Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Added TPM user examples #20

Open
wants to merge 3 commits into
base: kirkstone
Choose a base branch
from
Open

Added TPM user examples #20

wants to merge 3 commits into from

Conversation

vishnusudhan
Copy link
Contributor

Hi @rjfendricks ,

This PR has the TPM user examples which is maintained under /etc/tpm/user-examples

@vishnusudhan vishnusudhan self-assigned this Oct 26, 2023
exit 1
fi

cmpare_value=$(cmp -s $file_to_check pcr16.dat; echo $?)

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think we need to compare the pcr16.dat and pcr_extend.dat. For one, they are likely to be the same as they were generated at the same time. Second, when setting a per policy, I believe the current PCR state is used for the policy if you don't pass in a value.

Copy link
Contributor Author

@vishnusudhan vishnusudhan Oct 27, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We will remove this step.
Instead to check measure boot , we will compare as like below to create the policy,

Measured boot check using tpm2_policypcr api carried out by comparing current state value with the measured.pcrvalues value; this is done by TPM internally.

if tpm2_policypcr -S session1.dat -l sha256:$pcr_index -f measured.pcrvalues;

# Start a policy auth session used when authenticating with a policy.
tpm2_startauthsession --policy-session -S session1.dat

# PCR Policy gets satisfied by comparing the current state value with the passed-in value; this is done by TPM internally.

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this just a check of the current policy?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We have modified the current comparison with measure pcr value. inorder to allow the creation of the policy, when ,measured boot is satisfied.

tpm2_createpolicy --policy-pcr -l sha256:$pcr_index -L policy16.pcr

# Define the NV index with the policy of the current PCR state
if tpm2_nvdefine $nv_index -L policy16.pcr; then

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why aren't we setting the size here? Without specifying the size, it will default to 2048 per the documentation for this command. Should we set the size manually instead?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We are moving this NV define to respective NV_Write script , in-order to maintain separate NV index & size.

By default, if size parameter not specified then default 2048 will get assigned. if needed we can assign like -s {size(in bytes)}

Maybe we can use it for AES 256 key examples as -s 32


# Define the filename you want to check
file_to_check="pcr_extend.dat"
pcr_file="pcr16.dat"

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we rename this to measured.pcrvalues? This way the example will closely follow other tutorial I've seen online, and it's also clear that this is the measured value in the context of measured boot.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we will update in the latest script

output_file="aes-key"

# Read the AES-256 key from the TPM NV index with the specified PCR policy
if tpm2_nvread $nv_index -P pcr:sha256:$pcr_index -s 768 > $output_file; then

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why is 768 for the AES example and 568 is used for each chunk in the rsa example?

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Where is the documentation for limits not the size for an nvread or nvwrite command?

Copy link
Contributor Author

@vishnusudhan vishnusudhan Oct 27, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For AES , we wrongly taken the full NV read/write size of 768(as declared in the Infineon-SLB 9670VQ2.0-DataSheet-v01_04-EN.pdf (already mailed )) mentioned under key features.

Up to 768 Byte for NV read or NV write

For AES, We will fix 32bytes as size allocation on the NV & read the 32 bytes alone , instead of using full NV size(768 bytes)

For RSA, as you suggested we will use maximum offset (768bytes) & calculate segment to write & read.


# Calculate the size of the key content and split it into three segments
content_size=$(wc -c < key.pem)
segment_size=$((content_size / 3))

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why is segment size being used here but not when defining he offset? If the size limit is fixed, then the offset should be used to determine the number of segments?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As you suggested we will use maximum offset (768bytes) & calculate segment to write & read.

#!/bin/bash

#PCR index, NV index, and output file for the AES-256 key
pcr_index=10

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we rename this to incorrect_pcr_index to make it very clear?

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This applies to both error scripts

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We will update in latest script

@@ -0,0 +1,13 @@
#!/bin/bash

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Rename the error scripts to use "error" instead or "err" in name.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We will rename the scripts as per your suggestion.


#PCR index, NV index, and output file for the AES-256 key
pcr_index=10
nv_index=0x1400004

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For all scripts we should add a comment indicate that this value needs to be manually set by the user to specify the location in the TPM.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We will update in latest script

#!/bin/bash

# Define the TPM NV index and PCR index
nv_index=0x1400004

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we revise the scripts to use different indices, os if a user tries to run both, they are not overwriting the contents.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We can change over NV indices in separate scripts (AES, RSA, passphrase), as suggested to overwriting of the contents.

@vishnusudhan
Copy link
Contributor Author

Hi @rlysecky ,

In few scripts , we are modifying the below changes,

  1. In tpm_policy_creation script, in-order to store the measured pcr value , for first time after storing, we are requesting user to reboot & exiting the script . is it fine? or we can continue the first time alone without exiting.
    upon reboot / from the second time we are checking the measure pcr value & current pcr value to check the measure boot & allowing to create policy pcr.

if [ -e "$file_path" ]; then
echo "File $file_to_check exists in the script's directory."
else
echo "File $file_to_check does not exist in the script's directory, creating measured.pcrvalues file."
cp pcr16.dat measured.pcrvalues
echo "reboot the device"
exit 1
fi

For reboot case, user needs to run tpm_policy_creation script atleast 2 times to create the policy pcr.

  1. For normal NV read/Write cases , Shall we inform the user to run the tpm_policy_creation script every-time before running nv read/write scripts? so measured boot will always happen.

  2. NV define's are going to be moved to the respective NV_write scripts ,as we are planning to declare separate NV indices.

@rlysecky
Copy link

  1. I don't think a reboot should be needed. The assumption is that measured boot is enabled. The check for a zero value in the PCR should be enough. There shouldn't need to be a manual check for the measured boot state. The policy itself will enforce this. Why does the session creation need to happen two times?
  2. Why can't we store the policy file rather than recreate it each time?
  3. This seems ok

@vishnusudhan
Copy link
Contributor Author

  1. I don't think a reboot should be needed. The assumption is that measured boot is enabled. The check for a zero value in the PCR should be enough. There shouldn't need to be a manual check for the measured boot state. The policy itself will enforce this. Why does the session creation need to happen two times?
    Solution: Ok. We will not request user to reboot and will allow to create the policy at the very first time itself.
  1. Why can't we store the policy file rather than recreate it each time?
    Solution: We are storing the policy file and we are not recreating.
    As we wanted to check the measured boot case after every reboot, we thought to have the tpm_policy_creation script run every time before using NV read/write operations.
  1. This seems ok

@vishnusudhan vishnusudhan requested a review from rlysecky October 27, 2023 15:41
@vishnusudhan
Copy link
Contributor Author

Hi @rlysecky ,

Scripts updated as per review comments & ready for review.

ReadME.md needs to be updated.

@vishnusudhan
Copy link
Contributor Author

Hi @rlysecky ,

Updated README.MD file

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants