tpm2-tss question
by Yasuhiro Hosoda
MY name is Yasuhiro Hosoda.
I am developing a program using TSS1.0(Nov1.2016).
I encountered a problem with PolicySecret error 0x98e and need help.
My program uses tpmtest.cpp as a base of development.
The situation is as follows:
1 Create TPM Keys like this.
EK
|--------
| |
MK AK
|
SK
2 Execute PolicySecret twice using HMAC session. At first, it ends
without error. Then it ends with 0x98e
For clarification, I print out the values of Virtual Handle and Real Handle.
The value of Virtual/Real Handles differ at 2nd excution of the command.
(See NO 25/26 Below)
I understand that the resource manager assigns Virtual Handle and my
program calculates HMAC using that handles.
On the other hand, TPM may calculate HMAC using Real Handle.
That is my hypothesis.
Any suggestion about the usage of Session Handle?
NO Command Virtual/Real Handle LOC
1. CreatePrimary(EK) real=80000000, virtual=80000000 8381
2. HierarchyChangeAuth1 8421
3. HierarchyChangeAuth2 8431
4. StartAuthSession(Policy) real=3000000, virtual=3000000 8480
5. PolicySecret(ENDORSEMENT) 8494
6. Create(MK) 8515
7. PolicySecret(ENDORSEMENT) 8529
8. Load(MK) real=80000001, virtual=80000001 8542
9. Evict(MK) 8552
10. Create(SK) 8590
11. Load(SK) real=80000001, virtual=80000002 8598
12. PolicySecret(ENDORSEMENT) 8609
13. Create(AK) 8635
14. PolicySecret(ENDORSEMENT) 8645
15. Load(AK) real=80000001, virtual=80000003 8655
16. FlushContext(POLICY) 8664
17. StartAuthSession(POLICY) real=3000000, virtual=3000000 8668
18. StartAuthSession(HMAC) real=2000001, virtual=2000001 8678
19. ComputeCommandHMAC(LoadExternal) real=80000000, virtual=80000004 3706
20. ComputeCommandHMAC(HMAC_Start) real=80000001, virtual=80000005 3706
21. PolicySecret(SK) 8711
22. FlushContext(HMAC) 8717
23. FlushContext(POLICY) 8724
24. CertifyCreation(SK) 8738
25. StartAuthSession(POLICY) real=3000000, virtual=3000001 8745
26. StartAuthSession(HMAC) real=2000001, virtual=2000000 8754
27. ComputeCommandHMAC(LoadExternal) real=80000000, virtual=80000005 8782
28. ComputeCommandHMAC(HMAC_Start) real=80000001, virtual=80000004 8782
29. PolicySecret(SK) 8789
The whole source program can be found here.
https://github.com/intel/tpm2-tss/files/1516612/tpmtest.cpp_0x98e_2.txt
Kind regards,
--
Yasuhiro Hosoda
NTT Electronics Corporation (NEL)
Security Support Project
2 years, 2 months
[RFC] Session Handling/Policy Support in Tools
by Roberts, William C
There are two main parts to the direction I see the tools policy/session support heading:
1. The first is cleaning up all the code around session support and policy building. I think now that I understand the topic better, I can organize this code a little better. This is rather trivial and beside the main point.
2. Since abrmd 1.3 we have support for sessions across RM IPC connections and direct tpm communications (/dev/tmp0) also has the same support. We have tools like tpm2_createpolicy that are made up of multiple
commands to work around session flushing on IPC RM disconnections. tpm2_createpolicy is really comprised of 3 commands: tpm2_startauthsession, tpm2_policypcr and tpm2_flushcontext.
I'm proposing we leave tpm2_createpolicy, for in-kernel-rm users, but add tpm2_startauthsession and tpm2_policypcr for the abrmd and direct tpm usages. Abrmd works by using Tss2_Sys_ContextSave as the
marker of NOT flushing a session handle. Granted you also need the sessionAttributes set to continue so the TPM doesn't kill it.
