Skip to content
/ tpm-otp Public

A minimal tool that communicates with your TPM during boot, to display a one-time password and prove bootchain integrity.

License

MIT license
2 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

mtth-bfft/tpm-otp

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

14 Commits
include
include
 
 
src
src
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 

Repository files navigation

tpm-otp

This is still a proof of concept, use at your own risk

tpm-otp is a simple project designed to provide trust-on-first-use for your boot chain (firmware, bootloaders, kernel), or to improve one's confidence in a SecureBoot-based trusted bootchain.

The motivation behind this is to thwart software-only infections of bootloaders and kernel (e.g. evil maid attacks, and to allow some form of boot chain verification without relying on SecureBoot nor signing your own kernels.

The idea is simple: at boot time, take advantage of your TPM chip to verify your platform's integrity and display a proof before prompting the user for any secret (e.g. disk encryption keys).

The proof consists of a counter-based One-Time-Passwords (HOTP) displayed on screen, which users compare to their expected value given by a separate device (e.g. any phone with the Google Authenticator app). Other methods could be implemented later.

About

A minimal tool that communicates with your TPM during boot, to display a one-time password and prove bootchain integrity.

Resources

Readme

License

MIT license
Activity

Stars

2 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages