Skip to main content

OpenSecurityTraining2: TC2202 TPM 2.0 Programming using Python and the tpm2-pytss libraries

TPM 2.0 Programming using Python and the tpm2-pytss libraries


OpenSecurityTraining2
View Course

About This Course

This course provides a comprehensive introduction to Trusted Platform Module (TPM) 2.0 programming using the Python-based tpm2-pytss library. Designed for developers, security engineers, and researchers, the course covers both foundational TPM 2.0 concepts and practical hands-on development techniques for interacting with TPM hardware and simulators.

Students will learn the architecture and security goals of TPM 2.0, the structure of TPM objects, and how to work with cryptographic keys, non-volatile storage, platform configuration registers (PCRs), and authorization policies. Through the use of the tpm2-pytss library, participants will develop Python applications that interface with the TPM to perform tasks such as key provisioning, sealing and unsealing secrets, attestation, and policy-based access control.

Some topics covered in the course are:

  • Enhanced System API aka ESAPI in Python
  • Feature API aka FAPI in Python
  • Creating Keys and other TPM 2.0 Objects using FAPI and ESAPI
  • Using PCRs
  • Encrypted Sessions to protect traffic from hackers
  • Audit Sessions
  • HMAC Sessions for protecting passwords and providing integrity
  • tpm2-pytss bindings to libpolicy for flexible JSON based polcies
  • Credential Activation process even without TPMs
  • Object Protections and using them to send keys from remote servers
  • Handling Endoresement Keys
  • Serializing and Deserializing TPM data structurs
  • Converting native TPM 2.0 Key formats to PEM and DER
  • Writing Custom TCTIs in Python
  • Conclusionary video covering lessons learned and mistakes made by the author

Requirements

You should take TC1101 and TC1102 before taking this course. However, this is a soft requirement, I believe, while this is an intermediate course, that students can complete the course successfully. However, the foundational knowledge presented in those courses is helpful.

Frequently Asked Questions

What learning paths is this class used in?

This course is useful for those interested in the following paths:

  • Trusted Computing and TPM 2.0 Security – foundational for understanding hardware-backed cryptographic trust.
  • Secure Application Development – building applications that leverage TPM for key protection, sealing, attestation, and policy enforcement.
  • System and Platform Security Engineering – integrating TPMs into secure boot, integrity measurement, and device identity.
  • Python Security Tooling – using Python to rapidly prototype and interact with low-level hardware security primitives.
  • TCG Ecosystem and Specification Development – for those contributing to or aligning with Trusted Computing Group standards.

Course Staff

Bio Pic!

William "Bill" Roberts

William Roberts is a security researcher and software engineer known for his work in the TPM 2.0 space. He is a core maintainer in the tpm2-software organization, where he leads development on the tpm2-pytss Python bindings and contributes heavily to the tpm2-tss C library. His work focuses on making TPM 2.0 functionality more accessible to developers, bridging low-level security features with modern programming interfaces and tools.

  1. Course Number

    TC2202

  2. Classes Start

Enroll