I think the flow for using the new tools would be something like this:
1. tpm2_createpolicy - create a pcr policy and spit out the policy digest
2. tpm2_create - create an object and set its policy digest as obtained in step 1
3. tpm2_startauthsession - create a pcr policy and spit out the session handle
4. tpm2_policypcr - satisfy policy via policy digest and pcr list obtained/used in step 1 as well as taking the session handle from step 3
5. tpm2_<tool> - use some tool passing the session handle from step 3
6. tpm2_flushcontext - flushes the handle from step 3
With that said, since tpm2_createpolicy is really a combination of the tpm2_startauthsession, tpm2_pcrlist, tpm2_policypcr and tpm2_flushcontext, all that could be moved into lib, so each new tool and
create policy are really just calling into the same code.
Thoughts, am I missing something here?
This is a lot of work, so I would like to start it now, as it would be the major feature set going towards 4.0 release.
Bill
3 years
tpm2_quote output structure
by Adrian Shaw
Hi all,
I’ve seen that this project has progressed a lot since the initial 1.0.0 release. The tpm2_quote tool output file (using the -o flag) combines both the blob and the signature. It’s not ideal, since a developer like me would want to separate it out afterwards for manual verification. Without in-depth knowledge of the TSS objects and endianess I’ve found this a bit difficult.
The master branch seems to show some preliminary support for separating the signature from the attestation data. I’d like to be able to support older versions of the TPM tools, hence I’d like to see how I could separate the data from the signature. I’ve been looking at the code and have made some custom tests but have been unsuccessful so far.
What is the format of the combined data and signature? Is there a magic value I can look for to separate them?
Many thanks,
Adrian
3 years
holiday season
by Tricca, Philip B
The holiday season is upon us and the new year is fast approaching! The Intel folks on the tpm2 project are getting ready to take some time off over the next few weeks so responses on the list and github will be delayed. Thanks to all who have participated over in 2017. We're very grateful for your work & are looking forward to another productive year ahead.
Regards,
Philip
3 years
[intel/tpm2-tools] 4b9ef1: tpm2_clearlock: add tool
by GitHub
Branch: refs/heads/master
Home: https://github.com/intel/tpm2-tools
Commit: 4b9ef1d843128fb34b6e4ccfe16dea7303230672
https://github.com/intel/tpm2-tools/commit/4b9ef1d843128fb34b6e4ccfe16dea...
Author: Emmanuel <logout(a)free.fr>
Date: 2017-12-22 (Fri, 22 Dec 2017)
Changed paths:
M Makefile.am
A man/tpm2_clearlock.1.md
A test/system/tests/clearlock.sh
A tools/tpm2_clearlock.c
Log Message:
-----------
tpm2_clearlock: add tool
The tpm2_clearlock tools is used to authorize/forbid the use of
tpm2_clear. It used TPM2_ClearControl() to set or clear disableClear
(when disableClear is set it's not possible to call TPM2_Clear()).
One can check for the status of disableClear using the tpm2_getcap tool.
The clearlock.sh test check for the behavior of this newly added tool.
Fixes: #710
Signed-off-by: Emmanuel Deloget <logout(a)free.fr>
3 years
[intel/tpm2-tools] 18d428: tpm2_createpolicy: remove un-needed variable
by GitHub
Branch: refs/heads/master
Home: https://github.com/intel/tpm2-tools
Commit: 18d428cc3aaef393e14fe3723dced8ff9eac964f
https://github.com/intel/tpm2-tools/commit/18d428cc3aaef393e14fe3723dced8...
Author: William Roberts <william.c.roberts(a)intel.com>
Date: 2017-12-22 (Fri, 22 Dec 2017)
Changed paths:
M tools/tpm2_createpolicy.c
Log Message:
-----------
tpm2_createpolicy: remove un-needed variable
is_policy_type_selected was used, but not needed. Remove it
from the tool.
