Python activate_group Examples

Example #1

File: provider_vtpm_add.py Project: maugustosilva/keylime

def add_vtpm(inputfile):
    # read in the file
    with open(inputfile, encoding="utf-8") as f:
        group = yaml.load(f, Loader=SafeLoader)

    # fetch configuration parameters
    provider_reg_port = config.get('registrar', 'provider_registrar_port')
    provider_reg_ip = config.get('registrar', 'provider_registrar_ip')

    # request a vtpm uuid from the manager
    vtpm_uuid = vtpm_manager.add_vtpm_to_group(group['uuid'])

    # registrar it and get back a blob
    keyblob = registrar_client.doRegisterAgent(provider_reg_ip,
                                               provider_reg_port, vtpm_uuid,
                                               group['pubekpem'],
                                               group['ekcert'],
                                               group['aikpem'])

    # get the ephemeral registrar key by activating in the hardware tpm
    key = base64.b64encode(vtpm_manager.activate_group(group['uuid'], keyblob))

    # tell the registrar server we know the key
    registrar_client.doActivateAgent(provider_reg_ip, provider_reg_port,
                                     vtpm_uuid, key)

    logger.info("Registered new vTPM with UUID: %s", vtpm_uuid)

    return vtpm_uuid

Example #2

def main(argv=sys.argv):

    if len(argv) < 3:
        print("usage: provider_platform_init.py pubek.pem tpm_ekcert.der")
        print("\tassociates a hypervisor host to its TPM and registers it")
        print()
        print(
            "\tYou must obtain the public EK and the EK certificate from outside of Xen"
        )
        print(
            "\ttake ownership first, then obtain pubek, and ekcert as follows")
        print("\t takeown -pwdo <owner_password>")
        print("\t getpubek -pwdo <owner-password>")
        print(
            "\t nv_readvalue -pwdo <owner-password> -in 1000f000 -cert -of tpm_ekcert.der"
        )
        sys.exit(-1)

    f = open(argv[1], 'r')
    ek = f.read()
    f.close()
    f = open(argv[2], 'r')
    ekcert = base64.b64encode(f.read())
    f.close()

    # fetch configuration parameters
    provider_reg_port = config.get('registrar', 'provider_registrar_port')
    provider_reg_ip = config.get('registrar', 'provider_registrar_ip')

    # create a new group
    (group_uuid, group_aik, group_num, _) = vtpm_manager.add_vtpm_group()

    # registrar it and get back a blob
    keyblob = registrar_client.doRegisterAgent(provider_reg_ip,
                                               provider_reg_port, group_uuid,
                                               ek, ekcert, group_aik)

    # get the ephemeral registrar key by activating in the hardware tpm
    key = base64.b64encode(vtpm_manager.activate_group(group_uuid, keyblob))

    # create a new group
    (group_uuid, group_aik, group_num, _) = vtpm_manager.add_vtpm_group()
    # tell the registrar server we know the key
    registrar_client.doActivateAgent(provider_reg_ip, provider_reg_port,
                                     group_uuid, key)

    output = {
        'uuid': group_uuid,
        'aikpem': group_aik,
        'pubekpem': ek,
        'ekcert': ekcert,
    }

    # store the key and the group UUID in a file to add to vtpms later
    with open("group-%d-%s.tpm" % (group_num, group_uuid), 'w') as f:
        yaml.dump(output, f, Dumper=SafeDumper)

    logger.info("Activated VTPM group %d, UUID %s" % (group_num, group_uuid))
    if group_num == 0:
        logger.info(
            "WARNING: Group 0 created, repeating activation again to create Group 1"
        )
        main(argv)
    else:
        # create a symlink to the most recently create group
        symlink_force("group-%d-%s.tpm" % (group_num, group_uuid),
                      "current_group.tpm")