TPM Emulator on Windows

Hello Again Today I needed a TPM (Trusted Platform Module) and my Computer don’t have any Hardware TPM to work with, So thought of working with good old Software TPM, I already have experience with TPM Emulator on Linux System but never thought of compiling one for windows.

1. Installation was pretty straight forward. I download the latest TPM emulator (the one provided by BerliOS) from there website

https://developer.berlios.de/project/showfiles.php?group_id=2491

and I used there documentation as a guide.

http://tpm-emulator.berlios.de/documentation.html

2. Next I downloaded and Install cmake for windows

http://www.cmake.org/files/v2.8/cmake-2.8.10-win32-x86.exe

3. Then Download and I installed MinGW for windows, This took a while thanx to the Awesome Speed of PTCL Broad band.

http://space.dl.sourceforge.net/project/mingw/Installer/mingw-get-inst/mingw-get-inst-20120426/mingw-get-inst-20120426.exe

4. Then I download GNU MP Libraries for windows, and extracted it to MinGW folder. (.h in include folder and .a and others in lib folders)

http://www.cs.nyu.edu/exact/core/gmp/gmp-static-mingw-4.1.tar.gz

5. Now extract the TPM Emulator source to your desired folder

6. Run CMD as Administrator (Running it as Administrator is Necessary or else the Service wont start)

7. Now Go to the Source folder and the the Script build.bat, It take few seconds to Compile.

8. After compilation copy the script control_tpmd.bat from ./tpmd/windows/ to ./build/tpmd/windows/

9. Now to install the Service, Run the Script

>control_tpmd.bat install

and you will get the output

tpm_emulator-0.7.4\build\tpmd\windows>control_tpmd.bat install [SC] CreateService SUCCESS

10. To Start TPM Emulator, Run the Script

>control_tpmd.bat start

and you will get the output similar to the one below

tpm_emulator-0.7.4\build\tpmd\windows>control_tpmd.bat start

SERVICE_NAME: tpmd         TYPE               : 10  WIN32_OWN_PROCESS         STATE              : 2  START_PENDING                                 (NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)         WIN32_EXIT_CODE    : 0  (0x0)         SERVICE_EXIT_CODE  : 0  (0x0)         CHECKPOINT         : 0x0         WAIT_HINT          : 0x7d0         PID                : 5900         FLAGS              :

11. Now you can check its progress by running command

>control_tpmd.bat status

and again you might get a similar out as below.

tpm_emulator-0.7.4\build\tpmd\windows>control_tpmd.bat status

SERVICE_NAME: tpmd         TYPE               : 10  WIN32_OWN_PROCESS         STATE              : 4  RUNNING                                 (STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)         WIN32_EXIT_CODE    : 0  (0x0)         SERVICE_EXIT_CODE  : 0  (0x0)         CHECKPOINT         : 0x0         WAIT_HINT          : 0x0

12. I am uploading my binaries (the complete build folder) to my google drive in case you don’t want to go to all this trouble to run it on windows, plus I dont know whether binaries compiled on my System would work on yours but good luck.

https://drive.google.com/file/d/0B5lEctIkedL4S3dQRm5MMlJEOTA/view?usp=sharing

I hope this works for you, If you have any questions please go ahead and leave them in comment section and I will be glad to answer them.

Advertisements

17 thoughts on “TPM Emulator on Windows

  1. I have installed the TPM Emulator according to the steps mentioned by you. But i am not able to find out the use of the TPM emulator. If I don’t have a TPM in my machine, can we use the TPM Emulator to encrypt the machine with MBAM and How?
    After installing the emulator i can only get a service running and nothing else related to the TPM. When I tried to encrypt a machines it reflects the information that the machine does not have a Compatible TPM.

    • As you said that you are not able to find the use of TPM Emulator so I am assuming you don’t know what a TPM is, for this Google around you will find some useful tutorials regarding it.

      If you have installed TPM Emulator and checked that its working (:/>control_tpmd.bat status, If not reTry again) then you can use it with MBAM, To use it with MBAM use the simple wizard, it will detect the emulator it self.