Signed-off-by: William Roberts <william.c.roberts(a)intel.com>
Commit: 927f32f8864f1bd4aebd4a7741dcf2f8c7125aa3
https://github.com/intel/tpm2-tools/commit/927f32f8864f1bd4aebd4a7741dcf2...
Author: William Roberts <william.c.roberts(a)intel.com>
Date: 2017-12-22 (Fri, 22 Dec 2017)
Changed paths:
M Makefile.am
M lib/tpm2_policy.c
M lib/tpm2_policy.h
A lib/tpm2_session.c
A lib/tpm2_session.h
R lib/tpm_session.c
R lib/tpm_session.h
M test/unit/test_tpm2_errata.c
A test/unit/test_tpm2_session.c
M tools/tpm2_activatecredential.c
M tools/tpm2_createpolicy.c
M tools/tpm2_getpubak.c
M tools/tpm2_nvread.c
M tools/tpm2_nvwrite.c
M tools/tpm2_unseal.c
Log Message:
-----------
refactor session and policy designs
Split out the policy building and session initiation code.
The session code has a lot of inputs, use a builder pattern
to build a data structure with sane session defaults and
allow the caller to override if needed.
By splitting the policy building code out from session
creation, this reduces the number of arguments required
to the policy routines.
This also (finally), documents the internal APIs for session
and policy handling, and adds much needed unit tests for
session handling. Tests for policy building will be
done in subsequent patches.
Signed-off-by: William Roberts <william.c.roberts(a)intel.com>
Commit: a3565b10c849a8e32d73aa77dfd075a9f2244cba
https://github.com/intel/tpm2-tools/commit/a3565b10c849a8e32d73aa77dfd075...
Author: William Roberts <william.c.roberts(a)intel.com>
Date: 2017-12-22 (Fri, 22 Dec 2017)
Changed paths:
M Makefile.am
A lib/tpm2_openssl.c
A lib/tpm2_openssl.h
M lib/tpm2_policy.c
M lib/tpm_kdfa.c
Log Message:
-----------
openssl interface for hashing
Rather than hash the pcr digests for the final policy digest
with the tpm, which is slow, use openssl for the hashing.
This has the side affect of making the policy tests easier
to write as one doesn't have to mock the tpm hash interface
with openssl.
Signed-off-by: William Roberts <william.c.roberts(a)intel.com>
Commit: e52699a375ced5b9e6b642a751b7c6639a7e4070
https://github.com/intel/tpm2-tools/commit/e52699a375ced5b9e6b642a751b7c6...
Author: William Roberts <william.c.roberts(a)intel.com>
Date: 2017-12-22 (Fri, 22 Dec 2017)
Changed paths:
M Makefile.am
A test/unit/test_tpm2_policy.c
Log Message:
-----------
tests: add policy tests
Add unit tests for tpm2_policy_build_pcr() and
tpm2_policy_get_digest().
Signed-off-by: William Roberts <william.c.roberts(a)intel.com>
Commit: 2275011886c79f1ccab13ac281bcdb3d48e7cbd8
https://github.com/intel/tpm2-tools/commit/2275011886c79f1ccab13ac281bcdb...
Author: William Roberts <william.c.roberts(a)intel.com>
Date: 2017-12-22 (Fri, 22 Dec 2017)
Changed paths:
M test/system/tests/flushcontext.sh
Log Message:
-----------
tests/flushcontext.sh: silence tpm2_createpolicy stdout
Remove this noise from the test output.
Fixes:
tests/startup.sh ... PASSED
tests/hmac.sh ... PASSED
\TPM2_SE_POLICY: 0x33E36E786C878632494217C3F490E74CA0A3A122A8A4F3C5302500DF3B32B3B8
|TPM2_SE_POLICY: 0x33E36E786C878632494217C3F490E74CA0A3A122A8A4F3C5302500DF3B32B3B8
tests/flushcontext.sh ... PASSED
Signed-off-by: William Roberts <william.c.roberts(a)intel.com>
Compare: https://github.com/intel/tpm2-tools/compare/24556fda8138...2275011886c7
3 years