: libtss2-tcti-device.so.0 
WARNING:tcti:src/util/io.c:262:socket_connect() Failed to connect to host 127.0.0.1, port 2321: errno 111: Connection refused 
ERROR:tcti:src/tss2-tcti/tcti-swtpm.c:613:Tss2_Tcti_Swtpm_Init() Cannot connect to swtpm TPM socket 
ERROR:tcti:src/tss2-tcti/tctildr-dl.c:169:tcti_from_file() Could not initialize TCTI file: libtss2-tcti-swtpm.so.0 
WARNING:tcti:src/util/io.c:262:socket_connect() Failed to connect to host 127.0.0.1, port 2321: errno 111: Connection refused 
ERROR:tcti:src/tss2-tcti/tctildr-dl.c:169:tcti_from_file() Could not initialize TCTI file: libtss2-tcti-mssim.so.0 
ERROR:tcti:src/tss2-tcti/tctildr-dl.c:269:tctildr_get_default() No standard TCTI could be loaded 
ERROR:tcti:src/tss2-tcti/tctildr.c:430:Tss2_TctiLdr_Initialize_Ex() Failed to instantiate TCTI 
ERROR: Could not load tcti, got: "(null)"

出现错误的原因是权限不够，需要使用sudo权限（带全路径）或者在root用户下运行命令（带全路径）。实际命令及结果如下所示：

penghao@Ding-Perlis-MP260S48:~/TPM/tools/tpm2-tools$ su -
密码： 
root [ ~ ]# tpm2_getrandom 4
ERROR:esys:src/tss2-esys/api/Esys_GetCapability.c:305:Esys_GetCapability_Finish() Received a non-TPM Error 
ERROR:esys:src/tss2-esys/api/Esys_GetCapability.c:106:Esys_GetCapability() Esys Finish ErrorCode (0x000a000a) 
ERROR: Esys_GetCapability(0xA000A) - tcti:IO failure
ERROR: Unable to run tpm2_getrandom

出错的原因是没有启动tpm2-abrmd。需要在一个终端下先启动先启动tpm2-abrmd，然后再运行tpm2-tools中的tpm2_getrandom命令。启动tpm2-abrmd命令及结果如下所示：

penghao@Ding-Perlis-MP260S48:~$ sudo /usr/local/sbin/tpm2-abrmd --allow-root
[sudo] penghao 的密码：

再运行tpm2_getrandom命令。实际命令及结果如下所示：

penghao@Ding-Perlis-MP260S48:~$ su -
密码： 
root [ ~ ]# tpm2_getrandom 4
��

也可以使用模拟器，而不用在真机环境上操作。需要依次（在不同终端下）启动模拟器、tpm2-abrmd，再运行tpm2-tools中的tpm2_getrandom命令。

先在一个终端下启动模拟器：

penghao@Ding-Perlis-MP260S48:~$ tpm_server 
LIBRARY_COMPATIBILITY_CHECK is ON
Starting ACT thread...
TPM command server listening on port 2321
Platform server listening on port 2322

再在另一个终端下启动tpm2-abrmd：

penghao@Ding-Perlis-MP260S48:~$ sudo /usr/local/sbin/tpm2-abrmd --allow-root --tcti=mssim
[sudo] penghao 的密码：

root [ ~ ]# ps -aux | grep abrmd
root       24901  0.0  0.0 524552  6260 pts/1    Sl+  18:01   0:00 /usr/local/sbin/tpm2-abrmd --allow-root --tcti=mssim
root       26226  0.0  0.0 223144  2712 pts/2    S+   18:02   0:00 grep --color=auto abrmd
root [ ~ ]# 

此时模拟器终端信息有所变化：

penghao@Ding-Perlis-MP260S48:~$ tpm_server 
LIBRARY_COMPATIBILITY_CHECK is ON
Starting ACT thread...
TPM command server listening on port 2321
Platform server listening on port 2322
Command IPv6 client accepted
Platform IPv6 client accepted

再运行tpm2_getrandom命令。实际命令及结果如下所示：

penghao@Ding-Perlis-MP260S48:~$ su -
密码： 
root [ ~ ]# tpm2_getrandom 4
a<�aroot [ ~ ]#