Possible TPM uses in fprintd/libfprint
by Benjamin Berg
Hi,
I was wondering if someone has ideas about integrating the TPM with
Fingerprint readers.
Recently I started looking into supporting Secure Device Connection
Protocol (SDCP, [1]) in libfprint. The general idea is to verify that
the Fingerprint reader can be trusted, but I initially also imagined
that further use-cases like unsealing data in a TPM may be possible
(e.g. to retrieve disk encryption keys).
However, looking into it more, my current conclusion is that there is
little to no advantage to use the TPM. At least not unless one also has
a trusted (userspace) program which is capable of signing TPM
authorizations. One could easily offload the required parts into a
small helper, but that may require ensuring it runs in a trusted
execution environment.
Microsoft seems to run relevant parts as trustlets that are walled off
from the rest of the system. That seems sensible to me, but it also
means requiring all the infrastructure for execution and signing and I
doubt that is feasible currently.
Right now I'll probably go the way of not using the TPM at all. But I
am really not an expert for this. So should someone see scenarios where
a TPM is actually helpful in this context, then I would like to hear
about them.
Benjamin
PS: A quick summary of how SDCP works:
* Device has a private ECC key that signs the firmware and ephemeral
keys during boot (and is inaccessible afterwards)
* A certificate proofs that this key was provisioned in factory
* Device builds a shared secret with the host (s)
* Device sends id, HMAC_SHA256(s, "identify" || nonce || id)
when the finger "id" was presented.
* The HMAC proofs knowledge of the shared secret and authorizes the
print.
[1] https://github.com/microsoft/SecureDeviceConnectionProtocol/wiki/Secure-D...
2 months, 3 weeks
Calculating name of created AK- server side
by kuba.michal.n@gmail.com
Hello!
I would like to know if it is possible to calculate name of AK generated by host on a remote server? I have read about remote attestation. To ensure the AK matches EK we have to make credential using name of the AK. To achieve this we have to either:
a) calculate name of the AK on server
b) receive name of the AK from host and believe it's a name for a proper AK
Am I missing something?
I have searched for explanation in docs posted on TCG's site, but I just can't find anything useful for nameAlg.
I would be thankful for any help or advice :D
3 months, 2 weeks
[RFC] OpenSSL 3.0 Integration (tpm2-openssl) for Review
by Petr Gotthard
Hello,
As you probably already know, a new OpenSSL 3.0 is under development, which will heavily change the API for integrating external cipher providers, such as the TPM2. "Engines" will be replaced by "Providers".
To pioneer this change I refactored the tpm2-tss-engine into a Provider, which is now available as a new project:
https://github.com/tpm2-software/tpm2-openssl
It works with the latest OpenSSL master branch (to be openssl-3.0.0-alpha13) only.
The TPM2 Provider retains most functions of the TPM2 Engine (ECC is yet to be implemented) and preserves the 'TSS2 PRIVATE KEY' file format. In addition to that, the new API enabled some cool features, such as signatures using a restricted signing key or a direct usage of handles to persistent keys. A full list of currently available features is in the project README.md file.
Are there any other TPM2 features that should be available via the OpenSSL 3.0?
Right now the OpenSSL 3.0 is in an "alfa" phase, which allows API changes. This is an ongoing opportunity for us to make sure the OpenSSL API has all the functions the TPM2 needs, because the integration is not always straightforward. Once a "beta" phase is reached only bug fixes will be allowed and new features or breaking changes will have to wait. Thus, we should integrate and test as much as we can before the OpenSSL feature freeze.
Please, review the README.md and/or test the Provider (project tpm2-openssl) and create a new GitHub Issue if you are missing something or if something does not work as expected. Of course, other feedback is welcome too.
Kind Regards,
Petr
1 year, 7 months
Error on service tpm2-abrmd start
by Kenneth Goldman
Two questions actually, trying to run the Intel TSS with a SW TPM
1
Instructions for a project say to run
service tpm2-abrmd start
When I do that, I get
* Starting TPM2 Access Broker and Resource Management Daemon tpm2-abrmd
** (process:19039): WARNING **: 18:06:45.480: tcti_conf before:
"device:/dev/tpm0"
** (tpm2-abrmd:19039): WARNING **: 18:06:45.488: tcti_conf after:
"device:/dev/tpm0"
Refusing to run as root. Pass --allow-root if you know what you are doing.
This probably fails because I don't have /dev/tpm0,ight?
2
Later instructions says to
sudo -u tss /usr/local/sbin/tpm2-abrmd --tcti=mssim &
which fails because I don't have tpm2-abrmd. I did install the packages -
Ubuntu 20.
3
Finally, if I'm using the SW TPM, can I simply skip the abrmd complexity
and somehow point the Intel TSS to the SW TPM socket.
--
Ken Goldman kgoldman(a)us.ibm.com
914-945-2415 (862-2415)
1 year, 7 months
policies in conjunctive normal form
by narcis2004@yahoo.com
Question: is it possible to structure a policy using tpm2-tools in the following form?
policy = (a OR b) AND (c OR d)
- where a, b, c, d are simple pcr policies.
I tried this, and apparently creating an *AND* of policy *OR* did not work as i thought. "and.policy" will contain the hash of the second tpm2_policyor instead of generating a new hash
tpm2_startauthsession --session session.ctx
tpm2_policyor --session session.ctx sha256:a.policy,b.policy
tpm2_policyor --session session.ctx sha256:c.policy,d.policy --policy and.policy
tpm2_flushcontext session.ctx
Plan B would be to structure the policy in the equivalent disjunctive normal form, which works but is less scalable. i.e.:
policy = (a AND c) OR (a AND d) OR (b AND c) OR (b AND d)
Thanks,
Narcis
1 year, 7 months
[RELEASE] tpm2-abrmd 2.4.0
by Roberts, William C
Hello,
I would like to announce the release of tpm2-abrmd version 2.4.0 with the following changelog:
2.4.0 - 2021-02-08
Added
- configure option --enable-asan which will cause the build to produce
ASAN enabled binaries.
- CI runs with clang enable asan for tests.
- Service start depends on systemd device unit: dev-tpm0.device.
- Testing support with swtpm.
Fixed
- Numerous memory leaks.
- udev settle service deprecation warnings.
- StandardOutput=syslog deprecation warnings.
Changed
- StandardOutput=syslog removed from systemd service file as syslog is
deprecated since systemd version 246.
- Requires tpm2-tss version 2.4.0 or greater for udev TAG=systemd rules.
Removed
- valgrind configure options.
- usage of udev settle service.
The release can be found here:
https://github.com/tpm2-software/tpm2-abrmd/releases/tag/2.4.0
Thanks,
Bill
1 year, 7 months
