TSS.MSR / TSS.NET - How can I list persistent handles on a TPM2 device via C#?

Warrick Wilson 0 Reputation points
2024-12-04T16:32:15.3266667+00:00

If I am on Linux, with the tpm2-tools installed, I can run a tpm2_getcap handles-persistent command and get a list of persistent handles, like:

  • 0x81000001
  • 0x81010001

I want to do the same thing on Windows with an enabled TPM2. Ideally, I'd like to do this programmatically in C#, likely using TSS.NET (I guess). However, I can't find a decent sample that gives this information (at least in a way I can understand it). I tried the GetCapabilities sample, but that doesn't cover Cap.Handles.

Anyone have a suggestion on how I might do this, or another way to approach the issue?

.NET
.NET
Microsoft Technologies based on the .NET software framework.
4,004 questions
C#
C#
An object-oriented and type-safe programming language that has its roots in the C family of languages and includes support for component-oriented programming.
11,143 questions
Windows 10 Security
Windows 10 Security
Windows 10: A Microsoft operating system that runs on personal computers and tablets.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
2,961 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Warrick Wilson 0 Reputation points
    2024-12-04T16:56:54.0766667+00:00

    Ah, found something in a subsequent search that sorted out my issue:

    ICapabilitiesUnion caps;
    tpm.GetCapability(Cap.Handles, 0x81000000, 32, out caps);
    var handles = (HandleArray)caps;
    var tpmHandles = handles.handle;
    
    Console.WriteLine($"Found the following handles:");
    int index = 0;
    foreach (var handle in tpmHandles)
    {
        var handleValue = handle.handle.ToString("X");
        var handleType = handle.GetType().ToString();
        Console.WriteLine($"{index++}: {handleValue} type:{handleType}");
    }
    

    That creates the following output, which is what I was looking for:

    Checking for TPM2 Persistent Handles
    Found the following handles:
    0: 81000001 type:Persistent
    1: 81000002 type:Persistent
    2: 81000009 type:Persistent
    3: 81010001 type:Persistent
    4: 81800001 type:Persistent
    5: 81800002 type:Persistent
    
    0 comments No comments

  2. Warrick Wilson 0 Reputation points
    2024-12-04T17:00:35.2733333+00:00

    Ah, found something in a subsequent search that sorted out my issue:

    ICapabilitiesUnion caps;
    tpm.GetCapability(Cap.Handles, 0x81000000, 32, out caps);
    var handles = (HandleArray)caps;
    var tpmHandles = handles.handle;
    Console.WriteLine($"Found the following handles:");
    int index = 0;
    foreach (var handle in tpmHandles)
    {
        var handleValue = handle.handle.ToString("X");
        var handleType = handle.GetType().ToString();
        Console.WriteLine($"{index++}: {handleValue} type:{handleType}");
    }
    

    That creates the following output, which is what I was looking for:

    Checking for TPM2 Persistent Handles

    Found the following handles:

    0: 81000001 type:Persistent

    1: 81000002 type:Persistent

    2: 81000009 type:Persistent

    3: 81010001 type:Persistent

    4: 81800001 type:Persistent

    5: 81800002 type:Persistent

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.