#tpm #tss #esys #esapi

sys tss-esapi-sys

FFI wrapper around TSS 2.0 Enhanced System API

4 releases (2 breaking)

0.3.0 Feb 4, 2022
0.2.0 Jun 17, 2021
0.1.1 Mar 25, 2021
0.1.0 Mar 23, 2021

#486 in Cryptography

Download history 2266/week @ 2022-06-10 1589/week @ 2022-06-17 1224/week @ 2022-06-24 945/week @ 2022-07-01 1250/week @ 2022-07-08 1186/week @ 2022-07-15 1295/week @ 2022-07-22 1165/week @ 2022-07-29 1146/week @ 2022-08-05 967/week @ 2022-08-12 1286/week @ 2022-08-19 1167/week @ 2022-08-26 1019/week @ 2022-09-02 1266/week @ 2022-09-09 1465/week @ 2022-09-16 1057/week @ 2022-09-23

5,079 downloads per month
Used in 5 crates (via tss-esapi)


82K SLoC

TPM2 Software Stack Rust Wrapper

Crates.io Code documentation

This is the lower-level wrapper that exposes a minimal, low-level C interface to Rust to TSS.


This crate exposes an interface for the TSS Enhanced System API and thus links to libraries that expose this interface. In order to allow proper use of the ESAPI, this FFI layer includes bindings to TCTI and MU headers, and must therefore link to all of them at build time.

The paths to the libraries are discovered using pkg-config - make sure they are discoverable in this way on your system. Our build script looks for tss2-esys, tss2-tctildr and tss2-mu. A minimum version of 2.3.3 is required for all of them.

Having installed the open-source implementation libraries at /usr/local/lib (by default), it might happen that pkg-config can not find them. Run the following command if that is the case:

$ export PKG_CONFIG_PATH=/usr/local/lib/pkgconfig

The FFI bindings presented by this crate can be either those commited in the crate under src/bindings or generated on the fly from the library headers found on the system, at build time. For generating the bindings at build time please enable the generate-bindings feature, as it is not enabled by default. The build script will then identify the header files using pkg-config and generate fresh bindings from them.

NOTE: Only a limited set of bindings are committed and their target triplet is included in the name of the file - if the triplet you require is not available, feel free to raise a Pull Request to add it or to use build-time generation of bindings. All the committed bindings MUST be generated from the library version found under the vendor submodule.

Cross compiling

Cross-compilation can be done as long as you have on your build system the TSS libraries compiled for your target system of choice. We rely on pkg-config to identify the libraries which we link against. Installing tpm2-tss does yield .pc files which can be used for this purpose, but depending on the exact build environment setup, the configuration and compilation of tpm2-tss could require some special tailoring.

We include cross-compilation builds as a nightly check in Github Actions - you can find them here as an example of the steps needed. You can find more information on using pkg-config when cross-compiling here. Our wrapper script around pkg-config can be seen here.

Be advised that in some cases the linker used might need to be set manually in .cargo/config.

Copyright 2021 Contributors to the Parsec project.