This proxy project is made to serve a purpose of providing a general method of providing a proxy service, which gets it key material from a Trusted Platform Module (TPM). This method has a built in advantage, of the project does not use any external sensitive secrets, such as imported keys. The secrets are stored within the TPM, and because of the design of TPMs non accessible keystorage, the key material should be perfectly safe, even if the proxy would be open to the outside internet entirely. (Do not still do this for obvious reasons...)
With this method, the proxy can be trusted to be unforgeable and bound to physical object, due to the TPM capabilities. Only way to impersonate the proxy would be to steal the device and use it elsewhere.
This section defines the environment of the Proxy setup and displays the needed step to setup similar environment of virtual TPM lab.
The proxy environment is deployed to a virtual TPM Docker container, for the ease of development. For production usage, a real TPM environment with physical hardware would be used.
The used Docker image for the TPM simulator can be found with this link: https://github.com/nokia/TPMCourse/tree/master/alpine
This container has a ready made environment to use tpm2 commands for the proxy program via Python.
The environment can be started with Docker compose:
docker compose up --buildNow the proxy is usable within the Docker container and can utilize the TPM tools for the signing and other functions without a worry of damaging the systems own TPM.