3

I'm working on an embedded system running linux for embedded. The HW has TPM chip. I've made some preparations, I installed the tpm2-tss and tpm2-tools sw libs and I've test them by hashing some data with the TPM. Its worked.

The system is implementing some RF protocol and transmit messages. The messages are encrypted using AES128 with a secret key that each device have. I want to use the TPM capabilities to store the key securely on the device and to encrypt the messages before I send them. I know that the TPM HW is limited, but the data traffic is very low, so I don't see any issue with encrypting the data with the TPM.

There is a lot of information about the TPM, but all this information made me more confused. I need some guidelines and a simple explanation to help me with my needs. From what I've read the TPM uses a secret internal key to encrypt data and store it on the system external memory. So i'm guess I need to use this feature to encrypt the device key and store it. I didn't understand how I address my key after that and how I "tell" the TPM to encrypt some data with this key.

Brave
  • 159
  • 11
  • Does this answer your question? [How to load and use a persistent symmetric key in the TPM?](https://stackoverflow.com/questions/59485455/how-to-load-and-use-a-persistent-symmetric-key-in-the-tpm) – mnistic Sep 03 '20 at 03:31

1 Answers1

0

I am same problems with TPM2. O TPM2 is so much confused to use tpm2-tools. I recommend use clevis-encrypt tpm2 to abstract complexity of encrypt and decrypt.

If u have news with use TPM2 to sealing boot. I thank if u share here

Luis Felipe Silva
  • 1