[WIP] [knx] Add support for using hardware TPM modules #15326
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
holgerfriedrich
added
the
work in progress
lolodomo
added
the
enhancement
holgerfriedrich
force-pushed
the
pr-knx-tpm
branch
3 times, most recently
from
d5b0877
to
1d8fa50
Compare
holgerfriedrich
force-pushed
the
pr-knx-tpm
branch
from
1d8fa50
to
2d18611
Compare
holgerfriedrich
force-pushed
the
pr-knx-tpm
branch
from
2d18611
to
3921519
Compare
holgerfriedrich
force-pushed
the
pr-knx-tpm
branch
from
3921519
to
2d5d5a4
Compare
holgerfriedrich
force-pushed
the
pr-knx-tpm
branch
from
2d5d5a4
to
930bd12
Compare
holgerfriedrich
force-pushed
the
pr-knx-tpm
branch
4 times, most recently
from
eafb63d
to
a66fcb5
Compare
holgerfriedrich
force-pushed
the
pr-knx-tpm
branch
from
a66fcb5
to
8953a91
Compare
holgerfriedrich
force-pushed
the
pr-knx-tpm
branch
from
8953a91
to
851ed72
Compare
holgerfriedrich
force-pushed
the
pr-knx-tpm
branch
from
851ed72
to
c0b5c51
Compare
holgerfriedrich
force-pushed
the
pr-knx-tpm
branch
2 times, most recently
from
5285dbb
to
8068b88
Compare
holgerfriedrich
force-pushed
the
pr-knx-tpm
branch
from
8068b88
to
e0d7f3b
Compare
holgerfriedrich
force-pushed
the
pr-knx-tpm
branch
from
e0d7f3b
to
e86feef
Compare
holgerfriedrich
force-pushed
the
pr-knx-tpm
branch
2 times, most recently
from
f25ee6f
to
6a50352
Compare
holgerfriedrich
force-pushed
the
pr-knx-tpm
branch
from
6a50352
to
d2c9011
Compare
holgerfriedrich
force-pushed
the
pr-knx-tpm
branch
2 times, most recently
from
450711e
to
f761f32
Compare
holgerfriedrich
force-pushed
the
pr-knx-tpm
branch
from
f761f32
to
9ae5b43
Compare
holgerfriedrich
force-pushed
the
pr-knx-tpm
branch
from
9ae5b43
to
c1d4e24
Compare
holgerfriedrich
force-pushed
the
pr-knx-tpm
branch
from
c1d4e24
to
1192718
Compare
holgerfriedrich
added
rebuild
holgerfriedrich
force-pushed
the
pr-knx-tpm
branch
from
1192718
to
3e049b4
Compare
holgerfriedrich
added
rebuild
holgerfriedrich
force-pushed
the
pr-knx-tpm
branch
from
3e049b4
to
61038dd
Compare
holgerfriedrich
force-pushed
the
pr-knx-tpm
branch
from
61038dd
to
c9485fa
Compare
Add TpmInterface, a class built on top of Tss.Java. This lib is to be included in a special way due to inconsistencies in package creation which makes it incompatible to OSGI. Signed-off-by: Holger Friedrich <[email protected]>
Signed-off-by: Holger Friedrich <[email protected]>
Signed-off-by: Holger Friedrich <[email protected]>
Signed-off-by: Holger Friedrich <[email protected]>
Signed-off-by: Holger Friedrich <[email protected]>
Signed-off-by: Holger Friedrich <[email protected]>
Signed-off-by: Holger Friedrich <[email protected]>
Signed-off-by: Holger Friedrich <[email protected]>
Signed-off-by: Holger Friedrich <[email protected]>
holgerfriedrich
force-pushed
the
pr-knx-tpm
branch
from
52024e9
to
b96f07f
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This as an attempt to store passwords for KNX secure protected by a TPM module.
The password is stored encrypted and can only be decrypted with this specific TPM.
The proof of concept was done on a Rapsberry PI with a LetsTrust TPM module on top.
knx tpm-infoandknx tpm-encrypt <password>. Output to be used instead of the password. Use space in front on the knx to avoid you password to be stored to console history.Disclaimer: Use at you own risk.
Disclaimer: Storing encrypted passwords does not bring perfect security for the password - anyone who can access your machine can use the TPM as well to decode, RPI is not a secure system, Java is not secure at all. But it is nice that you do not need to worry about disclosing you password in backups or screenshots :-)