On Thu, Aug 14, 2025 at 07:21:15AM +0300, Jarkko Sakkinen wrote: > Hi, > > Crates for 0.5.4: > > https://crates.io/crates/tpm2_protocol > https://crates.io/crates/tpm2sh > > As I said earlier tpm2_protocol is no_std, zero 3rd party dependence > crate that does not require a memory allocator, and its first priority > driver for design choices has been Linux kernel. However, given the > design, it could even power the actual chip itself orchestrated by a > microcontroller. > > It's unipolar TPM 2.0 protocol implementation, which can power anything > from to actual chips given ability to build and parse both commands and > responsese. > > This mean in English that if you take e.g., a command byte stream, parse > it and feed that to the builder you will get the exact same bytestream. > The same principle applies responses. > > For upcoming release the rest of the work is basically just populate > rest of the TCG spec, which is easy given the declarative domain > language designed with `macro_rules!` construct. > > "A demo video": > > https://social.kernel.org/notice/Ax9FRqKTBL69UYMIW8 > > Some things we could do given someone has some driver to do so, which > we could not realistically do with the pre-existing C driver: > > 1. Super high-granularity configurable resource manager (perhaps with > eBPF filtering) > 2. Kernel driven vTPMs (as it is bidirectional). > 3. Perhaps even offer vTPM implementations also for CoC VMs. > 4. Not in kernel necessarily but if you have a keystore/crypto product > you can use it for building interoperability layer. > 5. Given extremely sophisticated building/parsing capabilities, > implementing e.g., a tailord remote attestation server becomes super > easy, given that server can use it (w/o TPM ofc) to to carve the data it > wants from the protocol shenanigans. > > Can rarely say this but it's the first ever unipolar and across the > board role agnostic TPM2 protocol implementation - first of its kind > :-)
**** BR, Jarkko
