Possible TPM uses in fprintd/libfprint
by Benjamin Berg
Hi,
I was wondering if someone has ideas about integrating the TPM with
Fingerprint readers.
Recently I started looking into supporting Secure Device Connection
Protocol (SDCP, [1]) in libfprint. The general idea is to verify that
the Fingerprint reader can be trusted, but I initially also imagined
that further use-cases like unsealing data in a TPM may be possible
(e.g. to retrieve disk encryption keys).
However, looking into it more, my current conclusion is that there is
little to no advantage to use the TPM. At least not unless one also has
a trusted (userspace) program which is capable of signing TPM
authorizations. One could easily offload the required parts into a
small helper, but that may require ensuring it runs in a trusted
execution environment.
Microsoft seems to run relevant parts as trustlets that are walled off
from the rest of the system. That seems sensible to me, but it also
means requiring all the infrastructure for execution and signing and I
doubt that is feasible currently.
Right now I'll probably go the way of not using the TPM at all. But I
am really not an expert for this. So should someone see scenarios where
a TPM is actually helpful in this context, then I would like to hear
about them.
Benjamin
PS: A quick summary of how SDCP works:
* Device has a private ECC key that signs the firmware and ephemeral
keys during boot (and is inaccessible afterwards)
* A certificate proofs that this key was provisioned in factory
* Device builds a shared secret with the host (s)
* Device sends id, HMAC_SHA256(s, "identify" || nonce || id)
when the finger "id" was presented.
* The HMAC proofs knowledge of the shared secret and authorizes the
print.
[1] https://github.com/microsoft/SecureDeviceConnectionProtocol/wiki/Secure-D...
1 week, 2 days
IMA determinism
by Eduardo Falcão
Hi folks
I know this is not a TPM doubt, but it's related and some people may have had this issue.
Is there some form to make the digest collected through IMA deterministic? I rebooted my system several times, and on the very beginning of system initialization I've noticed the hash in PCR 10 of TPM is changing. The number of lines initializes equally, but it seems that the order the programs are ran always changes.
Any ideas for overcoming this issue?
[]'s
1 year, 10 months
TPM 2.0 hardware error DA lockout mode
by Chenxi Z
I have the exactly same issue as https://superuser.com/questions/1404738/tpm-2-0-hardware-error-da-lockout...
TPM2 tools version v1.1
Tried clearing ownership:
linux-host:~ # tpm2_takeownership -c -L lockpass
ERROR: Clearing Failed! TPM error code: 0x921
Tried clearing dictionary lockout:
linux-host:~ # tpm2_dictionarylockout -c -P lockpass
ERROR: 0x921 Error clearing dictionary lockout.
Neither works.
The error id decode says:
linux-host:~ # tpm2_rc_decode 0x921
error layer
hex: 0x0
identifier: TSS2_TPM_RC_LEVEL
description: Error produced by the TPM
format 0 warning code
hex: 0x21
name: TPM2_RC_LOCKOUT
description: authorizations for objects subject to DA protection are not allowed at this time because the TPM is in DA lockout mode
Can't figure out how to get out of this lockout state. Has someone came across same error before? How to fix it? Thanks.
1 year, 12 months
Re: Question: How should I provide "OwnerAuth" on Windows?
by Thompson, Kent
Based on some limited debugging on Windows 10 1809, it appears that Windows does not require the owner auth. Running the application "as administrator" and providing an empty TPM2B_AUTH (with auths[0].sessionHandle = TPM2_RW_PW) allows me to successfully call functions like...
Tss2_Sys_NV_DefineSpace
Tss2_Sys_NV_UndefineSpace
Tss2_Sys_NV_ReadPublic
Tss2_Sys_NV_Write
Tss2_Sys_StartAuthSession
Tss2_Sys_PolicySecret
Tss2_Sys_Create
Tss2_Sys_FlushContext
Tss2_Sys_PolicySecret
Tss2_Sys_Load
Tss2_Sys_EvictControl
2 years
[ANNOUNCE] Command TCTI
by Roberts, William C
Hello,
I'd like to highlight the command tcti's inclusion into the TSS:
- https://github.com/tpm2-software/tpm2-tss/pull/1734
What's really cool, if you have tpm2_send on master post PR 2094:
- https://github.com/tpm2-software/tpm2-tools/pull/2094
You can use it to run commands on remote machine. For instance, you can
Run a tpm command over an SSH tunnel on a remote machine to get the
quote. There will be no endianness issues in anything and no worries of
how to transmit the data.
Another great perk, is that if your device node has a too old version
of tpm2-tools, you can just issue a partial update to tpm2_send, or provide
some other command suitable. For most devices, something that
can read and write a file might be useful, not really sure offhand what
that would look like in entirety.
Example invocation:
tpm2_getrandom -T "cmd:ssh localhost tpm2_send" --hex 4
Thanks,
Bill
2 years
Re: Sharing TPM 2.0 between containers with access policy
by Roberts, William C
> -----Original Message-----
> From: Oleksii Moisieiev <Oleksii_Moisieiev(a)epam.com>
> Sent: Thursday, June 18, 2020 1:21 PM
> To: Struk, Tadeusz <tadeusz.struk(a)intel.com>
> Cc: tpm2(a)lists.01.org
> Subject: [tpm2] Re: Sharing TPM 2.0 between containers with access policy
>
> Hello Tadeusz.
>
> Thank you for the answer.
> I've done some investigation and found that passing device /dev/tpmrm0 to the
> containers will do the job. Also problem with tpm_clear can be solved by
> restriction owner access to the tpm. So each container can use keys in TPM but
> talk to owner if any changes is needed.
>
> I have another question: According to the documentation - TPM is having unique
> endoresement key, embedded to the device during manufacturing. So each
> module can be identified by this key.
> How can I retrieve this key embedded to the TPM module?
Only the endorsement hierarchy primary seed (EPS) is embedded at manufacturing time. So
Calls to tpm2_createprimary with the proper inputs will yield the same key every time. Calls
to tpm2_createek should create this for you. The calls to tpm2_getekcertificate should give you
that manufacturer certificate.
Details on this process can be found in this spec:
- https://trustedcomputinggroup.org/wp-content/uploads/Credential_Profile_E...
>
> Best regards,
> Oleksii.
> ________________________________
>
> From: Tadeusz Struk <tadeusz.struk(a)intel.com>
> Sent: Friday, June 5, 2020 8:16 PM
> To: Oleksii Moisieiev <Oleksii_Moisieiev(a)epam.com>; tpm2(a)lists.01.org
> <tpm2(a)lists.01.org>
> Subject: Re: [tpm2] Sharing TPM 2.0 between containers with access policy
>
> On 6/5/20 12:52 AM, Oleksii Moisieiev wrote:
> > Hello all,
> >
> > I have an embedded device, with Docker containers based architecture.
> > This device is operating by software, installed in separate containers.
> >
> >
> > I would like to share TPM2.0 access between this containers with the
> > following restrictions:
> >
> > 1) Forbid Clear TPM command for the containers;
> > 2) Each container should have an access only to the set of keys it owns.
> > 3) Each container can create keys, but not overwrite existing keys
> > that does not related to this container.
> >
> > According to the "TCG TSS 2.0 TAB and Resource Manager Specification"
> > - TPM Resource manager doesn't implement access restrictions right now.
>
> I think you could run a separate instance of RM in per container to get
> 2 & 3. As for 1, this would need to be prevented on a platform configuration level,
> like in BIOS or equivalent.
>
> Thanks,
> --
> Tadeusz
2 years