Design of tpm4java

tpm4java consists of 3 layers.

  • A high level layer, for the most common operations you do with an tpm module.
  • A low level layer, which exposes nearly all functions the tpm offers.
  • A backend, which sends the commands to the tpm.

You will usually only access the high- and low level layer to work with the tpm. The backend is used only internally.

The high level layer

The high level layer is defined in de.datenzone.tpm4java.TssHighLevel?. To get an actual implementation, you can use the following code snipplet: 

import de.datenzone.tpm4java.TssFactory;
...
TssHighLevel highLevel = TssFactory.getHighLevel();

The low level layer

The low level layer is defined in de.datenzone.tpm4java.TssLowLevel?. To get an actual implementation, you can use the following code snipplet: 

import de.datenzone.tpm4java.TssFactory;
...
TssLowLevel lowLevel = TssFactory.getLowLevel();

If you are using both layers, the high level layer implementation will always only access the tpm using the low level layer. It will never bypass this layer and submit commands directly to the tpm. So absolutely everything you do with the high level implementation can be done (with some more code) with the low level implementation too.

The tpm backend

tpm4java has currently got 2 working tpm backends and one experimental one. Some more are work in progress, but really not high priority tasks.

By default, if you don't specify and special parameters, tpm4java will try to autodetect your tpm. This should work in most cases.

The Linux backend

On linux, tpm4java will try to access the tpm using the special file /dev/tpm which is a character device for a kernel tpm driver.

So you need kernel support for your tpm chip. If you got an atmel tpm in your system, you will have to set CONFIG_TCG_ATMEL to m or y during kernel configuration.

The user which runs an application which accesses the tpm needs to have read and write permissions to /dev/tpm.

If you got another device for your tpm, you can change the device name by specifying the following command line argument: 

-Dtss.tpm=linux./dev/myTPM

Now your application will use /dev/myTPM as a tpm backend.

The Windows backend

On an Windows system, the manufacture of your tpm has to provide you with an driver for his tpm. This is usually a dll-file called tpmddl.dll. You have to place this file in your system32 subdirectory of your windows installation, if this hasn't been done by the installer before.

On the java side, you need a file called javaddl.dll which is shipped with the tpm4java distribution. You can place this in an arbitary location, but you have to specify this location during startup of your application. More informations about this can be found in the Usage document.

The Csharp backend

We developed an experimental backend which includes a c# daemon. You can find the daemon in the src_csharp directory. Think it will only work on a windows system.

You have to compile and start the daemon first. Then you can make your application use the daemon by specifying the following command line argument: 

-Dtss.tpm=cs.localhost:12321

Now, your application will contact the daemon running on localhost on port 12321, which is the default port for the moment. You can change localhost to any other hostname, where you got the c# daemon running.