      • Working with TPM, it requires activation,initialization etc. If a machine has TPM, it will be shown in the TPM Console (tpm.msc). How can i do all these things?
        In case of the MBAM, we only need to activate the TPM. MBAM itself initializes the TPM and stores the TPM ownership hash password in its database. When I am trying to encrypt the machine, th encryption failed before initialization of the TPM reflecting does not have the TPM.
        My question how I can know that after installing the TPM Emulator I am having a virtual TPM for my machine?
        How can I use it as a protector to encrypt my machine?

  2. The service is running. But when I tried to encrypt the machine, it throws an error as “TPM hardware is missing”.
    Now as per your saying, the bitlocker agent will itself pick the emulator which is not happening in my case.
    The process looks simple and easy but it’s very hard to play with it. The only thing which I have is the Emulator service running in the background)
    Where can I get the log files for the TPM Emulator. How can I troubleshoot the issues. In simple words,, in my case, the TPM emulator is not been considered as a virtual TPM by the MBAMagent(Bitlocker Agent) to encrypt the machine(without having a TPM).

  3. Hi,
    I am also trying to work with this emulator. Performed all the steps mentioned in the website.
    Its showing that the TPMD service is running.
    But, when i have tried to encrypt the machine with MBAM, I have got the error – ‘Unable to find compatible TPM’.

  4. No luck on my end either.. I get tpmd running but it’s not recognized by TPM manager (tpm.msc) or Bitlocker. I run it in debug mode and the log it creates looks fine, says it’s running and “waiting for connections…” but windows TPM manager never finds it 😦 any ideas? Win8 here.

  5. I didn’t knew TPM-Emulator for Windows is such in demand 🙂 jokes apart I did it just to check out the bit-locker and what it can do, It worked fairly well on my machine (windows 7). I really didn’t tried it on Windows 8. I will ask a friend of mine who has windows 8 machine and will check it for all these issues and will post a band new tutorial on it.

    • MBAM doesnot works with VM as it requires a TPM. So according to your post we can have a virtual TPM so we can encrypt a VM too as like a physical machine. Am I right?
      In my case TPMD service is running. But tpm.msc results nothing for me. It reflects no compatible TPM is found.

    • Thanks for checking it out! It’s good to know it worked on W7 so it must be something different about W8, perhaps some security and/or driver change. Am eager to see what you find out!

  6. Aslam o alekum dear waqar, hope you are doing well. It is very good to know that you have used emulated TPM only to use bitlocker(i think).
    I have also visited http://tpm-emulator.berlios.de/ and downloaded packges for windows and linux. Whatever you did is awsome congrats. I have some confusions and questions regarding the use of emulated TPM your response is highly requested and acknowledged for my better understanding on this topic.
    1. Can we configure our machine to use full functional TPM, with out having a dedicated physical TPM chip, by emulated TPM, provided by berliOS. Because berliOS is asking to have a dedicated physical TPM on the machine.
    2. If i have a TPM chip embedded on my machine . Can i use this single chip for checking the integrity of two different platforms or machine.
    With Best Regards you Well Wisher kashif.

    • Walaikum Asalam

      Thanks for acknowledging my Work 🙂

      1. Yes you can use it but you will only get the functionality provided in the Emulator (I guess the emulator doesn’t provide all the functionality of Hardware TPM) but you will also have the limitation on whether after reboot the emulator Save the PCRs and reload them after reboot. I didnt checked, You can and kindly update us all about it.

      2. This is slightly confusing but I think Yes, you can use it to check the integrity of two different Machines (Assuming you mean VMs), you can check the integrity of each VM’s storage File and the Integrity of Its configurations.

      Thanx for your wishes 🙂

  7. Hello Team,

    Do we have new version which is working with Win 8 ? Or maybe a workaround how to make it integrated with TPM console .. ?

    • Its Just Me, Not Dear Team 🙂 anywho It has been sometime now that I stopped working on trusted computing, I dont think there will be any version for win 8 nor there was any before for any version of windows, I compiled the Linux’s version for Windows, You can try the same and see if it works on your version of Windows.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s