我想使用Azure的IOT-SDK-CSHARP,以提供一个基于Linux的设备上蔚蓝的IOT使用TPM作为认证机制的dps。
我添加了一个TPM模块到覆盆子板和配置内核/的DeviceTree。当检测到TPM芯片和在/ dev / tpm0设备在linux显示出来。 Addionaly我包括了所有的先决条件进入Linux映像在Linux上运行(https://github.com/dotnet/core/blob/master/samples/YoctoInstructions.md)一个自包含.NET的核心应用。它可以运行.NET的核心应用程序...我测试用c#设备SDK简单的IOT毂连接。
接下来,我试图从.NET核心访问TPM模块。因此,我写了这个程序,使用SecurityProviderTpmHsm从Microsoft.Azure.Devices.Provisioning.Security读取TPM endorsementKey。
using System;
using System.Text;
using Microsoft.Azure.Devices.Provisioning.Security;
using Microsoft.Azure.Devices.Shared;
namespace TPMTest
{
class Program
{
static void Main(string[] args)
{
Console.WriteLine("Hello World!");
var tpmProvider = new SecurityProviderTpmHsm("test");
var test = tpmProvider.GetEndorsementKey();
Console.WriteLine(BitConverter.ToString(test));
}
}
}
这工作在Windows机器上,而是用一个自包含包(DOTNET发布的linux -r臂)失败了Linux臂机上。
Hello World!
Unhandled Exception: System.DllNotFoundException: Unable to load shared library 'bcrypt.dll' or one of its dependencies. In order to help diagnose loading problems, consider setting the LD_DEBUG environment variable: libbcrypt.dll: cannot open shared object file: No such file or directory
at Tpm2Lib.Native.BCryptOpenAlgorithmProvider(UIntPtr& AlgProvider, String AlgId, String Implementation, UInt32 Flags)
at Tpm2Lib.BCryptAlgorithm.Open(String algName, UInt32 flags)
at Tpm2Lib.BCryptAlgorithm..ctor(String algName, UInt32 flags)
at Tpm2Lib.CryptoLib.Hmac(TpmAlgId hashAlgId, Byte[] key, Byte[] data)
at Tpm2Lib.KDF.KDFa(TpmAlgId hmacHash, Byte[] hmacKey, String label, Byte[] contextU, Byte[] contextV, Int32 numBitsRequired)
at Tpm2Lib.PRNG.FillRandBuf()
at Tpm2Lib.PRNG.SetRngRandomSeed()
at Tpm2Lib.PRNG.GetRandomBytes(Int32 numBytes)
at Tpm2Lib.Globs.GetRandomBytes(Int32 numBytes)
at Tpm2Lib.Tpm2.GetRandomBytes(Int32 numBytes)
at Tpm2Lib.Tpm2.CancelSafeStartAuthSession(TpmSe sessionType, TpmAlgId authHash, Int32 nonceCallerSize)
at Tpm2Lib.Tpm2.PrepareRequestSessions(CommandInfo commandInfo, TpmHandle[] inHandles)
at Tpm2Lib.Tpm2.DispatchMethod(TpmCc ordinal, TpmStructureBase inParms, Type expectedResponseType, TpmStructureBase& outParms, Int32 numInHandlesNotUsed, Int32 numOutHandlesNotUsed)
at Tpm2Lib.Tpm2.CreatePrimary(TpmHandle primaryHandle, SensitiveCreate inSensitive, TpmPublic inPublic, Byte[] outsideInfo, PcrSelection[] creationPCR, TpmPublic& outPublic, CreationData& creationData, Byte[]& creationHash, TkCreation& creationTicket)
at Microsoft.Azure.Devices.Provisioning.Security.SecurityProviderTpmHsm.ReadOrCreatePersistedKey(TpmHandle persHandle, TpmHandle hierarchy, TpmPublic template)
at Microsoft.Azure.Devices.Provisioning.Security.SecurityProviderTpmHsm.CacheEkAndSrk()
at Microsoft.Azure.Devices.Provisioning.Security.SecurityProviderTpmHsm..ctor(String registrationId, Tpm2Device tpm)
at Microsoft.Azure.Devices.Provisioning.Security.SecurityProviderTpmHsm..ctor(String registrationId)
at TPMTest.Program.Main(String[] args) in C:\Users\admin\source\repos\TPMTest\TPMTest\Program.cs:line 12
Aborted
我读了一些问题,在GitHub上缺少bcrypted.dll。据我了解,一些加密功能都没有在Linux版本的.NET核心2.x的移植。 https://github.com/dotnet/corefx/issues/7023所以,我尝试了.NET的核心3.x的预览,它支持AES-GCM等......但我遇到了同样的错误。
不知道,如果这个问题与我的问题。
是否有丢失的依赖,这是我需要在我的Linux映像?难道是一般支持,能够使用在.NET的核心TPM模块基于Linux的机器?
Microsoft.Azure.Devices.Provisioning.Security.Tpm是依靠Microsoft.TSS 2.0.1 NuGet包具有仅适用于Linux-x64的二进制文件。
为了使其工作:
<PropertyGroup Condition=" '$(RuntimeIdentifier)' == 'linux-x64' Or '$(OS)' == 'Unix' Or '$(OS)' == 'Linux'">
这
<PropertyGroup Condition=" '$(RuntimeIdentifier)' == 'linux-x64' Or '$(RuntimeIdentifier)' == 'linux-arm' Or '$(OS)' == 'Unix' Or '$(OS)' == 'Linux'">