⚠️ VeridianOS Kernel Documentation - This is low-level kernel code. All functions are unsafe unless explicitly marked otherwise. no_std

Tpm

veridian_kernel::security::tpm

Struct Tpm 

Source 
pub struct Tpm { /* private fields */ }
Expand description

TPM 2.0 interface

Supports both hardware MMIO and software-emulated TPM operations.

Implementations§

Source§

impl Tpm

Source

pub fn new() -> Self

Create new TPM interface

Source

pub fn detect_hardware(&mut self) -> TpmResult<TpmInterfaceType>

Detect TPM hardware

Source

pub fn startup(&mut self) -> TpmResult<()>

Initialize TPM with TPM2_Startup command

Source

pub fn get_random(&self, num_bytes: usize) -> TpmResult<Vec<u8>>

Get random bytes from TPM hardware RNG or software PRNG fallback.

Source

pub fn pcr_read(&self, pcr_index: PcrIndex) -> TpmResult<[u8; 32]>

Read Platform Configuration Register (PCR) value.

Returns the current 32-byte SHA-256 PCR value for the given index.

Source

pub fn pcr_extend( &mut self, pcr_index: PcrIndex, data: &[u8; 32], ) -> TpmResult<()>

Extend Platform Configuration Register with a measurement hash.

Computes: PCR[index] = SHA-256(PCR[index] || measurement)

Source

pub fn quote( &self, pcr_selection: &[PcrIndex], nonce: &[u8; 32], ) -> TpmResult<Vec<u8>>

Create attestation quote over selected PCRs.

Returns a signed quote structure containing the PCR values and nonce.

Source

pub fn seal( &mut self, data: &[u8], pcr_selection: &[PcrIndex], ) -> TpmResult<Vec<u8>>

Seal data to current PCR values.

The sealed blob can only be unsealed when the PCRs match the values recorded at seal time. In software emulation mode, this uses a SHA-256 derived key for XOR encryption.

Source

pub fn unseal(&self, sealed_blob: &[u8]) -> TpmResult<Vec<u8>>

Unseal data from a sealed blob.

Checks that current PCR values match the policy recorded at seal time. Returns the original plaintext data on success.

Source

pub fn create_signing_key(&self) -> TpmResult<TpmHandle>

Create signing key in TPM

Source

pub fn sign(&self, handle: TpmHandle, data: &[u8]) -> TpmResult<Vec<u8>>

Sign data with TPM key

Source

pub fn verify_signature( &self, handle: TpmHandle, data: &[u8], signature: &[u8], ) -> TpmResult<bool>

Verify signature with TPM key

Source

pub fn is_software_emulation(&self) -> bool

Check if the TPM is running in software emulation mode

Source

pub fn is_initialized(&self) -> bool

Check if the TPM has been initialized

Trait Implementations§

Source§

impl Default for Tpm

Source§

fn default() -> Self

Returns the “default value” for a type. Read more

Auto Trait Implementations§

§

impl Freeze for Tpm

§

impl RefUnwindSafe for Tpm

§

impl Send for Tpm

§

impl Sync for Tpm

§

impl Unpin for Tpm

§

impl UnwindSafe for Tpm

Blanket Implementations§

§

impl<T> Any for T
where T: 'static + ?Sized,

§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
§

impl<T> Borrow<T> for T
where T: ?Sized,

§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
§

impl<T> BorrowMut<T> for T
where T: ?Sized,

§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
§

impl<T> From<T> for T

§

fn from(t: T) -> T

Returns the argument unchanged.

§

impl<T, U> Into<U> for T
where U: From<T>,

§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of [From]<T> for U chooses to do.

§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

§

type Error = Infallible

The type returned in the event of a conversion error.
§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.