OOM - Onap Operations Manager will deploy this as part of CA service
two stages
Stage 1 - Initialize TPM and exit (init.sh script is used for this case)
Stage 2 - Starts the abrmd process and keeps it running to provide the
means for application to interact wit TPM (run_abrmd.sh is used)
Make a directory /tmp/volume (mkdir -p /tmp/volume) on the Host
This directory (Sample Shared volume ABRMD_DATA) is mounted to abrmd
container and is mounted as /tmp/files/ inside container
the host's name "TPM_NODE_NAME" environmental variable
The input to this container is srkhandle(a file/environmental variable)
tpm_status.yaml (TPM State) password (for TPM Primary key,
password is encrypted using pgp and is extracted using the passphrase
(provided in shared volume))
Output of this container is the public
portion of the TPM's Primary key (out_parent_public) and the status will
be updated in the tpm_status.yaml file
Input
1.srkhandle 2.password 3.passphrase 4.tpm_status.yaml
Output
1. out_parent_public
Building Docker Images
$ docker build -t <image name> -f dockerfile .
Running ABRMD Container with Simulator
$ docker run -d --privileged -v /tmp/run/dbus:/var/run/dbus -v /tmp/volume:/tmp/files --name <container name> <image name>
Running ABRMD Container with TPM Hardware
$ docker run -d --privileged -device=/dev/tpm0 -v /tmp/run/dbus:/var/run/dbus -v /tmp/volume:/tmp/files --name <container name> <image name>
Sanity Check
Run the following command in the tools container to see if everything is setup correctly:
tpm2_listpcrs